AlienVault® USM Appliance™

How to Compress NetFlow Data and Save Disk Space

Version: 5.x
Deployment: All deployments

When collecting NetFlows in AlienVault USM Appliance, it is possible to save space in the disk by compressing the data generated by NetFlow.

To perform this action, modify the following line in /etc/nfsen/nfsen.conf:

# Compress flows while collecting 0 or 1

$ZIPcollected = "0";

And change the value to 1

$ZIPcollected = "1";

Optionally you can compress older flows by going into the old flow directory in /var/cache/nfdump/flows/live/*/date and running the command

nfdump -j

as in the following example:

VirtualUSMStandardServer:/var/cache/nfdump/flows/live/564D4607F8095D2BF09F93EB1B25738D/2016-08-04# nfdump -j nfcapd.201608040335

Compress file nfcapd.201608040335 ..

Important: Note that if you enable/disable NetFlows from the CLI, the nfsen.conf file will be overwritten with the default file, and these changes will disappear, requiring you to add the configuration again.