IC SunsetThe developerWorks Connections platform will be sunset on December 31, 2019. On January 1, 2020, this forum will no longer be available. More details available on our FAQ.
Topic
  • 11 replies
  • Latest Post - ‏2016-05-15T14:17:07Z by Ayush_tachyon
DJey
DJey
5 Posts

Pinned topic How to enable VFlow

‏2014-07-24T11:37:47Z |

Dear All,

We have planned to configure VFlow on our Qradar. Please give me information about VFLow.

 

Thanks

  • JonathanPechtaIBM
    JonathanPechtaIBM
    12 Posts

    Re: How to enable VFlow

    ‏2014-07-24T14:01:22Z  

    deelasjohn,

     

    VFlow (Virtual Flow) appliances installation is documented in the QRadar Installation Guide. here is also flow information in the QRadar Administration Guide.

     

     

    If you have additional questions, you can feel free to ask in this post.

     

  • DJey
    DJey
    5 Posts

    Re: How to enable VFlow

    ‏2014-07-24T16:39:55Z  

    deelasjohn,

     

    VFlow (Virtual Flow) appliances installation is documented in the QRadar Installation Guide. here is also flow information in the QRadar Administration Guide.

     

     

    If you have additional questions, you can feel free to ask in this post.

     

    Dear Jonathan,

    Thanks for your reply.

    We have already 3100 All in one appliance. If i want to add vflow means what i need to do?

    Please advice.

    Thanks

  • Aaron_Breen(IBM)
    Aaron_Breen(IBM)
    13 Posts

    Re: How to enable VFlow

    ‏2014-07-25T15:07:58Z  
    • DJey
    • ‏2014-07-24T16:39:55Z

    Dear Jonathan,

    Thanks for your reply.

    We have already 3100 All in one appliance. If i want to add vflow means what i need to do?

    Please advice.

    Thanks

    You would need to purchase the Vflow package and receive the activation key associated with it. After which you can follow the guides Jonathan has demonstrated to install then add the Vflow to your existing deployment (3100)

  • DJey
    DJey
    5 Posts

    Re: How to enable VFlow

    ‏2014-07-25T15:35:34Z  

    You would need to purchase the Vflow package and receive the activation key associated with it. After which you can follow the guides Jonathan has demonstrated to install then add the Vflow to your existing deployment (3100)

    Dear Aaron,

    what are the the features i will get from the vflow ? can you brief me about this. ?

    we have enabled the netflow already.  we can go with netflow and vflow at the same time? or we need to remove the netflow after add the vflow?

    what is the difference between netflow, qflow & vflow. ?

    Please advice

    Thanks

  • Aaron_Breen(IBM)
    Aaron_Breen(IBM)
    13 Posts

    Re: How to enable VFlow

    ‏2014-07-25T17:09:56Z  
    • DJey
    • ‏2014-07-25T15:35:34Z

    Dear Aaron,

    what are the the features i will get from the vflow ? can you brief me about this. ?

    we have enabled the netflow already.  we can go with netflow and vflow at the same time? or we need to remove the netflow after add the vflow?

    what is the difference between netflow, qflow & vflow. ?

    Please advice

    Thanks

    - Netflow is port only and no content

    - Qflow is layer 7

    - Vflow is the same as a flow collector (netflow and qflow) but on virtual

    Collecting netflow from the same switch that is on a span port with Qflow process is redundant and would increase license 

  • milorad
    milorad
    1 Post

    Re: How to enable VFlow

    ‏2014-07-30T12:41:42Z  

    Hi,

     

    I have a problem deploying VFlow.

    I add Host in Deployment Editor, and i got qflow in deployment.

    After this i got them in Flow sources.

    I put span in eth1 and eth2. 

    With tcpdump i can see trafic ont this ports.

    I didn't got this trafic on QRadar.

    Also, i cannot connect Qflow to Event Collector, this option is grayed. When i add connection and put arrow on Event collector this field remain blank

     

  • RajaJahanzeb
    RajaJahanzeb
    15 Posts

    Re: How to enable VFlow

    ‏2015-01-23T11:02:23Z  

    You would need to purchase the Vflow package and receive the activation key associated with it. After which you can follow the guides Jonathan has demonstrated to install then add the Vflow to your existing deployment (3100)

    Hi Aaron,

    Do we use the same software package when installing VFlow collector as for SIEM console or QFlow collector with the only difference being of the activation key?

    Can we install QFlow collector and place it in promiscuous mode as a Virtual Machine for layer7 monitoring in virtual environments ? We have tested this deployment and apparently it works fine.

     
  • Ayush_tachyon
    Ayush_tachyon
    3 Posts

    Re: How to enable VFlow

    ‏2016-05-09T11:13:45Z  

    Hi Aaron,

    Do we use the same software package when installing VFlow collector as for SIEM console or QFlow collector with the only difference being of the activation key?

    Can we install QFlow collector and place it in promiscuous mode as a Virtual Machine for layer7 monitoring in virtual environments ? We have tested this deployment and apparently it works fine.

     

    Hello,

    I have the same question that Raja has asked. Do we use the same software package when installing VFlow collector as for SIEM console or QFlow collector with the only difference being of the activation key?

    Is VFlow = QFlow on virtual infrastructure?

     

    Raja,

    I guess you may have aleardy finished that deployment. How did you do it?

     

    Appreciate if anyone can please provide some answers. Thanks in advance!

  • Mike Hardesty
    Mike Hardesty
    1 Post

    Re: How to enable VFlow

    ‏2016-05-09T13:37:57Z  

    Hello,

    I have the same question that Raja has asked. Do we use the same software package when installing VFlow collector as for SIEM console or QFlow collector with the only difference being of the activation key?

    Is VFlow = QFlow on virtual infrastructure?

     

    Raja,

    I guess you may have aleardy finished that deployment. How did you do it?

     

    Appreciate if anyone can please provide some answers. Thanks in advance!

    Yes it is the same. The activation key is what tells the installer what appliance you wish to make your install. I am currently using VFlow.

  • AkhtarR
    AkhtarR
    1 Post

    Re: How to enable VFlow

    ‏2016-05-09T19:27:20Z  

    Yes it is the same. The activation key is what tells the installer what appliance you wish to make your install. I am currently using VFlow.

    Hi Mike,

    Can you point me to the right direction once the vflow is installed ? How do we get the port mirror from the virtual switch ? Do we have any guide for vflow export in VMWare environments ?

     

    Regards,

    Akhtar

  • Ayush_tachyon
    Ayush_tachyon
    3 Posts

    Re: How to enable VFlow

    ‏2016-05-15T14:17:07Z  

    Yes it is the same. The activation key is what tells the installer what appliance you wish to make your install. I am currently using VFlow.

    Thanks a ton Mike, your response makes it very clear!