Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

sFlow/Netflow

Samadi
Altocumulus
Altocumulus

‎22-Jun-2022 01:46

Hello,

I need to configure my BIGIP to send sFlow to ELK, so I need the version of sFlow or Netflow used by F5 BIGIP (version 14.1.4)

can any one help with this please ?

Regards,

Labels:
0 Kudos
1 REPLY 1

PSFletchTheTek
MVP
MVP

‎22-Jun-2022 01:55

Hi,

sFlow on ELK isn't very well support, netflow which is very slightly different is much better.
It has filebeats and logstash plugins ready to go.

Also the default sFlow config doesn't help much.

I would recommend using netflow and using a method like this
https://docs.illumio.com/asp/20.2/Content/Guides/flowlink-configure-usage/collect-flow-records-f5.ht...

Sorry i can't for the life of me get google to find the f5 pages that show the same, but in short its basically a log publisher and log destination setup like syslog. Then all you do is have a simple irule on the virtual server that you want logging.

This setup supports netflowv9 and ipfix (v10) so you should be good to go!
Hope this helps.

Copyright © 2023 Khoros, LLC