Enable Netflow Ingest

Enable Netflow Ingest

1. Log in to the LogRhythm NDR UI.

2. Click the Settings tab, click Policy Management, and then click Feature Configuration.

3. In the Feature Configuration page under Netflow Enable, select the check box and click Update. 

Verify Netflow Ingest Integration Is Working

1. Log in to the LogRhythm NDR UI.

2. Click the Hunt tab, and then click Activity.
   The Activity page appears. By default, the legend graph is displayed, showing the logs and events for the past hour.

3. To single out data for a selected filter, do one of the following:Enter entry_origin filter (entry_type: Connection) in the Search field.Click Connection. A list of Connection-related events appears. 

4. On the upper left side, click the Discover icon .
   A drop down menu appears.

5. To see Netflow traffic and other kinds of connection traffic in the diagram, click General.

6. To the right of Origin, click the Visualize icon.
   A graph with the netflow option beneath it appears.

7. Click netflow.
   Only netflow traffic events appear.

8. On the listed traffic events, click the + button for each listing.
   A submenu with expanded Details and JSON tabs appears.
   In the Details tab, an entry called entry_origin appears. This entry lists Netflow and the version used in LogRhythm NDR.