User guide

ManualsBrandsQ-See ManualsComputer equipmentRemote Client Software V 4.0.1

server

# is currently supported.

lce-server 192.168.1.160 {

}

# The LCE server can be configured to listen on a user-specified port. The

setting

# below should match the server setting, which is 31300 by default.

server-port 31300;

} server-port 31300;

}

Default Netflow Policy

The following table describes the configuration options available in the default_rhel_netflowclient.lcp file:

Option

Description

log-directory

Directory where LCE Client logs are stored. If the log-directory keyword is

commented out, then the client install directory will be used. Otherwise, ISO9000

compliant log files will be saved in the specified directory.

lce-server

Directs the TFM client to the IP address or hostname of the LCE, and specifies the

password used to connect. Note: Each client can only connect to one server, and will

connect to the first available server specified if multiple lce-server directives exist.

server-port

The port that the LCE server, as designated by the lce-server directive, listens on.

netflow-server-port

Specifies the NetFlow port to monitor. Do not change the netflow-server-port

keyword unless you have specifically modified the configuration of your networking

devices to report NetFlow data on non-standard ports.

heartbeat-frequency

The TFM client can be configured to send a “heartbeat” message to the LCE. This

message indicates that the client is still alive and performing normally.

statistics-frequency

The frequency with which the LCE Client sends a log entry containing performance

statistics to the LCE.

compress-events

LCE Clients have the ability to compress log data prior to sending the information to

the LCE server. Enabling this feature saves bandwidth. It may be disabled by changing

the option to “0”. This option is enabled by default.

include-filter

exclude-filter

The filtering section is used to limit the amount of data logged. Unlike the TNM that

has command line filtering courtesy of the libcap packet capture library, TFM filtering

is specified inside the tfm.conf file.

Debug

NetFlow data reported by the NetFlow agent, along with other verbose output, may be

printed to the NetFlow agent log if desired primarily for troubleshooting purposes. By

default this option is disabled because it can generate very large agent logs.

Filtering is accomplished by specifying one or more protocol, network, or port combinations. In the provided default

netflow policy file, several examples are given that look for generic matches. The filtering logic works such that any

reported NetFlow session must match at least one of the specified filters in each section.

Negative filtering can also be used. Consider the following section from a tfm.conf file: