Exporting NetFlow data from a Mikrotik router
- Firstly, download the installer for ManageEngine Netflow Analyzer from https://www.manageengine.com/products/netflow/download.html and install it on your PC or server.
- You can leave the port settings as default. Do take note however, if you’re installing it on your Virtual Private Server (VPS) or a server somewhere, make sure that you have the correct ports opened on your firewall.
- Once you have finished installation, navigate to http://localhost:8080 or the file directory location you have the app installed and login with Username: admin Password: admin and this is what you should see:
- As you can see no devices are exporting Netflow / sFlow data at this stage since we have not yet configured any, but the application is now listening on port 9996 which is what we want.
- To access your Mikrotik device, you can opt to use Secure Shell (SSH) or Telnet.
- Once you are in the Command line Interface (CLI) of your Mikrotik router, run the following command:
/ip traffic-flow <Press enter>
/ip traffic-flow> set enabled=yes interface=ether3-local-slave <Press Enter>
/ip traffic-flow> target <Press Enter>
/ip traffic-flow target> add address=192.168.0.10:9996 disabled=no version=9 <Press Enter>
- Replace the IP address with the NetFlow Analyzer host IP address and interface you want the traffic flow.
- Once you have done this, go back to your Netflow Analyzer webpage at localhost:8080 and refresh the page, you should see that previous error message is gone and there is now a pie graph and a couple of other stats, and it should look something like this:
- And if you decide to go click on your device name, and look around a bit, you will find all sorts of useful info such as source and destination traffic, applications etc.