Basic Flows Setup

This section describes how to get started with flows to collect, enrich (classify), persist, and visualize flows.

Requirements

Make sure you have the following before you set up flows:

OpenNMS up and running.
Device(s) that sends flows visible to OpenNMS and monitored with SNMP.
Elasticsearch cluster set up with the Elasticsearch Drift plugin installed on every Elasticsearch node.
- The Drift plugin persists and queries flows that Meridian collects. The Drift version must match the targeted Elasticsearch version.
- (optional) Configure Elasticsearch variables like search.max_buckets or maximum heap size `ES-JAVA_OPTS`if the default values are not sufficient for your volume of flows or number of nodes.
- (optional) Create a job to clean the indices so that the disk does not fill up; for example, keep X days of flows. Filled disks are a challenging problem to address for non-Elasticsearch experts. We recommend the Elasticsearch Curator tool to do this.
- Monitor the Elasticsearch stack in OpenNMS to get an alarm if it goes down.
Set up OpenNMS Helm with Grafana to visualize flows.
- Configure the flow and performance data sources.

Configure OpenNMS to communicate with Elasticsearch

OpenNMS needs to talk to Elasticsearch and know where to store the flows data it collects (persistence).

From a Karaf shell on your Meridian instance, update ${OPENNMS_HOME}/etc/org.opennms.features.flows.persistence.elastic.cfg to configure the flow persistence to use your Elasticsearch cluster:

Connect to Karaf shell

ssh -p 8101 admin@localhost

Configure Elasticsearch settings within Karaf

config:edit org.opennms.features.flows.persistence.elastic
config:property-set elasticUrl http://elastic:9200
config:update

We also recommend setting the following:

Edit (or create) ${OPENNMS_HOME}/etc/org.opennms.features.flows.persistence.elastic.cfg

# ElasticSearch persistence configuration
elasticUrl = http://10.10.3.218:9200 (1)
connTimeout = 30000
readTimeout = 300000
settings.index.number_of_replicas = 0
settings.index.number_of_shards=1
settings.index.refresh_interval=10s
elasticIndexStrategy=daily

1	Replace with comma-separated list of Elasticsearch nodes.

See General Elasticsearch Configuration for a complete set of options.

Enable protocols

Update ${OPENNMS_HOME}/etc/telemetryd-configuration.xml to enable one or more of the protocols you want to handle.

This example enables the NetFlow v5 protocol. Use the same process for any of the other flow-related protocols.

<listener name="Netflow-5-UDP-8877" class-name="org.opennms.netmgt.telemetry.listeners.UdpListener" enabled="true">
    <parameter key="port" value="8877"/>

    <parser name="Netflow-5-Parser" class-name="org.opennms.netmgt.telemetry.protocols.netflow.parser.Netflow5UdpParser" queue="Netflow-5" />
</listener>

<queue name="Netflow-5">
    <adapter name="Netflow-5-Adapter" class-name="org.opennms.netmgt.telemetry.protocols.netflow.adapter.netflow5.Netflow5Adapter" enabled="true">
    </adapter>
</queue>

Send a reloadDaemonConfig event via the CLI to apply the changes without restarting:

${OPENNMS_HOME}/bin/send-event.pl -p 'daemonName Telemetryd' uei.opennms.org/internal/reloadDaemonConfig

This opens a UDP socket bound to 0.0.0.0:8877 to which NetFlow v5 messages are forwarded. (Also see Reload daemons by CLI.)

Multi-port listener

If you are monitoring multiple flow protocols, you normally need to set up a flow listener for each one, on its own UDP port.

By default, Meridian enables a multi-port listener option, which monitors multiple protocols on a single UDP port (9999). If desired, edit ${OPENNMS_HOME}/etc/telemetryd-configuration.xml to change the port number or add/remove protocols.

Make sure your firewall allow list includes the ports you configured to receive flow data.

Enable flows on your device(s)

Configure your devices to send flows. Refer to the manufacturer’s documentation. You may need to set up the flow receiver, which is OpenNMS Meridian, and enable sending flows per interface on the firewall.

Link the web UI to Helm

To access flow-related graphs from the Meridian web interface, you must configure a link to your instance of OpenNMS Helm.

Connect to Karaf shell

ssh -p 8101 admin@localhost

Configure Helm settings within Karaf

config:edit org.opennms.netmgt.flows.rest
config:property-set flowGraphUrl 'http://grafana:3000/dashboard/flows?node=$nodeId&interface=$ifIndex'
config:update

This URL can optionally point to other tools as well. It supports placeholders for $nodeId, $ifIndex, $start, and $end.

Once configured, an icon appears on the top-right corner of a resource graph for an SNMP interface if there is flow data for that interface.

You have completed a basic flows set up. If you have issues, refer to the flows troubleshooting section.

Beyond basic flows setup

You may want to do the following:

Classify data flows
- OpenNMS resolves flows to application names. Create rules to override the default classifications, to customize for your preference. See Application Classification.
Enable remote flows data collection
Scale to manage large volumes of flows data
Add the OpenNMS streaming analytics tool for aggregation and streaming analytics (see the streaming analytics tool documentation)