ElastiFlowElastiFlow

ElastiFlow Blog

Articles
News
Releases
Solutions
Videos

ElastiFlow 6.2: Introducing Unified SNMP Collector, Enhanced Features, and Helper Tools

By: The ElastiFlow Team

February 8, 2023

ElastiFlow 6.2 includes the initial generally available (GA) release of the new ElastiFlow Unified SNMP Collector. Additionally, a set of helper tools to our product have also been released.

New Features

Unified SNMP Collector

  • API: apply-definitions and rediscover-device - endpoints have been added to trigger the collector to re-read all definitions and take necessary actions (e.g. add/remove a device), and the rediscovery of a devices SNMP object instances.

  • Discovery: persistence - Discovered device SNMP object instances can now be persisted to disk. This allows the collector to be restarted without rediscovering all devices.

  • Elasticsearch and Opensearch Output: auto-generated index templates - Index templates for Elasticsearch and OpenSearch are now auto-generated from SNMP object definitions.

  • Kafka Output: optional flattened field names - An option has been added to use flattened, rather than nested, field names in the JSON records produced to Kafka. API (formerly Metrics) Server - Added support for basic authentication to secure the API's HTTP Server.

Unified Flow Collector

  • Kafka Output: optional flattened field names - An option has been added to use flattened, rather than nested, field names in the JSON records produced to Kafka. Netflow/Ipfix Decoder: max records per packet - The maximum flow records allowed per packet is now configurable via the option EF_PROCESSOR_DECODE_MAX_RECORDS_PER_PACKET. This improves support for records sent over networks with an MTU greater than 1500, while still providing malformed packet detection.

  • Flow Benchmark Input - The flow benchmark input replays in a loop a variety of packets through the collector as if they were received from network devices. This allows the end-to-end performance of the environment to be evaluated, for both the collector and platform to which records are sent. This is very useful prior to the "go live" of a deployment to ensure that the expected volume of records can be handled.

  • Flow Evaluator - The flow evaluator (floweval) is a standalone tool to assess the volume of flow records being sent by network devices. It decodes enough of the incoming packets to count the number of flow records they contain and log the observed record rates.

  • API (formerly Metrics) Server - Added support for basic authentication to secure the API's HTTP Server.

  • Elasticsearch/OpenSearch Dashboards - Added new BGP AS-Hop and Graph dashboards.