cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1028
Views
5
Helpful
3
Replies

Stealthwatch export from sensor?

All ,

I'm looking to see if it's possible to leverage flow information collected by a stealthwatch sensor in another application.

Based on my research , the stealthwatch sensor will provide flow information including application layer information like URL, etc.

I'm trying to avoid having to place yet another span collector into the environment.

Is it possible to glean this information from Stealthwatch?

If so, what format would it be in?

-Scott

1 ACCEPTED SOLUTION

Accepted Solutions
jamegill
Cisco Employee

The Stealthwatch Flow Sensor exports data in IPFIX format (see RFCs 7011, 7012).   Any  system that can consume IPFIX (or NetFlow or any of the compatible formats) should be able to consume it.   Some of the datapoints encoded in the Flow Sensor's data are recorded in "enterprise fields". Those fields which are publicly labeled will use IANA standard IP Flow Information Export (IPFIX) Entities.

View solution in original post

3 REPLIES 3
brford
Cisco Employee

Scott,

The current version (6.9) of Stealthwatch Flow Sensor exports data in IPFIX format.

I hope this helps.

Brian

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

Thanks for the reply Brian.

Is there a sample export or documentation that details the included information?

-Scott

jamegill
Cisco Employee

The Stealthwatch Flow Sensor exports data in IPFIX format (see RFCs 7011, 7012).   Any  system that can consume IPFIX (or NetFlow or any of the compatible formats) should be able to consume it.   Some of the datapoints encoded in the Flow Sensor's data are recorded in "enterprise fields". Those fields which are publicly labeled will use IANA standard IP Flow Information Export (IPFIX) Entities.

View solution in original post

Content for Community-Ad