You can use the Flow Cloner feature to forward flow data from a flow-enabled Harvester to another collection device, such as a Harvester in a different deployment. For example, the Flow Cloner could send flows to an Intrusion Detection System (IDS). By using the Flow Cloner, you can send the same data to two collection devices without burdening your routers with sending the data twice.
Once you have the Flow Cloner installed and configured, the flows going to the Harvester are forwarded whenever the CA NFA Flow Cloner service is running. The service starts by default whenever the server is rebooted. You can change this setting to run the service on demand. The configuration file must identify at least one destination IP address or the service will not start.
The Flow Cloner listens for packets in promiscuous mode, then forwards them to the IP addresses that you designate. In this mode, the Flow Cloner passes the packets along to any other process that is listening for them. A Harvester that is co-installed with a running Flow Cloner sees all the packets that are destined for it.
Install the Flow Cloner on the Harvester server in a distributed deployment or on the single server in a stand-alone deployment.
Note: The Flow Cloner has not affected Harvester performance significantly during testing. If you use the Flow Cloner on a high-flow Harvester server, we recommend monitoring performance.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|