Set up your network devices so they send network data to New Relic.
- A New Relic account. Don't have one? Sign up for free! No credit card required.
- A New Relic account ID.
- A New Relic license key.
- Docker installed in a Linux host.
- SSH access to the Docker host, with the ability to launch new containers.
- Configured network devices to send flow data to the host running the ktranslate docker container. Here's how to configure network flow data collection in some devices:
New Relic Event
New Relic Log
Source devices for network flow data
Network flow monitoring supports the four primary types of network flow data and their derivatives. When running the ktranslate container, you will specify which major type you want to monitor using the
The ktranslate container only supports monitoring one type of network flow data type at a time. If you want to monitor several types, each will require a container.
IPFIX and NetFlow v9 can be sent to the same container, but we recommend running a separate container as a best practice.
Network flow data type
When planning your strategy for collecting network flows at scale, New Relic recommends 1 CPU per 2000 flows-per-second (120,000 flows-per-minute). Deciding whether to run more small containers to distribute load or fewer large containers to consolidate management is a matter of personal preference.
Go to one.newrelic.com and click Add more data.
Scroll down until you see Network monitoring and click Network Flows.
Follow the steps in New Relic.
one.newrelic.com > Add more data > Network monitoring > Network Flows to set up network flow data monitoring.
All network flow logs exported from the
ktranslate container use the
KFlow namespace, via the New Relic Event API. Currently, these are the default fields populated from this integration:
The class of program generating the traffic in this flow record. This is derived from the lowest numeric value from
The display name of the sampling device for this flow record.
The target IP address for this flow record.
The target Autonomous System Number for this flow record.
The target Autonomous System Name for this flow record.
The target country for this flow record, if known.
The number of bytes transferred for ingress flow records.
The number of packets transferred for ingress flow records.
The target port for this flow record.
The source port for this flow record.
The display name of the protocol used in this flow record, derived from the numeric IANA protocol number.
This attribute is used to uniquely identify various sources of data from
Sampling rate applied by either the sampling device configuration, or the
The source IP address for this flow record.
The source Autonomous System Number for this flow record.
The source Autonomous System Name for this flow record.
The source country for this flow record, if known.
TCP flags in this flow record.
The time, in Unix seconds, when this flow record was received by the New Relic Event API.