The ElastiFlow Unified Flow Collector is available in four license tiers. The license tier determined a number of collector attributes, including the number of units (1 unit = 4000 records/second), and thus the volume of flows the collector can process, as well as which information elements (IEs) are supported.
Units
single
single
multi
multi
IPFIX
83
450
4729
4729
Netflow
152
519
1613
1613
sFlow
187
206
939
939
AWS VPC Flow Logs
29
29
29
29
:::note The single unit limit for the Community and Basic license applies to the person or entity accepting the license. It does not allow for running multiple instances. :::
:::info The actual number of units available with a Standard or Premium license is determined by the license key. This number of units may be split between multiple instances of the collector, as long as the total number of units does not exceed the number of units allowed by the license. :::
By default the number of units will be set based on the provided license key. However the number of units to be used by as instance can be configured manually. This is usually done when it is desired to use multiple instances of the collector. For example, a subscription for 8 licensed units can be split into 2 instances, of 4 units each, by setting EF_FLOW_LICENSED_UNITS: 4 for each instance. If set to a value greater than allowed by the license key, the instances will be started with the number of units from the license key.
You can request a via the . This license will be good for one year, after which it can be renewed by requesting a new license.
You can also request a via the . This license can only be renewed with approval of ElastiFlow. To request an extension, please send an email to .
The license key for ElastiFlow Standard and Premium Tier customers will be made available through our support system. A ticket will be opened, from which an authorized user can download the license key.
The following is an example of a license configuration, as defined in a docker-compose file:
and as defined in the systemd configuration:
For a complete description of all common and flowcoll-specific license configuration options, please refer to the Configuration Reference.
By default The ElastiFlow Unified Flow Collector can be configured to log to stdout or to a file. It can also be configured to log with json or console formatting. If logging to a file, log rotation can be configured to manage the volume of logs. For a complete description of all logging configuration options, please refer to the Configuration Reference.
The ElastiFlow Unified Flow Collector receives IPFIX, Netflow and sFlow network flow records and telemetry over UDP. By default the collector listens on all interfaces of the system where it is running. However it can be configured to listen on only a specific interface. The default UDP listening port is 9995, which can also be configured.
It is recommended that the collector be configured to request a larger than default receive buffer size. The size, in bytes, that the collector will request be created by the operating system kernel is configurable. If this value exceeds the maximum allowed buffer size (net.core.rmem_max on Linux), the maximum allowed size is used.
Received UDP PDUs are queued prior to being processed by an available decoder. This allows the collector to better handle temporary spikes of received packets without loosing data. The size of the queue is automatically set based on the number of licensed units. The default is 4096 times the value of EF_FLOW_LICENSED_UNITS. This can be overridden using EF_FLOW_PACKET_STREAM_MAX_SIZE. For a complete description of all UDP input configuration options, please refer to the Configuration Reference.