NetFlow Monitoring gives the user a broad overview to where their usage is going.
Please note that it’s impossible to see exactly where all the usage is going as many protocols are encrypted, however, broad generalisations and common accesses are logged which greatly helps with traffic analysis.
The NetFlow monitoring needs to be enabled on DataTill, and the router needs to be configured to send NetFlow data to DataTill.
You can monitor your entire network (resource intensive) or just individual customer routers. NetFlow must be enabled on a router where the traffic has not been NATted.
If you enable NetFlow on your core, it only has to be enabled on one router through which the traffic is flowing. This router would typically be one of the last routers that all the traffic goes through before going onto the public network. Note: For additional analysis, a port 80 proxy can be used to capture traffic patterns.
Please contact DataTill support for help with configuring a transparent proxy on port 80 which will involve installing a Squid server to analyse the traffic even more.
To do the Configuration of NetFlow on the DataTill Side, go to Setup / Usage Logging and follow the guide below: How to set up the MikroTik side
When setting up the MikroTik side, please ensure that you select the correct interface through which traffic is flowing.
This IP address of this interface must match the interface in DataTill.
In many WISP networks this is typically the PPPoE interface.
NetFlow should be enabled on your core router (remember when doing on a client router instead, use the PPPoE interface).