Forum Discussion

Altocumulus

Jun 22, 2022

sFlow/Netflow

Hello, I need to configure my BIGIP to send sFlow to ELK, so I need the version of sFlow or Netflow used by F5 BIGIP (version 14.1.4) can any one help with this please ? Regards,

security

PSFletchTheTek

MVP

Jun 22, 2022

Hi,

sFlow on ELK isn't very well support, netflow which is very slightly different is much better.
It has filebeats and logstash plugins ready to go.

Also the default sFlow config doesn't help much.

I would recommend using netflow and using a method like this
https://docs.illumio.com/asp/20.2/Content/Guides/flowlink-configure-usage/collect-flow-records-f5.htm

Sorry i can't for the life of me get google to find the f5 pages that show the same, but in short its basically a log publisher and log destination setup like syslog. Then all you do is have a simple irule on the virtual server that you want logging.

This setup supports netflowv9 and ipfix (v10) so you should be good to go!
Hope this helps.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

sFlow/Netflow

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 sFlow with ManageEngine Netflow

UDP TCP Packet Duplication

Re: If Kernighan were a network architect he would say...

Re: How to enable Netflow on the F5

Re: sflow NAT vs local subnet to reach MGMT station on another subnet...

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS