Cflowd Configuration Command Reference

This command creates the context to configure cflowd.

The no form of this command removes all configuration under cflowd including the deletion of all configured collectors. This can only be executed if cflowd is in a shutdown state.

This command configures the maximum amount of time before an active flow is aged out of the active cache. If an individual flow is active for this amount of time, the flow is aged out and a new flow will be created on the next packet sampled for that flow.

Existing flows do not inherit the new active-timeout value if this parameter is changed while cflowd is active. The active-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.

The no form of this command resets the inactive timeout back to the default value.

This command specifies the maximum number of active flows to maintain in the flow cache table.

The no form of this command resets the number of active entries back to the default value.

This command defines a flow data collector for cflowd data. The IP address of the flow collector must be specified. The UDP port number is an optional parameter. If it is not set, the default of 2055 is used for all collector versions. To connect to a IPFIX (version 10) collector using the IPFIX default port, specify port 4739 when configuring the collector. The version must be specified. A maximum of 5 collectors can be configured.

The no form of this command removes the flow collector definition from the config and stops the export of data to the collector. The collector needs to be shutdown to be deleted.

This command configures the type of aggregation scheme to be exported.

Specifies the type of data to be aggregated and to the collector.

To configure aggregation, you must decide which type of aggregation scheme to configure: autonomous system, destination prefix, protocol port, raw, source destination, or source prefix.

This can only be configured if the collector version is configured as V8.

The no form of this command removes all aggregation types from the collector configuration.

This command specifies that the aggregation data should be based on autonomous system (AS) information. An AS matrix contains packet and byte counters for traffic from either source-destination autonomous systems or last-peer to next-peer autonomous systems.

The no form of this command removes this type of aggregation from the collector configuration.

This command specifies that the aggregation data is based on destination prefix information.

The no form removes this type of aggregation from the collector configuration.

This command specifies that flows be aggregated based on the IP protocol, source port number, and destination port number.

The no form of this command removes this type of aggregation from the collector configuration.

This command configures raw (unaggregated) flow data to be sent in Version 5.

The no form of this command removes this type of aggregation from the collector configuration.

This command configures cflowd aggregation based on source and destination prefixes.

The no form of this command removes this type of aggregation from the collector configuration.

This command configures cflowd aggregation based on source prefix information.

The no form of this command removes this type of aggregation from the collector configuration.

This command defines whether the autonomous system (AS) information included in the flow data is based on the originating AS or external peer AS of the routes.

This option is only allowed if the collector is configured as Version 5 or Version 8.

The no form of this command resets the AS type to the default value.

This command creates a text description stored in the configuration file for a configuration context.

The no form of this command removes the description string from the context.

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables an entity.

Unlike other commands and parameters where the default state is not indicated in the configuration file. The shutdown and no shutdown states are always indicated in system generated configuration files.

This command specifies the set of templates sent to the collector when using cflowd Version 9 or Version 10.

This command can be used to control how exports are generated by the cflowd process. The default behavior is for flow data to be exported automatically based on the active and inactive time-out values. The alternative mode is manual in which case flow data is only exported when the command “tools perform cflowd manual-export” is issued. The only exception is if the cflowd cache overflows, in which case the normal automatic export process is used.

This command specifies the amount of time, in seconds, that must elapse without a packet matching a flow in order for the flow to be considered inactive.

The no form of this command resets the inactive timeout back to the default of 15 seconds.

Existing flows will not inherit the new inactive-timeout value if this parameter is changed while cflowd is active. The inactive-timeout value for a flow is set when the flow is first created in the active cache table and does not change dynamically.

This command specifies the percentage of the flow cache entries removed when the maximum number of entries is exceeded. The entries removed are the entries that have not been updated for the longest amount of time.

The no form of this command resets the number of entries cleared from the flow cache on overflow to the default value.

This command specifies the rate (N) at which traffic is sampled and sent for flow analysis. A packet is sampled every N packets; for example, when sample-rate is configured as 1, then all packets are sent to the cache. When sample-rate is configured as 100, then every 100th packet is sent to the cache.

The no form of this command resets the sample rate to the default value.

This command specifies the interval for sending template definitions.

This command is used to export flow data using interface indexes (ifIndex values), which can be used directly as the index into the IF-MIB tables for retrieving interface statistics. Specifically, if the this command is enabled, then the ingressInterface (ID=10) and egressInterface (ID= 14) fields in IP flow templates used to export the flow data to Cflowd version 9 and version 10 collectors will be populated with the IF-MIB ifIndex of that interface. In addition, for version 10 templates, two fields are available in the IP flow templates to present the Virtual Router ID associated with the ingress and egress interfaces.

The no form of this command removes the command from the active configuration and causes cflowd to return to the default behavior of populating the ingress and egress interface ID with the global IF index IDs.