Basic Flows Setup
This section describes how to get started with flows to collect, enrich (classify), persist, and visualize flows.
Requirements
Make sure that you have the following before you set up flows:
-
A configured Horizon instance.
-
One or more devices that send flows visible to Horizon, and that are monitored with SNMP.
-
Elasticsearch cluster set up with the Elasticsearch Drift plugin installed on every Elasticsearch node.
-
The Drift plugin persists and queries flows that Horizon collects. The Drift version must match the targeted Elasticsearch version.
-
(Optional) Configure Elasticsearch variables like
search.max_buckets
or maximum heap sizeES-JAVA_OPTS
if the default values are not sufficient for your volume of flows or number of nodes. -
(Optional) Create a job to clean the indices so that the disk does not fill up (for example, "keep X days of flows"). Filled disks are a challenging problem to address for those who are not Elasticsearch experts. We recommend using the Elasticsearch Curator tool to do this.
-
Horizon set up to monitor the Elasticsearch stack and generate an alarm if it goes down.
-
-
The OpenNMS plugin for Grafana configured to visualize flows.
-
Configure the flow and performance data sources.
-
Configure Horizon to communicate with Elasticsearch
Horizon must be set up to communicate with Elasticsearch and persist the collected flows data in a defined directory:
-
Connect to your Horizon Karaf shell:
ssh -p 8101 admin@localhost
-
Edit
${OPENNMS_HOME}/etc/org.opennms.features.flows.persistence.elastic.cfg
to configure flow persistence to use your Elasticsearch cluster:config:edit org.opennms.features.flows.persistence.elastic config:property-set elasticUrl http://elastic:9200 config:update
-
(Optional) Edit or create
${OPENNMS_HOME}/etc/org.opennms.features.flows.persistence.elastic.cfg
and configure persistence settings:elasticUrl = http://10.10.3.218:9200 (1) connTimeout = 30000 readTimeout = 300000 settings.index.number_of_replicas = 0 settings.index.number_of_shards=1 settings.index.refresh_interval=10s elasticIndexStrategy=daily
1 Replace with comma-separated list of Elasticsearch nodes. -
See General Elasticsearch configuration for a complete set of configuration options.
-
Enable protocols
Follow these steps to enable one or more of the protocols that you want to handle.
This example uses the NetFlow v5 protocol. You can follow the same steps for any of the other flow-related protocols. |
-
Edit or create
${OPENNMS_HOME}/etc/telemetryd-configuration.xml
to enable protocols:<listener name="Netflow-5-UDP-8877" class-name="org.opennms.netmgt.telemetry.listeners.UdpListener" enabled="true"> <parameter key="port" value="8877"/> <parser name="Netflow-5-Parser" class-name="org.opennms.netmgt.telemetry.protocols.netflow.parser.Netflow5UdpParser" queue="Netflow-5" /> </listener> <queue name="Netflow-5"> <adapter name="Netflow-5-Adapter" class-name="org.opennms.netmgt.telemetry.protocols.netflow.adapter.netflow5.Netflow5Adapter" enabled="true"> </adapter> </queue>
-
Reload the daemons to apply your changes:
${OPENNMS_HOME}/bin/send-event.pl -p 'daemonName Telemetryd' uei.opennms.org/internal/reloadDaemonConfig
This configuration opens a UDP socket bound to 0.0.0.0:8877
; NetFlow v5 messages are forwarded to this socket (see Reload daemons by CLI for more information).
Multi-port listener
Normally, if you are monitoring multiple flow protocols, you must set up a listener on its own UDP port for each protocol.
By default, Horizon allows a multi-port listener option; this monitors multiple protocols on a single UDP port (9999
).
You can edit ${OPENNMS_HOME}/etc/telemetryd-configuration.xml
to change the port number and add or remove protocols.
Make sure your firewall allow list includes the ports that you have configured to receive flow data. |
Enable flows on your devices
Refer to your device’s manufacturer documentation to learn more about configuring it to send flows.
You may need to set up the flow receiver (in this case, Horizon) and allow sending flows per interface on your firewall. |
Link web UI to OpenNMS plugin for Grafana
You must configure a connection to your instance of the OpenNMS plugin for Grafana to access flow-related graphs from the Horizon web UI:
-
Connect to your Horizon Karaf shell:
ssh -p 8101 admin@localhost
-
Configure the plugin settings:
config:edit org.opennms.netmgt.flows.rest config:property-set flowGraphUrl 'http://grafana:3000/dashboard/flows?node=$nodeId&interface=$ifIndex' (1) config:update
1 This URL can also point to other tools. It supports the $nodeId
,$ifIndex
,$start
, and$end
placeholders.
After the plugin is configured, an icon is displayed at the top-right corner of an SNMP resource graph indicating that flow data is available for the interface. If you have trouble during or after configuration, refer to Flows Troubleshooting.
Configure Kafka forwarder
Flows enriched with Horizon node data can be forwarded to Kafka and persisted.
By default, enriched flows are stored in the flowsDocument
topic and the payloads are encoded using Google Protocol Buffers.
See flowdocument.proto
in the corresponding source definition for the model definitions.
To enable JSON support, set useJson
to true
.
Follow these steps to configure forwarding flows to Kafka:
-
Enable Kafka forwarding:
$ ssh -p 8101 admin@localhost ... admin@opennms()> config:edit org.opennms.features.flows.persistence.elastic admin@opennms()> config:property-set enableForwarding true admin@opennms()> config:update
-
Configure the Kafka server for flows:
$ ssh -p 8101 admin@localhost ... admin@opennms()> config:edit org.opennms.features.flows.persistence.kafka admin@opennms()> config:property-set bootstrap.servers 127.0.0.1:9092 admin@opennms()> config:property-set topic opennms-flows admin@opennms()> config:update
Next steps
After you set up basic flows monitoring, you may want to do some of the following tasks:
-
Classify data flows.
Horizon resolves flows to application names. You can create rules to override the default classifications (see Flows Classification).
-
Add OpenNMS Nephron for aggregation and streaming analytics.