MikroTik RouterOS supports flow-based network traffic analysis using Traffic Flow, which is similar to IPFIX or NetFlow. To configure Traffic Flow on a MikroTik RouterOS device, follow these steps:
Access the router CLI
Connect to your MikroTik router via SSH or a console cable. If connecting via SSH, use a tool like PuTTY or the built-in SSH client in your terminal, and enter the router's IP address, username, and password to log in.
Enable Traffic Flow
Enter the following command to enable Traffic Flow on the router:
/ip traffic-flow set enabled=yes
Configure Traffic Flow settings
To configure Traffic Flow settings, including the interface(s) to monitor and the IP address and port of the remote flow collector, use the following commands:
/ip traffic-flow target add address=x.x.x.x:yyyy version=10
/ip traffic-flow interfaces add interface=INTERFACE_NAME
x.x.x.x with the IP address of your flow collector,
yyyy with the desired port number for the flow collector (e.g.,
4739 for IPFIX), and
INTERFACE_NAME with the name of the interface you want to monitor (e.g.,
Configure Traffic Flow cache settings: If you want to customize the cache settings for Traffic Flow, such as timeouts and cache size, use the following command:
/ip traffic-flow set cache-entries=4096 active-flow-timeout=1m inactive-flow-timeout=15s
Adjust the values for
inactive-flow-timeout as needed.
Save the configuration
To save your configuration changes, use the following command:
/system configuration save
Verify the configuration
To verify that Traffic Flow is configured correctly and exporting flow data, use the following command:
/ip traffic-flow print
This command should display the Traffic Flow settings you just configured.
Once you have completed these steps, your MikroTik RouterOS device will start exporting flow data using Traffic Flow (similar to IPFIX) to the specified ElastiFlow Unified Flow Collector. Make sure your flow collector is set up to receive and process the exported data for analysis and monitoring purposes.