Layer2 traffic analysis can be performed by integrating flow into Logsign.
Note that: Netflow configuration varies according to different vendors.
For netflow configuration on the devices, the port must be mirrored and the datas should be forwarded to the Logsign Unified SecOps Platformip via port 2056. After configuration, netflow integration can be performed by clicking the “+ Device” button from “Data Collection” tab on Logsign Unified SecOps Platform.
Netflow is selected as the integration type and the necessary information is entered in the relevant fields. Then click on the save button.
To check whether the configuration is done correctly, the 2056 port can be tracked with the following command on the cli.