#format wiki
#language en
= IP Flow Monitor =
 * IP Flows is data a network device exports on the Flows flowing through it, it does not contain the actual data, just a summary of the data flowing.

== Cisco Flow setup ==
 * Enable flows with 
   {{{ ip flow-export destination 10.10.240.31 3121 }}}
 * SRC Ip to use for export records
   {{{ ip flow-export source Loopback0 }}}
 * ip flow-cache timeout active 1

ip route-cache flow

 * display and filter example.  grep out IP's we dont want to see, match udp $4==17, and then filter out port 123 ntp.
   {{{
flow-cat ft-v05.2016-07* | flow-print | grep -v "10.100\|10.10.240\|10.67.0.8\|196.214.71.234\|10.100.81" |\
 awk -F, 'BEGIN {FS=" "} { if ( ( $1 ~ /10.90/ || $2 ~ /10.90/ ) && $3 == "17" && $4 != "123") print $0 }'
   }}}
...
----
CategoryCisco