Progress Flowmon is a network monitoring and security solution that provides deep visibility into network traffic using flow data analytics. This guide explains how to integrate Logmanager with Flowmon to enrich your observability and gain better insight into network behavior and security events.

Flowmon integration is valuable because it connects network detection data with the rest of your monitoring and security information. Instead of investigating Flowmon findings in isolation, you can correlate them with firewall, server, and application logs in one place.

Flowmon integration with Logmanager three levels and their benefits
Fig. 1: Three levels of Flowmon integration with Logmanager and their benefits.

Built-in Parser Support

Once Flowmon sends logs to Logmanager, there is usually very little manual work required. Logmanager already includes a built-in parser for Flowmon, so the incoming events are recognized and tagged automatically.

Use the predefined dashboard

Logmanager also includes a dashboard dedicated to Flowmon data. This is useful because it lets you start with visual overviews instead of reading raw events immediately. Analysts can identify relevant anomaly categories, source IPs, services, and volumes quickly.

Logmanager dashboard displaying integrated Flowmon anomaly data
Fig. 2: Logmanager dashboard displaying integrated Flowmon anomaly data.

A useful second layer of the integration is the event URL. By setting the Flowmon hostname in the built-in alert or integration configuration, Logmanager can populate direct links to the event detail in Flowmon.

Flowmon integration showing URL from an event back to Flowmon ADS event detail
Fig. 3: Flowmon integration showing URL from an event back to Flowmon ADS event detail.

Pivot into Broader Investigation

After identifying suspicious source IP addresses in Flowmon, move into Discover and search for those same IPs across other sources. Add columns such as destination IP, source system, and tags. This helps you understand whether the same addresses also appeared in FortiGate, Windows, application, or server logs.

Flowmon dictionary attack investigation shown in a Logmanager dashboard
Fig. 4: Flowmon dictionary attack investigation shown in a Logmanager dashboard.
Cross-source investigation in Logmanager using Flowmon attacker IPs and related FortiGate or other logs
Fig. 5: Cross-source investigation in Logmanager using Flowmon attacker IPs and related FortiGate or other logs.

Additional Resources

To learn more, check out the joint Logmanager and Flowmon solution brief, or take a look at the documentation on configuring Flowmon as a data source.