The logs from netstat.netflow are labeled with the netstat.netflow.lt tag.
- The element type is fixed and it identifies the type and format of the event that is being sent.
- This element can only take the value lt, so, the label would be netstat.netflow.lt.
For more information on how tags work, check the Introduction to tags article.
Supported NetFlow versions
We are currently supporting versions 1, 5, 6 and 7 of the protocol.
Sending to Devo
In order to send NetFlow traffic to Devo, it is necessary to install an In-house Relay.
After the relay is installed, you need to configure the web device to export the flows to the In-house Relay IP to the 12999 (udp) port. This port is enabled by default and converts all the netflow traffic to syslog format, tags it as netstat.netflow.lt and securely send it to Devo.