Hi
i am new to solarwind
i am in chaos to find solution on below situation.
1. is there a way to use dot1q vlan id of netflow to summarize the network traffic like ip pool using ip address pool to summarize the traffic.
2. is it possible to show traffic flow after select the customer defined category of ip pool instead of showing the interface information.
Thanks so much
blHello,
Does anyone know if there is a way to link individual usernames to flows so that I could drill down into DOMAIN\NaughtyUser to see what sites they have been accessing etc. We have Bluecoats but they dont support Netflow so I was thinking of putting a device inline to send netflow etc.
Any info from anyone else who has done the same would be very helpful!!!
Thanks,
Peter
I need to monitor 10G and 1G interface on my Cisco ASR1006 and Cisco ASR1013 routers.
How can I get information about maximum interface bandwidth is supported in
ManageEngine Netflow Analyzer product?
NPM 10.4.1, NTA 3.10.0 All hot fixes applied
Error logged reads as:
"Unhandled exception: Data is Null. This method or property cannot be called on Null values."
followed by a long .NET Runtime error...
Any insights on what would be causing this and possible solutions?
Thanks;
We've run into a situation where a windows update server is taking up a good chunk of bandwidth communicating with clients in one of our offices. We want to know when this is happening throughout the day so we can look into it in real-time and I'm having trouble creating an alert for this. I have written alerts for node or link behavior in the past, but am by no means a guru at it!
I've tried modifying the "Top Talkers" alert, but haven't had much luck, and the Netflow Admin Guide doesn't appear to have much for creating a more advanced alert like this. The alert that I'm trying to create isn't necessarily a top talker on any link, but alert on the following conditions:
- Conversation with IP x.x.x.x
- Greater than 100pps (or 1Meg) of data transferred
- Across node RouterX (or through Interface X)
We're running NPM 10.4 & NTA 3.10.0.
Any suggestions on how this alert could be written, or am I trying to do something outside the scope of the Alerting tool?
Thanks!
Now that NTA 3.9 is out the door here are the things we are working on next.
I'm trying to find a way to setup a trigger/action for our NOC when one of our major large Internet interfaces spikes to x Bps an alert would be sent that would either contain the top 5 netflow endpoints for that interface, or would trigger a report to be generated on demand for that info.
This is something we're trying to integrate into our large DoS attack SOP. We want our NOC to have this information quickly so that null routes can be broadcast to potentially drop hosts identified as worst offenders and not valid traffic.
The easy solution would be send an email with a link to the NTA page displaying that data. However, management would prefer an all-in-one solution that delivers the pertinent information at the time of the alert.
Ideas? TIA!
-Andrew
Hi,
Recently our billing team has asked me if its possible to use NTA for creating usage report on each active sub-interfaces.
The report should include the following tables:
Date, Source IP, Destination IP, Port, Bytes
We have 180 Cisco 3800/3900 series with an average of 50 sub-interface per router.
NTA Database is set to 240 mins uncompressed as we use this option often when a location is near 100% WAN utilization.
Is there some reporting tool or 3rd party application that I can use to grab NTA data from the SQL database before compression is applied after 240 mins and aggregate all data every day, creating a report for our billing team?
I changed a core switch from Cisco Catalyst 6509 (Sup 2) to 6509E (T2 sup). A and new IOS doesn't support netflow anymore, it uses flexible netflow. I configured it like it should be (Flexible Netflow Configuration Guide, Cisco IOS Release 12.4T - Getting Started with Configuring Cisco IOS Flexible NetFlow [Cisco IOS Software Releases 12.4 T] - Cisco Systems) but I cannot see any netflow data graphs on server. It seems like data is coming to server, but somehow server doens't understand it or doens't "want" to show it to me.
For example I get notes like "NetFlow Receiver Service [SERVER999] is receiving a NetFlow data stream from an unmanaged device (10.10.99.1)..." so Orion seems to be getting some data. (I already changed the source setting of exporter to get rid of that error, so that was just an example. If Orion wouldn't see any netflow data, how could it give those errors?). But anyway, why Orion doens't show the data as graphs? I haven't changed anything within Orion server before or after switch change.
Hi Folks,
Have been working on getting NTA to see IPv6 traffic using Cisco's Netflow V9 exportation but can't seem to add an IPv6 address group. Will this have any impact on seeing IPv6 address in the netflow data? It seems to impair v4 if a group is deselected.
Thanks
Hi,
I would like to know if Solarwinds is expecting the support of IPv6 on further version of NTA.
Thanks for your reply.
Hi, I configured netflow on a Nexus 7018 using information I found in another post and also the Cisco documentation. Problem is I can only apply it to layer 3 VLAN's and not any specific interfaces. So obviously I am not doing something correctly to enable it for a layer 2 interface. Does anyone have any experience configuring a layer 2 interface for netflow on a Nexus 7000 series?
Thanks!
Bruce
I am unable to get Solarwinds Netflow Traffic Analyzer to collect the F5 sflow statistics.
I have packet captures that show the flows are getting to the Solarwinds server, but they never show up in the UI. Any ideas?
Hi,
Can any body let me know, how to monitor the bandwidth( data traffic ) of any single user connected in your network, whether its wired or wireless?
I have Cisco Three Layer Model with wired users in Access Switches and Wireless Users through Cisco Wireless LAN Controller connected to Core Switch.
There is one Router in network where link is terminating from ISP end where there are two interfaces one is Nat inside and one is Nat outside.
Now how to calculate real time usage of any single user (LAN/Wireless).
Please guide.
Thanks
Bilal
Orion Core 2012.2.0, SAM 5.2.0 SP1, NPM 10.4, NTA 3.10.0, WPM 2.0.0, IVIM 1.5.0
Hi folks,
Been having some discussions with our network folks about expanding our NTA scope. Currently we receive Netflow from about 20 interfaces and performace is good. We have a dedicated poller for the network guys and it does NPM, APM plus the Netflow traffic. It's also the main SNMP trap destination and processes quite a volume of traps daily. The network guys want to add another 100 or so interfaces to NTA. My feeling is while performance looks ok now, adding 100 more interfaces to NTA may be pushing it somewhat. Current vital statistics from that poller look like this:
| Polling Completion | 99.97 |
| Elements | 3531 |
| Network Node Elements | 900 |
| Volume Elements | 605 |
| Interface Elements | 2026 |
| Polling Rate | 18% of its maximum rate |
So not bad overall. I know this is a "how long is a piece of string" type question, but what are other folks doing out there with regards to Netflow? Are you using dedicated pollers for your Netflow traffic? How many interfaces are you getting per poller? What sort of traffic volumes are workable for shared or dedicated pollers?
All help appreciated!
Barry
All,
I have NTA 3.9.0. We are running netflow version 5 and are exporting ingress flows. I am having an issue where the Netflow graphs are in no way matching the SNMP data for a circuit. For instance on an OC-3 I will see periods of little flow data and then huge spikes up to 1.2Gb/sec of data. This happens on all Netflow enabled interfaces. SNMP shows the correct bandwidth never getting higher than the 155Mb/sec physical capacity. Do you know what could be causing this? Is this a bug in 3.9.0 or issues with the database etc...?
I would like to enable flexible netflow on our routers to include the vlan-id tags. We would like to extract the Solarwinds netflow records that include the vlan-id tags. Does anyone know if this is currently supported or has gotten this working?
Can Netflow Flexible replace normal router syslogs ? i.e. is there a way to export syslogs via Netflow ?
I wanted to show something to my co-worker but a lot of the resources are displaying errors. Not a good advertisement! -Debbi
We are using NTA 3.9.0.
We have a remote site with a 4.6M multilink WAN connection on a Cisco 3845, exporting ingress/egress flows to NTA. We had an issue where a server local to that site (server X) was communicating with a server at another site (server Y) and the traffic was saturating the multilink. However, although we observe Netflow data for both server X and server Y traversing the multilink, we do not see any data from the actual conversation between the two that was saturating the WAN in NTA. This conversation was easily the top one on the link for several hours, but there is no evidence of that in NTA.
Anyone know why NTA would fail to show the data?
