Skip to main content
Version: 7.6

General Configuration

Licensing

NetObserv Flow is available in four license tiers. The license tier determined a number of collector attributes, including the volume of flow records the collector can process (flow records per second), as well as which information elements (IEs) are supported.

FeaturesCommunityBasicStandardPremium
IElimitedsinglemultimulti
IPFIX8345048354835
Netflow15251916131613
sFlow187206939939
AWS VPC Flow Logs37373737
note

The Community license is limited to 500 flow records/second.

note

The flow records per second limit for the Community and Basic license applies to the person or entity accepting the license. It does not allow for running multiple instances.

info

The flow records per second available with a Standard or Premium license is determined by the license key. This volume may be split between multiple instances of the collector, as long as the total volume does not exceed the flow records per second allowed by the license.

By default the flow records per second will be set based on the provided license key. However, this volume can be configured manually for each instance. This is usually done when it is desired to use multiple instances of the collector. For example, a subscription for 16,000 flow records per second can be split into 2 instances, of 8,000 flow records per second each, by setting EF_LICENSE_FLOW_RECORDS_PER_SECOND: 8000 for each instance. If set to a value greater than allowed by the license key, the instances will be started with the flow records per second from the license key.

Requesting a License

You can request a Basic License via the ElastiFlow website. This license will be good for one year, after which it can be renewed by requesting a new license.

You can also request a 30-day Premium Trial License via the ElastiFlow website. This license can only be renewed with approval of ElastiFlow. To request an extension, please send an email to sales@elastiflow.com.

The license key for ElastiFlow Standard and Premium Tier customers will be made available through our support system. A ticket will be opened, from which an authorized user can download the license key.

Adding a License

The following is an example of a license configuration, as defined in a docker-compose file:

EF_LICENSE_ACCEPTED: 'true'
EF_ACCOUNT_ID: '606abcdefe3546eee123456a'

EF_LICENSE_KEY: 'eyJhbGciOiJIUzI1HghIEjTUI6IkpXVCJ9.eyJhdWQiOiJKNHHFYTFKNJKHgkjKjknhLjKJkhyiiutUYfyrdIutKjsYXN0aWZsb3ciLCJzdWIiOiI2MDNkODUwMDMzZDg2YjA3OTE5YjE5Y2EiLCJjb3IiOjEyOCwibHZsIjo5fQ.FQtYWSWutfjn9q6876GHgf5fghir45vsuDnxrDldbd7xR8'

and as defined in the systemd configuration:

export EF_LICENSE_ACCEPTED=true
export EF_ACCOUNT_ID=606abcdefe3546eee123456a

export EF_LICENSE_KEY=eyJhbGciOiJIUzI1HghIEjTUI6IkpXVCJ9.eyJhdWQiOiJKNHHFYTFKNJKHgkjKjknhLjKJkhyiiutUYfyrdIutKjsYXN0aWZsb3ciLCJzdWIiOiI2MDNkODUwMDMzZDg2YjA3OTE5YjE5Y2EiLCJjb3IiOjEyOCwibHZsIjo5fQ.FQtYWSWutfjn9q6876GHgf5fghir45vsuDnxrDldbd7xR8

For a complete description of all common and flowcoll-specific license configuration options, please refer to the Configuration Reference.

Logging

By default NetObserv Flow can be configured to log to stdout or to a file. It can also be configured to log with json or console formatting. If logging to a file, log rotation can be configured to manage the volume of logs. For a complete description of all logging configuration options, please refer to the Configuration Reference.

UDP Input

NetObserv Flow receives IPFIX, Netflow and sFlow network flow records and telemetry over UDP. By default the collector listens on all interfaces of the system where it is running. However it can be configured to listen on only a specific interface. The default UDP listening port is 9995, which can also be configured.

It is recommended that the collector be configured to request a larger than default receive buffer size. The size, in bytes, that the collector will request be created by the operating system kernel is configurable. If this value exceeds the maximum allowed buffer size (net.core.rmem_max on Linux), the maximum allowed size is used.

Received UDP PDUs are queued prior to being processed by an available decoder. This allows the collector to better handle temporary spikes of received packets without losing data. The default size of the queue is 512. This can be overridden using EF_FLOW_PACKET_STREAM_MAX_SIZE. For a complete description of all UDP input configuration options, please refer to the Configuration Reference.