Mikrotik

Netflow Analyzer with Mikrotik

52 views June 13, 2017 admin 0

Exporting NetFlow data from a Mikrotik router

  • Firstly, download the installer for ManageEngine Netflow Analyzer from https://www.manageengine.com/products/netflow/download.html and install it on your PC or server.
  • You can leave the port settings as default. Do take note however, if you’re installing it on your Virtual Private Server (VPS) or a server somewhere, make sure that you have the correct ports opened on your firewall.
  • Once you have finished installation, navigate to http://localhost:8080 or the file directory location you have the app installed and login with Username: admin Password: admin and this is what you should see:

  • As you can see no devices are exporting Netflow / sFlow data at this stage since we have not yet configured any, but the application is now listening on port 9996 which is what we want.
  • To access your Mikrotik device, you can opt to use Secure Shell (SSH) or Telnet.
  • Once you are in the Command line Interface (CLI) of your Mikrotik router, run the following command:

/ip traffic-flow <Press enter>

/ip traffic-flow> set enabled=yes interface=ether3-local-slave <Press Enter>

/ip traffic-flow> target <Press Enter>

/ip traffic-flow target> add address=192.168.0.10:9996 disabled=no version=9 <Press Enter>

  • Replace the IP address with the NetFlow Analyzer host IP address and interface you want the traffic flow.

  • Once you have done this, go back to your Netflow Analyzer webpage at localhost:8080 and refresh the page, you should see that previous error message is gone and there is now a pie graph and a couple of other stats, and it should look something like this:

  • And if you decide to go click on your device name, and look around a bit, you will find all sorts of useful info such as source and destination traffic, applications etc.

Was this helpful?