Install Flow Cloner

Once you have the Flow Cloner installed and configured, the flows going to the Harvester are forwarded whenever the CA NFA Flow Cloner service is running. The service starts by default whenever the server is rebooted. You can change this setting to run the service on demand. The configuration file must identify at least one destination IP address or the service will not start.
nfa1000
Once you have the Flow Cloner installed and configured, the flows going to the Harvester are forwarded whenever the CA NFA Flow Cloner service is running. The service starts by default whenever the server is rebooted. You can change this setting to run the service on demand. The configuration file must identify at least one destination IP address or the service will not start.
Install the Flow Cloner on the Harvester server in a distributed deployment or on the single server in a stand-alone deployment.
The Flow Cloner has not affected Harvester performance significantly during testing. If you use the Flow Cloner on a high-flow Harvester server, we recommend monitoring performance.
Prerequisites
Before you install the Flow Cloner, verify that your installation server meets the following prerequisites:
  • The server is configured and installed or upgraded
    .
  • The server already has software installed and configured to act as one of the following components:
    • Windows Harvester server in a 
      DX NetOps
       distributed deployment
    • Single server in a stand-alone deployment.
  • The server has at least 12.8 MB of disk space available on the target drive for the Flow Cloner.
  • You exited from all other programs.
  • No other user is logged in to the server.
Installing Flow Cloner
Follow these steps:
  1. Log in to the Windows-based Harvester installation server as a user with administrator privileges.
    The installation server must have the 
    DX NetOps
     Harvester software installed.
  2. Locate the installation program file:
    install_path
    \setup\FlowClonerSetupx.x.x.exe
    .
  3. Start the installation program: For example, double-click the
    FlowClonerSetupx.x.x.exe
    file in Windows Explorer.
  4. Click 
    Next
     in the 
    Welcome
     screen that opens.
    The 
    Pre-Installation Summary
     screen opens and shows the installation path and disk space requirements. The Flow Cloner will be installed in the same root installation directory that is used for the Harvester or stand-alone software.
  5. Click 
    Install
    .
    The
     Install Complete
     screen opens when the installation is complete.
  6. Click 
    Done
    .
    The installation program closes. An installation log file named
    FlowCloner_Install_
    <timestamp>
    .log
    is created in the root installation directory.
Configuring Flow Cloner Options
To configure the Flow Cloner, modify its default initialization (
.ini
) file. The
.ini
file contains a header line followed by a line for each destination host (each host that will receive the cloned packets). You must specify at least one destination host. If you do not specify values for the header fields, the default values are used.
Follow these steps:
  1. Log in to the Flow Cloner installation server as a user who has administrator privileges.
  2. Open the following file in a text editor:
    install_path
    \Netflow\FlowCloner\flowclonedef.ini
    The
    .ini
    file has a header line followed by a line for each host that will receive packets.
  3. Customize the header line:
    The header content must be contained in the first non-commented and non-blank single line in the file.
    • To use the default value for the input NIC, replace the entire header line with the following token:
      /use defaults
      You can follow the 
      /use defaults
       token with a comment, as shown in the following example:
      /use defaults ; use first available NIC and port 9995 to listen and send flows on the first available NIC
      The program uses the first available NIC. The hosts listen for the original flows and cloned flows on port UDP 9995. The 
      /use defaults
       token takes effect only if the header does not contain any other tokens.
    • (Optional) To specify the listening port, enter the
      /port= token
      , followed by the port number. The Harvester that receives the original flows listens on UDP 9995 unless you use the
      /port
      token to specify a different port.
      Default:
       UDP 9995
    • (Optional) To specify the destination port, enter the
      /dest port= token
      , followed by the port number. The hosts that receive the cloned flows listen on UDP 9995 unless you use the /dest port token to specify a different port. All of the hosts listen for the cloned flows on the same port.
      Default:
       UDP 9995
    • (Optional) To specify the Input NIC, enter the 
      /listen ip= token
      , followed by the IP address for the NIC on which the Flow Cloner listens for packets.
      Default:
       First functional IP address of the host
  4. Specify one or more hosts that will receive the cloned packets:
    Enter each host on a separate line, which consists of the 
    dest ip
    =
     token
    and IP address of the destination host. You can put the destination host lines in any order.
    Example:
    /dest ip=10.0.0.100 ; send cloned packets to 10.0.0.100
    If the IP address is missing, the line is ignored.
  5. Save and close the
    FlowCloneDef.ini
    file.
  6. Start the CA NFA Flow Cloner service on the Harvester server.
    The Flow Cloner is enabled and attempts to forward packets to each valid destination that you specified. Flow cloning continues until you stop the CA NFA Flow Cloner service manually.
    The CA NFA Flow Cloner service is configured to start automatically on reboot and start sending cloned flow data. To operate the Flow Cloner only on demand, change this configuration in the
    Services
    window. The service can run only if the configuration file identifies at least one destination IP address.