From 367300296ab5ac855f2767213cdd7eb849d74a89 Mon Sep 17 00:00:00 2001
From: Carla Garcia <167806437+CG3827@users.noreply.github.com>
Date: Fri, 14 Feb 2025 11:41:27 -0500
Subject: [PATCH 1/7] Create NetFlow Content Pack.html

---
 Content/Content Packs/NetFlow Content Pack.html | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 Content/Content Packs/NetFlow Content Pack.html
diff --git a/Content/Content Packs/NetFlow Content Pack.html b/Content/Content Packs/NetFlow Content Pack.html
new file mode 100644
index 00000000..c054f7a8
--- /dev/null
+++ b/Content/Content Packs/NetFlow Content Pack.html	
@@ -0,0 +1 @@
+nf

From 2ef7ac13edaabc80779a244d9dc249d7fa02cf76 Mon Sep 17 00:00:00 2001
From: Carla Garcia <167806437+CG3827@users.noreply.github.com>
Date: Thu, 20 Feb 2025 19:45:40 -0500
Subject: [PATCH 2/7] Update NetFlow Content Pack.html

---
 .../Content Packs/NetFlow Content Pack.html   | 136 +++++++++++++++++-
 1 file changed, 135 insertions(+), 1 deletion(-)

diff --git a/Content/Content Packs/NetFlow Content Pack.html b/Content/Content Packs/NetFlow Content Pack.html
index c054f7a8..4b45a7e5 100644
--- a/Content/Content Packs/NetFlow Content Pack.html	
+++ b/Content/Content Packs/NetFlow Content Pack.html	
@@ -1 +1,135 @@
-nf
+﻿<?xml version="1.0" encoding="utf-8"?>
+<html xmlns:MadCap="http://www.madcapsoftware.com/Schemas/MadCap.xsd">
+    <head><title>NetFlow Content Pack</title>
+        <link href="../Resources/TableStyles/Alternate-Row-Color.css" rel="stylesheet" MadCap:stylesheetType="table" />
+    </head>
+    <body>
+        <p>
+            <MadCap:snippetText src="../Resources/Snippets/IlluminateBanner.flsnp" />
+        </p>
+        <p>NetFlow is a network protocol that collects and monitors IP traffic flow data, providing insights into network usage, security threats, and performance. It helps analyze traffic patterns, detect anomalies, and troubleshoot network issues by capturing details such as source/destination IPs, ports, protocols, and bandwidth usage.
+        <ul>
+            <li>
+                <p>NetFlow running versions are NetFlowV5, NetFlowV9, IPFIX.</p>
+            </li>
+            <li>
+                <p>Graylog Server with a valid enterprise license, running Graylog version 6.0.1+.</p>
+            </li>
+        </ul>
+        <p>
+            <section class="warningBox">
+                <div class="title"><b>Warning</b>:<span style="font-weight: normal;"> This spotlight requires a more recent version of Graylog due to a change in functionality. Fields will be improperly processed if using a version earlier than Graylog  4.3.0.</span></div>
+            </section>
+        </p>
+        <h2>Not Supported</h2>
+        <ul>
+            <li>
+                <p>N/A</p>
+            </li>
+        </ul>
+        <h2>Stream Configuration</h2>
+        <p>This technology pack includes one stream:</p>
+        <ul>
+            <li>
+                <p>“Illuminate:NetFlow Messages”</p>
+            </li>
+        </ul>
+        <p>
+            <section class="infoBox">
+                <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this stream does not exist prior to the activation of this pack then it will be created and configured to route messages to this stream and the associated index set. There should not be any stream rules configured for this stream.</div>
+            </section>
+        </p>
+        <h2>Index Set Configuration</h2>
+        <p>This technology pack includes one index set definition:</p>
+        <ul>
+            <li>
+                <p>“NetFlow Firewall Logs”</p>
+            </li>
+        </ul>
+        <p>
+            <section class="infoBox">
+                <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this index set is already defined, then nothing will be changed. If this index set does not exist, then it will be created with retention settings of a daily rotation and 90 days of retention. These settings can be adjusted as required after installation.</div>
+            </section>
+        </p>
+        <h2>Log Format Example</h2>
+        <p><code class="linecode">id=firewall time="2022-11-25 16:30:33" fw="SN710_ABCD" tz=+0100 startime="2022-11-25 16:30:32" pri=5 confid=01 slotlevel=2 ruleid=208 srcif="vlan4" srcifname="20_SOMETHING" ipproto=tcp dstif="vlan3" dstifname="1000_XYZ" proto=http_proxy src=10.10.20.13 srcport=42006 srcportname=ephemeral_fw_tcp srcname=SOMENAME srcmac=xx:6b:8d:9a:da:13 dst=192.168.1.1 dstport=8080 dstportname=http_proxy dstname=Protect-DMZ ipv=4 sent=0 rcvd=0 duration=0.00 action=pass logtype="filter"</code>
+        </p>
+        <h2>Requirements</h2>
+        <ul>
+            <li>
+                <p>Configure NetFlow to transmit Syslog to your Graylog server Syslog input.</p>
+            </li>
+        </ul>
+        <h2>What is Provided</h2>
+        <ul>
+            <li>
+                <p>Rules to normalize and enrich NetFlow log messages.</p>
+            </li>
+            <li>
+                <p>A Network Overview Spotlight content pack (dashboard).</p>
+            </li>
+        </ul>
+        <h2>NetFlow Log Message Processing</h2>
+        <p>The Illuminate processing of NetFlow log messages provides the following:</p>
+        <ul>
+            <li>
+                <p>Field extraction and normalization and message enrichment for NetFlow log messages.</p>
+            </li>
+            <li>
+                <p>GIM Categorization of the following messages:</p>
+            </li>
+        </ul>
+        <table style="width: 100%;mc-table-style: url('../Resources/TableStyles/Alternate-Row-Color.css');" class="TableStyle-Alternate-Row-Color" cellspacing="21">
+            <col class="TableStyle-Alternate-Row-Color-Column-Column1" />
+            <col class="TableStyle-Alternate-Row-Color-Column-Column1" />
+            <col class="TableStyle-Alternate-Row-Color-Column-Column1" />
+            <thead>
+                <tr class="TableStyle-Alternate-Row-Color-Head-Header1">
+                    <th class="TableStyle-Alternate-Row-Color-HeadE-Column1-Header1">NetFlow Logtype</th>
+                    <th class="TableStyle-Alternate-Row-Color-HeadE-Column1-Header1">GIM&#160;Category</th>
+                    <th class="TableStyle-Alternate-Row-Color-HeadD-Column1-Header1">GIM&#160;Subcategory</th>
+                </tr>
+            </thead>
+            <tbody>
+                <tr class="TableStyle-Alternate-Row-Color-Body-Body1">
+                    <td class="TableStyle-Alternate-Row-Color-BodyE-Column1-Body1">filter</td>
+                    <td class="TableStyle-Alternate-Row-Color-BodyE-Column1-Body1">network</td>
+                    <td class="TableStyle-Alternate-Row-Color-BodyD-Column1-Body1"><code class="linecode">network.flow</code>
+                    </td>
+                </tr>
+         
+                  </tbody>
+        </table>
+        <h2>Network Overview Spotlight Content Pack</h2>
+        <p>The Network Overview Spotlight content pack contains:</p>
+        <ul>
+            <li>
+                <p>Dashboard: Network Overview</p>
+            </li>
+            <ul>
+                <li>
+                    <p>Network Overview tab</p>
+                </li>
+                <p>
+                    <img src="" />
+                </p>
+                <p>
+                    <img src="" />
+                </p>
+                
+                <p>
+                    <img src="" />
+                </p>
+               
+            </ul>
+            <li>
+                <p></p>
+            </li>
+            <ul>
+            
+            </ul>
+           
+            </ul>
+        </ul>
+    </body>
+</html>

From f582ba7e079c20a89bcc47158b4c4ac38e808b3a Mon Sep 17 00:00:00 2001
From: Carla Garcia <167806437+CG3827@users.noreply.github.com>
Date: Mon, 24 Feb 2025 16:53:21 -0500
Subject: [PATCH 3/7] Update NetFlow Content Pack.html

---
 .../Content Packs/NetFlow Content Pack.html   | 120 +++++++++++-------
 1 file changed, 73 insertions(+), 47 deletions(-)

diff --git a/Content/Content Packs/NetFlow Content Pack.html b/Content/Content Packs/NetFlow Content Pack.html
index 4b45a7e5..978a29f0 100644
--- a/Content/Content Packs/NetFlow Content Pack.html	
+++ b/Content/Content Packs/NetFlow Content Pack.html	
@@ -16,17 +16,8 @@
                 <p>Graylog Server with a valid enterprise license, running Graylog version 6.0.1+.</p>
             </li>
         </ul>
-        <p>
-            <section class="warningBox">
-                <div class="title"><b>Warning</b>:<span style="font-weight: normal;"> This spotlight requires a more recent version of Graylog due to a change in functionality. Fields will be improperly processed if using a version earlier than Graylog  4.3.0.</span></div>
-            </section>
-        </p>
-        <h2>Not Supported</h2>
-        <ul>
-            <li>
-                <p>N/A</p>
-            </li>
-        </ul>
+        
+        
         <h2>Stream Configuration</h2>
         <p>This technology pack includes one stream:</p>
         <ul>
@@ -52,12 +43,77 @@ <h2>Index Set Configuration</h2>
             </section>
         </p>
         <h2>Log Format Example</h2>
-        <p><code class="linecode">id=firewall time="2022-11-25 16:30:33" fw="SN710_ABCD" tz=+0100 startime="2022-11-25 16:30:32" pri=5 confid=01 slotlevel=2 ruleid=208 srcif="vlan4" srcifname="20_SOMETHING" ipproto=tcp dstif="vlan3" dstifname="1000_XYZ" proto=http_proxy src=10.10.20.13 srcport=42006 srcportname=ephemeral_fw_tcp srcname=SOMENAME srcmac=xx:6b:8d:9a:da:13 dst=192.168.1.1 dstport=8080 dstportname=http_proxy dstname=Protect-DMZ ipv=4 sent=0 rcvd=0 duration=0.00 action=pass logtype="filter"</code>
+        <p><code class="linecode">NetFlowV5 [192.168.81.254]:67 <> [192.168.81.134]:68 proto:17 pkts:1 bytes:328</code>
         </p>
         <h2>Requirements</h2>
         <ul>
             <li>
-                <p>Configure NetFlow to transmit Syslog to your Graylog server Syslog input.</p>
+                <p>Configure NetFlow to transmit Syslog to your Graylog server Syslog input. Customer needs to use the NetFlow UDP. You also need to install fprobe. fprobe will send the collected flow data. <!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>fprobe Installation Guide</title>
+  <style>
+    body {
+      font-family: Arial, sans-serif;
+      background-color: #f5f5f5;
+      margin: 20px;
+      line-height: 1.6;
+    }
+    .container {
+      background: #fff;
+      padding: 20px;
+      border-radius: 8px;
+      max-width: 800px;
+      margin: auto;
+      box-shadow: 0 2px 8px rgba(0,0,0,0.1);
+    }
+    h1 {
+      color: #333;
+    }
+    code {
+      background: #eee;
+      padding: 2px 4px;
+      border-radius: 4px;
+    }
+    pre {
+      background: #eee;
+      padding: 10px;
+      border-radius: 4px;
+      overflow-x: auto;
+    }
+    ul {
+      margin: 10px 0;
+      padding-left: 20px;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>fprobe Installation Guide</h1>
+    <p>You can now install <strong>fprobe</strong> using:</p>
+    <pre><code>sudo apt-get install fprobe</code></pre>
+    
+    <h2>Configuration</h2>
+    <p>fprobe requires two configuration parameters:</p>
+    <ul>
+      <li>The network interface on which to listen</li>
+      <li>The destination where the collector is listening (<code>127.0.0.1:2055</code> in this case)</li>
+    </ul>
+    <p>You can modify these settings in the configuration file:</p>
+    <pre><code>/etc/default/fprobe</code></pre>
+    
+    <h2>Starting fprobe</h2>
+    <p>Restart fprobe to apply the configuration:</p>
+    <pre><code>sudo service fprobe restart</code></pre>
+    
+    <h2>Verification</h2>
+    <p>If everything is configured correctly, new files will appear in <code>/var/cache/nfdump</code>. Verify by listing the files:</p>
+    <pre><code>ls -lh /var/cache/nfdump</code></pre>
+  </div>
+</body>
+</html>
+ </p>
             </li>
         </ul>
         <h2>What is Provided</h2>
@@ -65,9 +121,7 @@ <h2>What is Provided</h2>
             <li>
                 <p>Rules to normalize and enrich NetFlow log messages.</p>
             </li>
-            <li>
-                <p>A Network Overview Spotlight content pack (dashboard).</p>
-            </li>
+          
         </ul>
         <h2>NetFlow Log Message Processing</h2>
         <p>The Illuminate processing of NetFlow log messages provides the following:</p>
@@ -100,36 +154,8 @@ <h2>NetFlow Log Message Processing</h2>
          
                   </tbody>
         </table>
-        <h2>Network Overview Spotlight Content Pack</h2>
-        <p>The Network Overview Spotlight content pack contains:</p>
-        <ul>
-            <li>
-                <p>Dashboard: Network Overview</p>
-            </li>
-            <ul>
-                <li>
-                    <p>Network Overview tab</p>
-                </li>
-                <p>
-                    <img src="" />
-                </p>
-                <p>
-                    <img src="" />
-                </p>
-                
-                <p>
-                    <img src="" />
-                </p>
-               
-            </ul>
-            <li>
-                <p></p>
-            </li>
-            <ul>
-            
-            </ul>
-           
-            </ul>
-        </ul>
+        <h2>NetFlow Overview Spotlight Content Pack</h2>
+        <p>It does not have a spotlight, but you can use the Illuminate:Core; Network Overview spotlight to show network related messages.</p>
+        
     </body>
 </html>

From ae5467177a3bd6cf2eb5949ccce992e76bb74331 Mon Sep 17 00:00:00 2001
From: Carla Garcia <167806437+CG3827@users.noreply.github.com>
Date: Tue, 25 Feb 2025 10:18:56 -0500
Subject: [PATCH 4/7] Update NetFlow Content Pack.html

---
 Content/Content Packs/NetFlow Content Pack.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Content/Content Packs/NetFlow Content Pack.html b/Content/Content Packs/NetFlow Content Pack.html
index 978a29f0..384455f6 100644
--- a/Content/Content Packs/NetFlow Content Pack.html	
+++ b/Content/Content Packs/NetFlow Content Pack.html	
@@ -34,7 +34,7 @@ <h2>Index Set Configuration</h2>
         <p>This technology pack includes one index set definition:</p>
         <ul>
             <li>
-                <p>“NetFlow Firewall Logs”</p>
+                <p>“NetFlow Messages”</p>
             </li>
         </ul>
         <p>
@@ -48,7 +48,7 @@ <h2>Log Format Example</h2>
         <h2>Requirements</h2>
         <ul>
             <li>
-                <p>Configure NetFlow to transmit Syslog to your Graylog server Syslog input. Customer needs to use the NetFlow UDP. You also need to install fprobe. fprobe will send the collected flow data. <!DOCTYPE html>
+                <p>Configure NetFlow to transmit to the NetFlow UDP input. As an example, you can install fprobe. fprobe will send the collected flow data to NetFlow UDP input. <!DOCTYPE html>
 <html>
 <head>
   <meta charset="UTF-8">

From 8e12674100417b3bc81606991f1fdbbf7afe0ff9 Mon Sep 17 00:00:00 2001
From: Carla Garcia <167806437+CG3827@users.noreply.github.com>
Date: Mon, 24 Mar 2025 12:03:43 -0400
Subject: [PATCH 5/7] Update NetFlow Content Pack.html

---
 .../Content Packs/NetFlow Content Pack.html   | 71 ++++++++++---------
 1 file changed, 36 insertions(+), 35 deletions(-)

diff --git a/Content/Content Packs/NetFlow Content Pack.html b/Content/Content Packs/NetFlow Content Pack.html
index 384455f6..861f8427 100644
--- a/Content/Content Packs/NetFlow Content Pack.html	
+++ b/Content/Content Packs/NetFlow Content Pack.html	
@@ -10,45 +10,17 @@
         <p>NetFlow is a network protocol that collects and monitors IP traffic flow data, providing insights into network usage, security threats, and performance. It helps analyze traffic patterns, detect anomalies, and troubleshoot network issues by capturing details such as source/destination IPs, ports, protocols, and bandwidth usage.
         <ul>
             <li>
-                <p>NetFlow running versions are NetFlowV5, NetFlowV9, IPFIX.</p>
+                <p>NetFlowV5, NetFlowV9, IPFIX</p>
             </li>
             <li>
                 <p>Graylog Server with a valid enterprise license, running Graylog version 6.0.1+.</p>
             </li>
         </ul>
-        
-        
-        <h2>Stream Configuration</h2>
-        <p>This technology pack includes one stream:</p>
-        <ul>
-            <li>
-                <p>“Illuminate:NetFlow Messages”</p>
-            </li>
-        </ul>
-        <p>
-            <section class="infoBox">
-                <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this stream does not exist prior to the activation of this pack then it will be created and configured to route messages to this stream and the associated index set. There should not be any stream rules configured for this stream.</div>
-            </section>
-        </p>
-        <h2>Index Set Configuration</h2>
-        <p>This technology pack includes one index set definition:</p>
-        <ul>
-            <li>
-                <p>“NetFlow Messages”</p>
-            </li>
-        </ul>
-        <p>
-            <section class="infoBox">
-                <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this index set is already defined, then nothing will be changed. If this index set does not exist, then it will be created with retention settings of a daily rotation and 90 days of retention. These settings can be adjusted as required after installation.</div>
-            </section>
-        </p>
-        <h2>Log Format Example</h2>
-        <p><code class="linecode">NetFlowV5 [192.168.81.254]:67 <> [192.168.81.134]:68 proto:17 pkts:1 bytes:328</code>
-        </p>
-        <h2>Requirements</h2>
+              <h2>Requirement(s)</h2>
         <ul>
             <li>
-                <p>Configure NetFlow to transmit to the NetFlow UDP input. As an example, you can install fprobe. fprobe will send the collected flow data to NetFlow UDP input. <!DOCTYPE html>
+                <p>Configure NetFlow to transmit to the NetFlow UDP input. 
+                    As an example, you can install fprobe. fprobe will send the collected flow data to NetFlow UDP input. <!DOCTYPE html>
 <html>
 <head>
   <meta charset="UTF-8">
@@ -114,6 +86,35 @@ <h2>Verification</h2>
 </body>
 </html>
  </p>
+        
+        <h2>Stream Configuration</h2>
+        <p>This technology pack includes one stream:</p>
+        <ul>
+            <li>
+                <p>“Illuminate:NetFlow Messages”</p>
+            </li>
+        </ul>
+        <p>
+            <section class="infoBox">
+                <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this stream does not exist prior to the activation of this pack then it will be created and configured to route messages to this stream and the associated index set. There should not be any stream rules configured for this stream.</div>
+            </section>
+        </p>
+        <h2>Index Set Configuration</h2>
+        <p>This technology pack includes one index set definition:</p>
+        <ul>
+            <li>
+                <p>“NetFlow Messages”</p>
+            </li>
+        </ul>
+        <p>
+            <section class="infoBox">
+                <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this index set is already defined, then nothing will be changed. If this index set does not exist, then it will be created with retention settings of a daily rotation and 90 days of retention. These settings can be adjusted as required after installation.</div>
+            </section>
+        </p>
+        <h2>Log Format Example</h2>
+        <p><code class="linecode">NetFlowV5 [192.168.81.254]:67 <> [192.168.81.134]:68 proto:17 pkts:1 bytes:328</code>
+        </p>
+        
             </li>
         </ul>
         <h2>What is Provided</h2>
@@ -127,7 +128,7 @@ <h2>NetFlow Log Message Processing</h2>
         <p>The Illuminate processing of NetFlow log messages provides the following:</p>
         <ul>
             <li>
-                <p>Field extraction and normalization and message enrichment for NetFlow log messages.</p>
+                <p>Field extraction, normalization, and message enrichment for NetFlow log messages.</p>
             </li>
             <li>
                 <p>GIM Categorization of the following messages:</p>
@@ -154,8 +155,8 @@ <h2>NetFlow Log Message Processing</h2>
          
                   </tbody>
         </table>
-        <h2>NetFlow Overview Spotlight Content Pack</h2>
-        <p>It does not have a spotlight, but you can use the Illuminate:Core; Network Overview spotlight to show network related messages.</p>
+        <h2>NetFlow Overview Spotlight</h2>
+        <p>The Illuminate Core Network Overview spotlight can be used to view NetFlow data.</p>
         
     </body>
 </html>

From 7211b7afb13fa073d52a221a2b0fdf3fa1447948 Mon Sep 17 00:00:00 2001
From: Carla Garcia <167806437+CG3827@users.noreply.github.com>
Date: Mon, 24 Mar 2025 12:32:01 -0400
Subject: [PATCH 6/7] Update NetFlow Content Pack.html

Edited the NetFlow documentation
---
 .../Content Packs/NetFlow Content Pack.html   | 79 ++-----------------
 1 file changed, 7 insertions(+), 72 deletions(-)

diff --git a/Content/Content Packs/NetFlow Content Pack.html b/Content/Content Packs/NetFlow Content Pack.html
index 861f8427..f7804997 100644
--- a/Content/Content Packs/NetFlow Content Pack.html	
+++ b/Content/Content Packs/NetFlow Content Pack.html	
@@ -8,85 +8,18 @@
             <MadCap:snippetText src="../Resources/Snippets/IlluminateBanner.flsnp" />
         </p>
         <p>NetFlow is a network protocol that collects and monitors IP traffic flow data, providing insights into network usage, security threats, and performance. It helps analyze traffic patterns, detect anomalies, and troubleshoot network issues by capturing details such as source/destination IPs, ports, protocols, and bandwidth usage.
+        <ul>
+          
+              <h2>Requirement(s)</h2>
         <ul>
             <li>
                 <p>NetFlowV5, NetFlowV9, IPFIX</p>
-            </li>
+                </li>
             <li>
                 <p>Graylog Server with a valid enterprise license, running Graylog version 6.0.1+.</p>
             </li>
         </ul>
-              <h2>Requirement(s)</h2>
-        <ul>
-            <li>
-                <p>Configure NetFlow to transmit to the NetFlow UDP input. 
-                    As an example, you can install fprobe. fprobe will send the collected flow data to NetFlow UDP input. <!DOCTYPE html>
-<html>
-<head>
-  <meta charset="UTF-8">
-  <title>fprobe Installation Guide</title>
-  <style>
-    body {
-      font-family: Arial, sans-serif;
-      background-color: #f5f5f5;
-      margin: 20px;
-      line-height: 1.6;
-    }
-    .container {
-      background: #fff;
-      padding: 20px;
-      border-radius: 8px;
-      max-width: 800px;
-      margin: auto;
-      box-shadow: 0 2px 8px rgba(0,0,0,0.1);
-    }
-    h1 {
-      color: #333;
-    }
-    code {
-      background: #eee;
-      padding: 2px 4px;
-      border-radius: 4px;
-    }
-    pre {
-      background: #eee;
-      padding: 10px;
-      border-radius: 4px;
-      overflow-x: auto;
-    }
-    ul {
-      margin: 10px 0;
-      padding-left: 20px;
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <h1>fprobe Installation Guide</h1>
-    <p>You can now install <strong>fprobe</strong> using:</p>
-    <pre><code>sudo apt-get install fprobe</code></pre>
-    
-    <h2>Configuration</h2>
-    <p>fprobe requires two configuration parameters:</p>
-    <ul>
-      <li>The network interface on which to listen</li>
-      <li>The destination where the collector is listening (<code>127.0.0.1:2055</code> in this case)</li>
-    </ul>
-    <p>You can modify these settings in the configuration file:</p>
-    <pre><code>/etc/default/fprobe</code></pre>
-    
-    <h2>Starting fprobe</h2>
-    <p>Restart fprobe to apply the configuration:</p>
-    <pre><code>sudo service fprobe restart</code></pre>
-    
-    <h2>Verification</h2>
-    <p>If everything is configured correctly, new files will appear in <code>/var/cache/nfdump</code>. Verify by listing the files:</p>
-    <pre><code>ls -lh /var/cache/nfdump</code></pre>
-  </div>
-</body>
-</html>
- </p>
-        
+                
         <h2>Stream Configuration</h2>
         <p>This technology pack includes one stream:</p>
         <ul>
@@ -111,6 +44,8 @@ <h2>Index Set Configuration</h2>
                 <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this index set is already defined, then nothing will be changed. If this index set does not exist, then it will be created with retention settings of a daily rotation and 90 days of retention. These settings can be adjusted as required after installation.</div>
             </section>
         </p>
+            <h2>Log Collection</h2>
+<p>NetFlow utilizies <a href="https://go2docs.graylog.org/current/getting_in_log_data/netflow_input.htm">the NetFlow input</a> that ingests multiple NetFlow product type logs in JSON format.</p>
         <h2>Log Format Example</h2>
         <p><code class="linecode">NetFlowV5 [192.168.81.254]:67 <> [192.168.81.134]:68 proto:17 pkts:1 bytes:328</code>
         </p>

From b53b956cb60badcfde8a4973807bbbfde3c0e0b7 Mon Sep 17 00:00:00 2001
From: Annie Zempel <annie.zempel@graylog.com>
Date: Mon, 7 Apr 2025 11:08:55 -0800
Subject: [PATCH 7/7] review of NetFlow documentation

---
 .../Content Packs/NetFlow Content Pack.html   | 41 +++++++------------
 1 file changed, 15 insertions(+), 26 deletions(-)

diff --git a/Content/Content Packs/NetFlow Content Pack.html b/Content/Content Packs/NetFlow Content Pack.html
index f7804997..0bd0ebde 100644
--- a/Content/Content Packs/NetFlow Content Pack.html	
+++ b/Content/Content Packs/NetFlow Content Pack.html	
@@ -4,22 +4,17 @@
         <link href="../Resources/TableStyles/Alternate-Row-Color.css" rel="stylesheet" MadCap:stylesheetType="table" />
     </head>
     <body>
-        <p>
-            <MadCap:snippetText src="../Resources/Snippets/IlluminateBanner.flsnp" />
-        </p>
-        <p>NetFlow is a network protocol that collects and monitors IP traffic flow data, providing insights into network usage, security threats, and performance. It helps analyze traffic patterns, detect anomalies, and troubleshoot network issues by capturing details such as source/destination IPs, ports, protocols, and bandwidth usage.
-        <ul>
-          
-              <h2>Requirement(s)</h2>
+        <MadCap:snippetBlock src="../Resources/Snippets/IlluminateBanner.flsnp" />
+        <p>NetFlow is a network protocol that collects and monitors IP traffic flow data, providing insights into network usage, security threats, and performance. It helps analyze traffic patterns, detect anomalies, and troubleshoot network issues by capturing details such as source/destination IPs, ports, protocols, and bandwidth usage.</p>
+        <h2>Requirement(s)</h2>
         <ul>
             <li>
                 <p>NetFlowV5, NetFlowV9, IPFIX</p>
-                </li>
+            </li>
             <li>
                 <p>Graylog Server with a valid enterprise license, running Graylog version 6.0.1+.</p>
             </li>
         </ul>
-                
         <h2>Stream Configuration</h2>
         <p>This technology pack includes one stream:</p>
         <ul>
@@ -44,29 +39,25 @@ <h2>Index Set Configuration</h2>
                 <div class="title" style="font-weight: normal;"><b>Hint</b>:  If this index set is already defined, then nothing will be changed. If this index set does not exist, then it will be created with retention settings of a daily rotation and 90 days of retention. These settings can be adjusted as required after installation.</div>
             </section>
         </p>
-            <h2>Log Collection</h2>
-<p>NetFlow utilizies <a href="https://go2docs.graylog.org/current/getting_in_log_data/netflow_input.htm">the NetFlow input</a> that ingests multiple NetFlow product type logs in JSON format.</p>
+        <h2>Log Collection</h2>
+        <p>NetFlow utilizies <a href="https://go2docs.graylog.org/current/getting_in_log_data/netflow_input.htm">the NetFlow input</a> that ingests multiple NetFlow product type logs in JSON format.</p>
         <h2>Log Format Example</h2>
-        <p><code class="linecode">NetFlowV5 [192.168.81.254]:67 <> [192.168.81.134]:68 proto:17 pkts:1 bytes:328</code>
+        <p><code class="linecode">NetFlowV5 [192.168.81.254]:67 &lt;&gt; [192.168.81.134]:68 proto:17 pkts:1 bytes:328</code>
         </p>
-        
-            </li>
-        </ul>
         <h2>What is Provided</h2>
         <ul>
             <li>
-                <p>Rules to normalize and enrich NetFlow log messages.</p>
+                Rules to normalize and enrich NetFlow log messages.
             </li>
-          
         </ul>
         <h2>NetFlow Log Message Processing</h2>
         <p>The Illuminate processing of NetFlow log messages provides the following:</p>
         <ul>
             <li>
-                <p>Field extraction, normalization, and message enrichment for NetFlow log messages.</p>
+                Field extraction, normalization, and message enrichment for NetFlow log messages.
             </li>
             <li>
-                <p>GIM Categorization of the following messages:</p>
+                GIM Categorization of the following messages:
             </li>
         </ul>
         <table style="width: 100%;mc-table-style: url('../Resources/TableStyles/Alternate-Row-Color.css');" class="TableStyle-Alternate-Row-Color" cellspacing="21">
@@ -82,16 +73,14 @@ <h2>NetFlow Log Message Processing</h2>
             </thead>
             <tbody>
                 <tr class="TableStyle-Alternate-Row-Color-Body-Body1">
-                    <td class="TableStyle-Alternate-Row-Color-BodyE-Column1-Body1">filter</td>
-                    <td class="TableStyle-Alternate-Row-Color-BodyE-Column1-Body1">network</td>
-                    <td class="TableStyle-Alternate-Row-Color-BodyD-Column1-Body1"><code class="linecode">network.flow</code>
+                    <td class="TableStyle-Alternate-Row-Color-BodyB-Column1-Body1">filter</td>
+                    <td class="TableStyle-Alternate-Row-Color-BodyB-Column1-Body1">network</td>
+                    <td class="TableStyle-Alternate-Row-Color-BodyA-Column1-Body1"><code class="linecode">network.flow</code>
                     </td>
                 </tr>
-         
-                  </tbody>
+            </tbody>
         </table>
         <h2>NetFlow Overview Spotlight</h2>
         <p>The Illuminate Core Network Overview spotlight can be used to view NetFlow data.</p>
-        
     </body>
-</html>
+</html>
\ No newline at end of file
