NTA detail screen is blank

November 13, 2012, 11:09 am

≪ Previous: CBQoS report not showing data every minute

I have a router for which an interface is configured to send Netflow Information to one of our Orion servers. According to the Summary, the information is being received and is up to date. When I go to the NTA screen for the router, the information is there, but when I select a particular interface the screen is blank. It is not that the boxes are ther and they say "no data", the boxes do not appear. I have configured other interfaces on this same router in the same way and they are fine. Can anyone point me in a direction to resolving this?

↧

Nexus 7000 netflow v5 issue

November 14, 2012, 9:45 am

≫ Next: Can NTA do multi point flow analysis / correlation

≪ Previous: NTA detail screen is blank

Using version 9 of netflow worked perfectly but I had to use v5 for another flow, now NTA is saying "NetFlow Receiver Service [SOLARWINDS] is receiving flow data from unmanaged interface '#103' on core and it does not support SNMP." If I add the interface its name is NTA Virtual Interface 101 and not the VLAN expected. What am I doing wrong?

flow exporter SolarWindsIPv4Flow

destination *.*.*.* use-vrf management

transport udp 2055

source mgmt0

version 5

flow monitor NetflowExportV5

record netflow-original

exporter SolarWindsIPv4Flow

interface Vlan256

ip flow monitor NetflowExportV5 input

↧

Can NTA do multi point flow analysis / correlation

November 14, 2012, 12:56 pm

≫ Next: Any way to link endpoints to data about them?

≪ Previous: Nexus 7000 netflow v5 issue

Using NTA 3.10 right now. New VP of IT brought in Riverbed to demo Cascade. I see two advantages to Cascade and want to see if NTA can do something similar, as we have the product but have never fully utilized (or mastered) it.

Cascade can take flows from multiple sources are correlate and dedupe the flow data to show you end to end flow for an application / endpoint / etc. Can NTA do the same? Is something like this planned if not?

Cascade can take span port data and ingest it as well. Not fully sure of what it does with it yet on our demo box, but it looks like it takes connection rates and things like Avg Bits/s, % Retrans Bits, Avg Resets/s, Avg Resp. Time (ms), Avg Net. RTT (ms) and Avg Server Delay (ms) into account.

Looking for a little hope and some facts to defend our Orion NTA install.

↧

Any way to link endpoints to data about them?

November 14, 2012, 2:13 pm

≫ Next: Does anyone have an Appflow setup for Citrix NetScaler that works?

≪ Previous: Can NTA do multi point flow analysis / correlation

I know you can change the hostname of an endpoint other than the reverse dnslookup, but is there any way to attach data (user, server name, department, etc.) about the endpoint to SW?

Some kind of custom properties but for endpoints rather than nodes. Might make it a good idea to have it be specific to the interface that's exporting netflow (in case of repeated internal ips).

↧

Does anyone have an Appflow setup for Citrix NetScaler that works?

July 25, 2012, 10:48 am

≫ Next: Appflow Support

≪ Previous: Any way to link endpoints to data about them?

I have been working my way through the AppFlow setup for NetScaler (I use the VM appliance) - the directions so far aren't very helpful - I'm hoping for useful examples of entries into the NetScaler AppFlow configuration section of the management interface. I was hoping for an example that would definately generate AppFlow messages to the NTA so I can verify operation, then something that would setup a useful flow of information.Thanks in advance!

↧

Appflow Support

August 22, 2011, 3:58 pm

≫ Next: Cisco Asa 8.4(5) NetFlow Problem

≪ Previous: Does anyone have an Appflow setup for Citrix NetScaler that works?

The free Appflow tool is great, but... when will this functionality be included in NTA?

↧

Cisco Asa 8.4(5) NetFlow Problem

November 16, 2012, 3:55 am

≫ Next: how much bandwidth uses NetFlow to collect data for each monitored interface or node???

≪ Previous: Appflow Support

4(5)After we upgraded our Cisco Asa firewalls to version 8.4(5), NetFlow exports from the Asa cannot be processed by Solarwinds NTA. The error is as follows:
NetFlow Receiver Service [SECUOMNF01] received an invalid V9 template with ID from device.

This problem started with Asa version 8.4(5), no problems in previous versions.

Asa flow-export configuration:

flow-export template timeout-rate 1

flow-export delay flow-create 30

flow-export active refresh-interval 1

↧

how much bandwidth uses NetFlow to collect data for each monitored interface or node???

November 15, 2012, 4:49 pm

≫ Next: ASA 8.4(5) NetFlow Problem

≪ Previous: Cisco Asa 8.4(5) NetFlow Problem

How much bandwidth does Netflow use to collect data from remote routers/switches? Netflow admin guide does not give much detail on how much bandwidth and min/max bandwidth recommendation.

Thanks!!

↧

ASA 8.4(5) NetFlow Problem

November 16, 2012, 3:47 am

≫ Next: Generating report to display amount of traffic for applications used by node by country

≪ Previous: how much bandwidth uses NetFlow to collect data for each monitored interface or node???

After we upgraded our Cisco Asa firewalls to version 8.4(5), NetFlow exports from the Asa cannot be processed by Solarwinds NTA. The error is as follows:
NetFlow Receiver Service [SECUOMNF01] received an invalid V9 template with ID from device.

This problem started with Asa version 8.4(5), no problems in previous versions.

Asa flow-export configuration:

flow-export template timeout-rate 1

flow-export delay flow-create 30

flow-export active refresh-interval 1

↧

Generating report to display amount of traffic for applications used by node by country

November 20, 2012, 7:31 am

≫ Next: Multi-IP Support from NPM in NTA

≪ Previous: ASA 8.4(5) NetFlow Problem

Hi guys,

I'm trying to create a report that would display the following:

Country

Basically, i wish to know how much bandwidth is being used based on interface speed of a node for what application.

Can't get it to work, it always breaks

Any help greatly appreciated.

Deltona

↧

Multi-IP Support from NPM in NTA

November 26, 2012, 7:51 am

≫ Next: Netflow Custom reports

≪ Previous: Generating report to display amount of traffic for applications used by node by country

Hi all,

will the Multi-IP support from NPM be also available in the next version of NTA?

We have the problem that some of our Brocade routers use the nearest IP interface as source and not the loopback, which we use for managing them in NPM. So we have to have the devices doubled in the system. With the new Multi-IP support in NPM we hoped to have this also available here.

thanks and regards

↧

Netflow Custom reports

August 9, 2010, 7:45 am

≫ Next: Trying to pull data from a Mikrotik router with NTA

≪ Previous: Multi-IP Support from NPM in NTA

Hi,

I am looking for building a custom report that provides me the below information from the netflow i am collecting on my Cisco ASA:

1. Transmitter Full Hostname
2. Receiver Full Hostname
3. Application Port Number
4. Total Bytes (Kbytes)

I try to get help from support, but they came back saying that they don't support custom reports. So i think any one of you can help me in building a SQL query to get this info. I am not a SQL guy so couldn't get this done that easy.

Any help will be appreciated.

Thanks

Kalyan

↧

Trying to pull data from a Mikrotik router with NTA

November 28, 2012, 10:18 am

≫ Next: Enabling Sflow on a HP Procurve 4208

≪ Previous: Netflow Custom reports

Hello,

I am new to the Thwack community and this is my first post. I am currently in the evaluation stages of the Solarwinds NTA. I am trying to get my Mikrotik routers to pull data other than ping times. Can anyone lead me in the right direction? I want to pull ANY data! I have had success with Cisco routers no problem, but the Mikrotik router prove to be a pain.

Cheers,

- Jeff

↧

Enabling Sflow on a HP Procurve 4208

November 29, 2012, 10:22 am

≫ Next: F5 BIG-IP v11. sFlow NTA

≪ Previous: Trying to pull data from a Mikrotik router with NTA

Hi,

I recently had a prospect evaluating NTA and was trying to enable sflow on his HP Procurve 4208. Apart from the usual commands (also listed in the Admin Guide), there is one additional step needed to translate physical ports to PVID's needed to enable SFlow on individual ports.

Sometimes, a switch will log messages for ports that do not appear to exist. For instance, a 24 port 6600 may contain LLDP warnings for ports 49 and 50:

Details:

walkmib ifName command -this will actually give you all PVID mappings-you don’t have to run it for each port.

and that will give you an output like this:

ifname.53 = C1
ifname.54 = C2

and now that you know that physical port C1 is port 53, you can conveniently enter this information (you cannot enter C3 as the port number since it has to be numeric):

setmib sFlowFsReceiver.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 1

setmib sFlowFsPacketSamplingRate.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 512

setmib sFlowFsMaximumHeaderSize.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 128

setmib sFlowCpReceiver.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 1

setmib sFlowCpInterval.11.1.3.6.1.2.1.2.2.1.1.53.1 -i 30

Just rinse and repeat the commands in red for every port manually

Of course, I am assuming that you already have these commands entered already:

setmib sFlowRcvrAddress.1 -o IP_Address_in_Hex (this would be IP Address of the NTA server)

setmib sFlowRcvrOwner.1 -D sFlowtool sFlowRcvrTimeout.1 -i 100000000

setmib sFlowRcvrPort.1 -i 2055 replace 2055 with whatever port you want to use.

↧

F5 BIG-IP v11. sFlow NTA

November 29, 2012, 8:03 am

≫ Next: NetFlow Traffic Analyzer Vs. AppFlow Analyzer Free Tool for NetScalers

≪ Previous: Enabling Sflow on a HP Procurve 4208

So we just upgraded to NPM version 10.4, and NTA 3.10. Now this big question request that has been handed down to me is getting NetFlow to start showing sFlow for F5. However, I would like to get netflow data to start populating for our F5 units. Has anyone been able to get F5 units to start sending netflow data to Orion? If so, then how?

Thank you!

-Bobby

↧

NetFlow Traffic Analyzer Vs. AppFlow Analyzer Free Tool for NetScalers

November 30, 2012, 2:45 pm

≫ Next: Nexus 7000 netflow v5 issue

≪ Previous: F5 BIG-IP v11. sFlow NTA

Hi,

We have NetScalers talking to NTA, sort of. With the current configuration I can see in NTA:

How the NetScalers are load balancing to each server ("service" in NetScaler config lingo) in real time.
The type of traffic (e.g. HTTP vs. HTTPS), though for non-web traffic this seems to get tricky to configure -- I'm trying to find a way to label non-web traffic flows so they don't all appear in NTA as "unmonitored traffic" -- if anyone knows of a handy way to do this, I'm all ears. For example, assume you're load-balancing for Exchange 2010 -- how do you get MAPI/RPC traffic to be labeled as such in NTA, rather than being put in an "unmonitored traffic" bucket?
Source/destination of traffic by domain and country.

If anyone's interested in getting at least this much information, this is how you do it (don't know if the following is the best way, but at least it worked):

First, enable AppFlow on your NetScalers (in the NetScaler GUI, drill down to NetScaler\System, right-click the AppFlow folder and go "enable").
Within the AppFlow folder in the GUI navigation pane, click "Collectors" go "Add" then add your SolarWinds box (ours defaulted to TCP 9995 for the port).
Under the Appflow folder, click "Actions" then add an action (named something descriptive like "Send_to_SolarWinds"), specifying the collector you created in the previous step.
This is where most of the NetScaler AppFlow configuration will be (and also where it becomes complicated): Policies. Under the AppFlow folder, click "Policies." It's pretty straightforward if you're configuring a policy for web traffic, more complicated for other types of traffic. If you want to create a policy for Outlook Web Access, for example, click "Add," specify a descriptive name for the policy, create an expression (that the traffic must match to send information on it to SolarWinds), such as HTTP.REQ.HOSTNAME.CONTAINS("webmail") (or whatever hostname you use in your OWA URL in place of "webmail"), then select the action you created in the previous step.
Finally, click the AppFlow folder, and in the details pane, click "AppFlow policy manager." Assuming we're still working with a web traffic policy (as in the previous bullet point), make sure that "HTTP" and "Override Global" are selected under "Bind Points." Then click "Insert Policy," specifying the policy you created in the previous step (which should appear in the "Policy Name" drop-down menu). The other fields should populate automatically (and using defaults in the remaining fields). In this step you're enabling the policy.
To confirm that the policy is enabled, go back to the AppFlow folder, click Policies, and you should see a green check mark and "Yes" to the right of the policy line. You will also see traffic counters increment in this screen when traffic matches the policy. If all is working propery, the NetScalers should be sending AppFlow data on this traffic to SolarWinds.

Assuming your NetScalers are already added as nodes to SolarWinds, no additional configuration should be required for basic functionality (we have "Enable automatic addition of NetFlow sources" enabled in NTA settings).

I hope this helps anyone looking to get basic NetScaler AppFlow data to SolarWinds. If anyone's interested, I can talk about basic policy configuration for non-web traffic (that gets more complicated).

By the way, we get IPFIX template error messages in SolarWinds (under "Traffic Analyzer Events") from the NetScalers. Is this a NetScaler issue, SolarWinds issue, or both? Does anyone know the fix for this?

Ok, for my original reason for posting: what is the difference in NTA and the AppFlow Analyzer Free Tool for NetScaler AppFlow data? For example, I see that the Analyzer Free Tool can report on client-facing performance vs. server-facing performance. Is there a way to get all of the information available in the AppFlow Analyzer Free Tool to show up in NTA? Is the most complete solution to use both tools? If so, does SolarWinds have an ETA of when NTA will include all functionality in the Analyzer Free Tool for NetScaler AppFlow data?

Thank you!

Joe

↧

Nexus 7000 netflow v5 issue

November 14, 2012, 9:45 am

≫ Next: SolarWinds NetFlow Traffic Analyzer 3.10.0 Hotfix 3

≪ Previous: NetFlow Traffic Analyzer Vs. AppFlow Analyzer Free Tool for NetScalers

flow exporter SolarWindsIPv4Flow

destination *.*.*.* use-vrf management

transport udp 2055

source mgmt0

version 5

flow monitor NetflowExportV5

record netflow-original

exporter SolarWindsIPv4Flow

interface Vlan256

ip flow monitor NetflowExportV5 input

↧

SolarWinds NetFlow Traffic Analyzer 3.10.0 Hotfix 3

December 6, 2012, 10:15 am

≫ Next: H-QoS Support ?

≪ Previous: Nexus 7000 netflow v5 issue

The SolarWinds Orion NetFlow Traffic Analyzer (NTA) Version 3.10.0 Hotfix 3 addresses the following issues:

Flow processing is stalled, but NetFlow service appears to be running. Web console shows no data, even though flows are coming.
Last Received NetFlow time on NetFlow Sources resource does not update.
On Demand DNS resolution doesn't work if website uses any port other than 80. Hostnames are not resolved on Top Endpoints resource.
Flows from Cisco ASA Firewall with IOS 8.4(5) are not accepted.

This hotfix requires Orion NTA version 3.10.0 and is a cumulative hotfix that includes Hotfix 1 and 2.

http://downloads.solarwinds.com/solarwinds/Release/HotFix/NTA-v3.10.0-HotFix3.zip

Install this hotfix on both your primary Orion poller and any additional Orion poller(s) and any additional Orion website(s).

To install Hotfix 3:

Stop the NetFlow Service using Orion Service Manager. If NeFlow service is stalled, it switches to a "Stopping" state, but the service never actually stops.

     In this situation, you need to kill the NetFlow service manually, as follows:
        a. Start Windows Task Manager and locate NetFlowService.exe in the Processes tab
        b. Right-click NetFlow Service.exe and choose End Process from menu.
2. Make a backup of the file: %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\SolarWinds.Orion.NetFlow.dll
3. Make a backup of the file: %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\NetflowTemplateSchemas.xml
4. Make a backup of the file: C:\inetpub\SolarWinds\Orion\TrafficAnalysis\Controls\DnsInfo.ascx.cs
5. Extract and copy SolarWinds.Orion.NetFlow.dll from the Hotfix archive to %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\
6. Extract and copy NetflowTemplateSchemas.xml from the Hotfix archive to %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\
7. Extract and copy DnsInfo.ascx.cs from the Hotfix archive to C:\inetpub\SolarWinds\Orion\TrafficAnalysis\Controls\
8. Start the NetFlow Service using Orion Service Manager.

To roll back Hotfix 3 (if needed):
1. Stop NetFlow service using Orion Service Manager.
2. Delete the file: %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\SolarWinds.Orion.NetFlow.dll
3. Delete the file: %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\NetflowTemplateSchemas.xml
4. Delete the file: C:\inetpub\SolarWinds\Orion\TrafficAnalysis\Controls\DnsInfo.ascx.cs
5. Restore the backed-up file as %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\SolarWinds.Orion.NetFlow.dll
6. Restore the backed-up file as %ProgramFiles%\SolarWinds\Orion\NetFlowTrafficAnalysis\NetflowTemplateSchemas.xml
7. Restore the backed-up file as C:\inetpub\SolarWinds\Orion\TrafficAnalysis\Controls\DnsInfo.ascx.cs
8. Start the NetFlow Service using Orion Service Manager.

↧

H-QoS Support ?

December 6, 2012, 2:36 pm

≫ Next: NetFlow calculation mismatch

≪ Previous: SolarWinds NetFlow Traffic Analyzer 3.10.0 Hotfix 3

Hi everyone,

We managea WAN network used byseveral customers, and we would like tooffertheir an applicationallowing them toview statistics of their classes of services.

At Cisco gear, with use HQoS like this :

policy-map PARENT

class CUSTOMER-1

shape average XX

service-policy SERVICE

class CUSTOMER-2

shape average XX

service-policy SERVICE

polic-map SERVICE

class VOICE

class VIDEO

class BUSINESS

....

Is it possible to limit to a policy-map on cbqos pre/post policy charts (in my exemple: service for client n°1, or service for client n°2, or global parent PM to compare customers traffic) ?

Otherwise, is this feature plannedin futuresreleases?

Thanks in advance

↧

NetFlow calculation mismatch

December 6, 2012, 6:23 pm

≫ Next: Netflow with NO ROUTERS

≪ Previous: H-QoS Support ?

We use Orion NPM in our environment, there is a strange issue I found when I was doing a analysis against a NetFlow node.

The top 5 protocol graph for day 1, that gives you a total TCP traffic of 32.3GB

Day 2 presents a total TCP traffic of 35.8GB

A report across 2 days however, shows a total TCP traffic of 50.9GB only. Why not 32.3+35.8=68.1GB?

Is that any reason the 2 days report is 13GB out of sync with the sum of day 1&2?

I have checked data summarization, they are on default settings according to the help menu. I have also picked some random nodes and do the same analysis, the results are all appeared to be mismatched.

Is anyone came across similar problem would like to share some comments please?

Thanks

Felix

↧