Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS User Guide

Table of Contents

IDS Collector

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 2 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

IDS Collector allows you to collect and aggregate events from the Flowmon IDS Probe or other compatible IDS systems (for example, Suricata) using Syslog. You can browse these events using the IDS categories tab on the Analysis page. Note that the IDS categories tab is only displayed when the IDS event collector is enabled (see the section below). Another way to browse events detected by IDS systems is to use the menu options Browse IDS Events or Related IDS Events which are described in the Context Menu section.

Configuration

To activate the IDS events processing functionality, you need to enable the IDS event collector in Settings → System Settings → IDS Collector.

IDS collector settings page
IDS collector settings page

If the Flowmon IDS Probe module is installed locally (the Flowmon appliance is used as a probe and collector simultaneously), IDS events are processed automatically without any further configuration. To receive events from the remote device (typically the Flowmon probe where the Flowmon IDS probe package is installed), further steps must be taken:

  • At the Flowmon collector go to the Flowmon Configuration Center → SystemSystem SettingsSyslog Server. Click Enable external syslog and add a new Syslog client. In the IP address field, insert the IP address of the device where the Flowmon IDS probe is installed and choose the port where the Syslog server should listen (the standard port is 514). After that, click the OK and Save buttons.

  • At the Flowmon device where the Flowmon IDS probe is installed, go to the Flowmon Configuration CenterSystemSystem SettingsSyslog Event Logging. Click Use syslog event logging. Add a new Syslog server - in the IP address field fill in the IP address of the Flowmon collecto. In the Port field, insert the same port number you chose in the previous step. Click the OK and Save buttons to save the changed configuration.

After performing all the steps described above, the configuration is done and you should be able to see IDS events in the IDS Browser.

Quotas

IDS Collector quota can be separately configured in Flowmon Configuration Center → Resource Manager. Quota size limits the maximum number of events stored from IDS Collector.

TitleResults for “How to create a CRG?”Also Available inAlert