Flow Collector
The Flow Collector microservice receives, decodes, transforms, normalizes, translates, and enriches network flow records and telemetry sent from network devices and applications using IPFIX, Netflow, sFlow, and AWS VPC Flow Logs. The microservice sends the resulting records to the Historical database and you can see them in the Flow Analytics dashboards.
This microservice is part of the Flow microservice pipeline. See Understanding Flow Analytics in Unified Assurance Concepts for conceptual information.
Flow Collector Prerequisites
Before deploying the microservice, confirm that the following prerequisites are met:
-
A microservice cluster is set up. See Microservice Cluster Setup.
-
The Historical database is configured and running.
Deploying Flow Collector
To deploy the microservice in a single-server environment, run the following commands:
su - assure1
export NAMESPACE=<namespace>
export WEBFQDN=<WebFQDN>
a1helm install <microservice-release-name> assure1/flow-collector -n $NAMESPACE --set global.imageRegistry=$WEBFQDN
In a multi-server environment, deploy the microservice to a specific node by running the following commands:
su - assure1
export NAMESPACE=<namespace>
export WEBFQDN=<WebFQDN>
export NODEFQDN=<NodeFQDN>
a1helm install <microservice-release-name> assure1/flow-collector -n $NAMESPACE --set global.imageRegistry=$WEBFQDN --set nodeSelector."kubernetes\.io/hostname"=$NODEFQDN
In the commands:
-
<namespace> is the namespace where you are deploying the microservice. The default namespace is a1-zone1-pri, but you can change the zone number and, when deploying to a redundant cluster, change pri to sec.
-
<WebFQDN> is the fully-qualified domain name of the primary presentation server for the cluster.
-
<NodeFQDN> is the FQDN of the cluster node to deploy the microservice to.
-
<microservice-release-name> is the name to use for the microservice instance. Oracle recommends using the microservice name (flow-collector) unless you are deploying multiple instances of the microservice to the same cluster.
You can also use the Unified Assurance UI to deploy microservices. See Deploying a Microservice by Using the UI for more information.
Changing Flow Collector Configuration Parameters
When running the install command, you can optionally change default configuration parameter values by including them in the command with additional --set arguments. You can add as many additional --set arguments as you need.
For example:
-
Set a parameter described in Default Flow Collector Configuration by adding --set configData.<parameter_name>=<parameter_value>. For example, --set configData.LOG_LEVEL=DEBUG.
-
If you installed Unified Assurance into a different directory than the default /opt/assure1 and you want to use enrichment files, specify your custom base directory by adding --set global.a1BaseDir=<custom_base>/assure1, where <custom_base> is the path to your custom base directory.
Default Flow Collector Configuration
The following table describes the default configuration parameters found in the Helm chart under configData for the microservice.
| Name | Default Value | Possible Values | Notes |
|---|---|---|---|
| LOG_LEVEL | INFO | FATAL, ERROR, WARN, INFO, DEBUG | Logging level used by application. |
| COLLECTOR_PORT | "9995" | Integer | Flow UDP socket port. |
| IS_SECONDARY | "false" | true or false | Whether this is a secondary instance, in a redundant environment. |
| NETINTEL_ENABLE | "false" | false | Whether to use NetIntel flow data, which appears on the Threats tab in Flow Analytics dashboards. Setting to true is not currently supported. This feature requires a separate license. |