A few additional features have been included in SoftPI Flow Collector 1.9.3 that facilitate the configuration of the system and increase its flexibility. The main ones are: Saving templates and additional fields.
Saving templates
SoftPI Flow Collector has highly flexible settings, allowing you to process and store only those fields that are essential for you. This allows to accelerate processing and save space on the storage device. But here comes the problem: the network administrator does not always knows the whole list of fields that are in the network flow which equipment provides. In this regard, the better to choose the fields from the list, which network equipment provides. Now SoftPI Flow Collector has this possibility.
SoftPI Flow Collector receives a template from network equipment and saves it. After this the template is available to user on the Storage tab from the Preset list. In the list the templates have the following names: template.X.A1.A2.A3.A4.N.xml, where:
X - protocol version number. For example, for NetFlow v9, X is equal v9.
A1.A2.A3.A4 - IP address of device from which a template was received.
N - a template number.
The example of the Storage tab with templates is shown in Figure below.
The user can select the desired template and if necessary, disable fields that are not of interest.
More difficult configuration when you have a few network devices, which have different templates. In this case, the user should review the lists of fields of all network devices, select a template, that contains largest number of required fields, and, if necessary, add fields missing in this template.
To receive and save templates in SoftPI Flow Collector, on the Traffic collector tab, in the Allowed flow sources list, specify IP addresses of network devices, from which the flow information will be collected, and start the service.
Additional fields
There is network equipment that supports NetFlow, or IPFIX, or RFlow, and also has vendor-specific fields. Most flow collectors are not able to handle such fields. But SoftPI Flow Collector 1.9.3 allows you to do this.
A list of all the fields that are processed in the system is contained in the file: fieldsinfo.xml
The file is located in the folder where SoftPI Flow Collector was installed. By default, this is a folder: ...\Program Files (x86)\SoftPI\FlowCollector\
The user can add information about a new field in the file. Information about a field is contained between tags: <FieldInfo>, </FieldInfo>
A type of field is contained in the tags: <FlowFieldType>, </FlowFieldType>
A code name of field is contained in the tags: <Code>, </Code>
A full name of field is contained in the tags: <Name>, </Name>
A field description is contained in the tags: <Description>, </Description>
A data type of field is contained in the tags: <DataType>, </DataType>
To add a vendor-specific field, the user must open the specified file and enter the appropriate information.