MikroTik RouterOS
MikroTik RouterOS supports flow-based network traffic analysis using Traffic Flow, which is similar to IPFIX or NetFlow. To configure Traffic Flow on a MikroTik RouterOS device, follow these steps:
Access the router CLI
Connect to your MikroTik router via SSH or a console cable. If connecting via SSH, use a tool like PuTTY or the built-in SSH client in your terminal, and enter the router's IP address, username, and password to log in.
Enable Traffic Flow
Enter the following command to enable Traffic Flow on the router:
Configure Traffic Flow settings
To configure Traffic Flow settings, including the interface(s) to monitor and the IP address and port of the remote flow collector, use the following commands:
Replace x.x.x.x
with the IP address of your flow collector, yyyy
with the desired port number for the flow collector (e.g., 4739
for IPFIX), and INTERFACE_NAME
with the name of the interface you want to monitor (e.g., ether1
).
Optional
Configure Traffic Flow cache settings: If you want to customize the cache settings for Traffic Flow, such as timeouts and cache size, use the following command:
Adjust the values for cache-entries
, active-flow-timeout
, and inactive-flow-timeout
as needed.
Save the configuration
To save your configuration changes, use the following command:
Verify the configuration
To verify that Traffic Flow is configured correctly and exporting flow data, use the following command:
This command should display the Traffic Flow settings you just configured.
Once you have completed these steps, your MikroTik RouterOS device will start exporting flow data using Traffic Flow (similar to IPFIX) to the specified ElastiFlow Unified Flow Collector. Make sure your flow collector is set up to receive and process the exported data for analysis and monitoring purposes.