When collecting NetFlows in AlienVault USM Appliance, it is possible to save space in the disk by compressing the data generated by NetFlow.
To perform this action, modify the following line in /etc/nfsen/nfsen.conf:
# Compress flows while collecting 0 or 1
$ZIPcollected = "0";
And change the value to 1
$ZIPcollected = "1";
Optionally you can compress older flows by going into the old flow directory in /var/cache/nfdump/flows/live/*/date and running the command
nfdump -j fcapd.date
as in the following example:
VirtualUSMStandardServer:/var/cache/nfdump/flows/live/564D4607F8095D2BF09F93EB1B25738D/2016-08-04# nfdump -j nfcapd.201608040335
Compress file nfcapd.201608040335 ..
Important: Note that if you enable/disable NetFlows from the CLI, the nfsen.conf file will be overwritten with the default file, and these changes will disappear, requiring you to add the configuration again.