IPFIX

Integration Details
Ingester	NetFlow Ingester
Kit	IPFIX Kit

IPFIX Configuration

Each system is going to have its own configuration file to send ipfix remotely. There will generally be three settings that need to be configured:

• Interfaces

  • Specify the interfaces that you want captured by IPFix

  • Some devices will allow you to set WAN interfaces to avoid duplicating traffic

• Version

  • v5 see: Netflow

  • v9

• Destination

  • Set to the IP address of your Gravwell ingester

Gravwell Configuration

Gravwell Storage Well Configuration

Setup the well configuration in your Gravwell indexers.

Sample well config:
Create or edit: /opt/gravwell/etc/gravwell.conf.d/ipfix.well

[Storage-Well "ipfix"]
    Location=/opt/gravwell/storage/ipfix
    Tags=ipfix*

Gravwell Ingester Configuration

Sample IPFIX config:
Create or edit: /opt/gravwell/etc/netflow_capture.conf.d/ipfix.conf

[Collector "ipfix"]
	Tag-Name=ipfix
	Bind-String="0.0.0.0:4739"
	Flow-Type=ipfix