DX Unified Infrastructure Management

  • 1.  Can I and if so, How do I configure CA NFA to export or forward Netflow data to a SIEM for logging and event correlation?

    Posted Feb 05, 2015 11:52 AM

    We use CA NFA for netflow collection, can I forward the collected Netflow data to a SIEM for event correlation and analysis? Im trying to avoid, per BP, multiple destinations and feeds. we are using McAfee(Nitro) SIEM



  • 2.  Re: Can I and if so, How do I configure CA NFA to export or forward Netflow data to a SIEM for logging and event correlation?
    Best Answer

    Broadcom Employee
    Posted Feb 05, 2015 12:10 PM

    You can use Flow Cloning to forward flows from a harvester to another server, see the tips below or the NFA Admin guide

    Tech Tip: NFA 9.2.1 Flow Cloner Supports Different Destination Port

    NFA 9.1.3 Setup Flow Cloner



  • 3.  Re: Can I and if so, How do I configure CA NFA to export or forward Netflow data to a SIEM for logging and event correlation?

    Posted Feb 05, 2015 12:31 PM

    Another option if the flow cloner doesn't do everything you need is

    Samplicate (

    http://eison.net/2012/08/samplicate-this-or-how-to-share-your-netflow/).

     

    On Thu, Feb 5, 2015 at 11:10 AM, Christopher_Walsh <