灵活的NetFlow,这是基于NetFlow的版本9,使管理员能够创建定制的能力流量监控以捕捉专门针对不同类型的应用程序的信息。一个流量监控器定义了信息收集和发送到什么位置。具有灵活的Netflow,管理员可以,例如,建立一个单一的端口上同时运行不同的流量监控,一到捕获的安全数据与其他捕获数据进行流量分析。灵活的NetFlow允许管理员创建其中重点从层2收集交通格式与进行应用程序监控深度包检测到层7流量监控器。总之,它具有同时传统的流量监测器正在发射到收集器启动单独的更深的流量监测的能力。虽然它支持版本5和IPFIX,灵活NetFlowmust leverage NetFlow v9 if the administrator wants to track up to the first 1200 bytes of the IP packet (which in many cases is the entire packet since the maximum frame size in Ethernet is 1500 bytes.) In most cases it wouldn’t make sense to capture the first 1200 bytes of all packets as this would defeat the purpose of NetFlow's summarization architecture. However, it may make sense to set a threshold that triggers a brief Flow Monitor. The Flow Monitor could in turn create an “Immediate” NetFlow cache on the router to capture and export the first 1200 bytes of each of the culprit's packets for several seconds. This feature allows administrators to gather information deeper into packets for security analysis without interrupting the archiving of summarized data for historical baselines. Loaded with the actual packets, problems such as Denial of Service (DoS) and worm attacks can be thoroughly investigated and more accurately diagnosed. Since Flexible NetFlow supports version 5, 9 and IPFIX, it will work with the existing investments in netflow analyzers or even free NetFlow analysis tools such asPlixer Scrutinizer和NTOP。
