Quantcast
Channel: THWACK: Discussion List - NetFlow Traffic Analyzer
Viewing all 1535 articles
Browse latest View live

Net flow reciever or my switch?

September 18, 2019, 8:36 am
$
0
0

Hello team, I have a wierd issue.

 

We run HP switches and I have been removing any ports not monitored or no longer need to be monitored right across the board of 80+ switches.

So, on my core switch (HP5412zl version1), I removed sflow fully and disabled it. I re-enabled it, thus clearing all of the sflow information inside the switch. I double checked the (sho run) to make sure that the data was gone.

I did a write memory to commit this change.

 

I re-added all of the interfaces that we need to monitor, re-setup sampling and polling accordingly.

 

For the last week, I have been troubleshooting the unmonitored netflow interfaces in my events on the solar wind side. I still have interfaces showing up here that are 100% not sending traffic, according to my switch, they were however monitored in the past.


My only thought would be to delete the node from solar winds fully and re build that side of things.


I also have no clue why solar winds would see this data, unless the switch was actually sending it. Its not regular like sflow is normally, and its not at a specific time.

Here is a screen shot.

 

Any advice would be great.


Regards,
Wally

Search

Manage Views - Adding Resources

July 8, 2014, 7:23 pm
$
0
0

Hi All

 

Wondering if I can get some assistance with an issue. I am having trouble viewing all available resources when I try to add a new custom view.

 

Settings > Add New View > Type: Summary

 

When I try to add a new resource by selecting +, I seem to only get a subset of the available resources for selection. Previously I was able to access a big list of available resources

 

We have upgraded to NPM version 10.7 and have recently installed an NTA trial.

 

How do I access the full list of available resources? Or is this now handled differently in version 10.7.

 

Thanks in advance

 

Orion_NPM_Manage_View_Add_Resource.jpg

Netflow data not showing correctly for certain interfaces.

September 20, 2019, 1:02 pm
$
0
0

We have configured netflow on our network devices, we have many devices with different link speeds eg.  100 mbps, 1Gbps, 10 Gbps. The netflow data corresponds to the usage when the link speed is upto 100 Mbps. But when the interface speed is above 100 Mbps eg: 1Gbps or 10 Gbps. We are seeing big data difference between the netflow data and the current utilization.

 

Example:  We transferred about 200 Gb of data through a 10 Gb link within a certain period of time, but the netflow data is only showing around 10 Gb of data being transferred.

 

Any help is greatly appreciated.

 

Below  is the netflow  configuration it is a Cisco ASR 1006 Router

flow exporter export-to-BBU

description to BBU Netflow collector

destination Collector IP

source TenGigabitEthernet0/1/0

transport udp 2055

export-protocol netflow-v5

!

!

flow monitor FMforIP4in

exporter export-to-BBU

cache timeout active 60

cache entries 75000

record netflow-original

!

!

flow monitor FMforIP4out

exporter export-to-BBU

cache timeout active 60

cache entries 75000

record netflow-original

Bandwidth Utilization Report

September 24, 2019, 7:01 am
$
0
0

Hii

 

We are having several Groups. We require a report of Bamdwidth Utilization of Interfaces of a particular Group which are configured for NetFlow.

Cisco Wireless Controller - NetFlow Error: NetFlow Receiver Service [Orion Server] received NetFlow V9 flows without any template for decoding them. Configure the device x.x.x.x to export an appropriate NetFlow V9 template at 1-minute intervals.

February 19, 2019, 5:59 am
$
0
0

The Wireless Controller is a Cisco 3500 Wireless Controller.

On the Wireless Controller, I have already configured the NetFlow Exporter with the correct IP [Of the Orion Server] and the correct port number 2055.

Similarly, on the Wireless Controller, I have already configured NetFlow Monitor with the above configured NetFlow Exporter and Record Name as "Client App Record (Better Performance)"

 

Finally, I have applied the NetFlow Monitor to the WLAN>QOS on the Wireless Controller.

On the Orion Server, I keep on getting the following message,

 

NetFlow Receiver Service [Orion Server] received NetFlow V9 flows without any template for decoding them. Configure the device x.x.x.x to export an appropriate NetFlow V9 template at 1-minute intervals.

 

Any suggestions?

Top XX application per interface

October 2, 2019, 2:22 am
$
0
0

Hello Everyone,

Since this is my first post Good morning/afternoon.

 

Do you know by chance how to make a widget (graph) that will show you TOP XX applications per interface.

My goal is to have single dashboard that will have multiple widgets with TOP XX application for given interface.

 

 

Regards

Maciek

How to config sonicwall settings for NTA

October 23, 2019, 9:27 pm
$
0
0
OVERVIEW

 

 

The following settings are relevant for configuring your Sonicwall devices to export flows to SolarWinds NTA:

  • Flow version - use NetFlow V9 or IPFIX
  • Report Connection On Active Timeout

 

 

ENVIRONMENT
NTA 3.11 - EOL;NTA 4.0 - EOL;NTA 4.1;NTA 4.2;NTA 4.4

 

 

CAUSE

 

 

RESOLUTION
To configure flow export on a Dell Sonicwall device for NTA:
  1. Log in to your Dell Sonicwall device management UI, and go to External Collector.
  2. Use V9 or IPFIX as the External Flow Reporting Format.
  3. Make sure Report Connection On Active Timeout is selected, and the Number of Seconds set to 60.

When you add the device to NTA for monitoring, you will see the collected NetFlow statistics in the Orion Web Console.

 

Interface Charts Not Displaying Data

October 25, 2019, 4:53 am
$
0
0

I haven't used NTA much but I have had a need to look at the Data today and although when I click on a switch name all the various Charts display data when I click on an individual interface on that switch I don't get any data displayed even though the Netflow Sources table shows that the interface has received NetFlow data in the last couple of minutes.

Has anyone seen this issue before, any ideas what could be the issue?

 

My current version of NTA is 4.2.2

Search

Netflow / NBAR2 / NTA configuration with Cisco catalyst 3850

October 29, 2019, 5:00 am
$
0
0

I've recently installed a trial version of Network Traffic Analyzer (NTA) and I want to get this configured and working so that I can make a case to my senior colleagues and manager to purchase it as I think it would benefit us greatly.  The problem I'm having is that I can't get NBAR2 working even though our core switch supports it.  To start with, I'm configuring this on 2 interfaces that link the ground floor switch (Cisco Catalyst 2960) to our core switch.  There's a Port-channel between the ground floor and Core switch but I understand that Netflow must be configured on member interfaces of a Port-channel, not the Port-channel itself.

 

Our Core switch is made up of 3 x Cisco 3850 switches, see below:-

 

Switch Ports Model              SW Version        SW Image              Mode

------ ----- -----              ----------        ----------            ----

*    1 62    WS-C3850-12X48U    16.3.5b           CAT3K_CAA-UNIVERSALK9 INSTALL

     2 62    WS-C3850-12X48U    16.3.5b           CAT3K_CAA-UNIVERSALK9 INSTALL

     3 62    WS-C3850-12X48U    16.3.5b           CAT3K_CAA-UNIVERSALK9 INSTALL

 

Below is the technology licence version we're running on our Core:-

 

Technology-package                   Technology-package

Current             Type             Next reboot

------------------------------------------------------------------

ipservicesk9        Permanent        ipservicesk9

 

Below is the firmware version we're running:-

 

SANKHCore3#show version

Cisco IOS Software [Denali], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.3.5b, RELEASE SOFTWARE (fc1)

 

I've read on some official Cisco documentation that says you must enable nbar protocol discovery on the interface, so I've run the following command first:-

 

conf t

interface TenGigabitEthernet1/1/2

ip nbar protocol-discovery

end

interface TenGigabitEthernet3/1/1

ip nbar protocol-discovery

end

 

I've then entered the following commands to monitor Netflow traffic:-

 

*** RECORDER ***

 

 

flow record SolWnds-Netflow-KH-GRD-REC-IN

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

match application name

collect transport tcp flags

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

 

 

flow record SolWnds-Netflow-KH-GRD-REC-OUT

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface output

match application name

collect transport tcp flags

collect interface input

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

 

 

 

 

*** EXPORTER ***

 

flow exporter SolWnds-Netflow-KH-GRD-EXP

description Netflow export from KH GRD Floor switch

destination 192.168.120.31

source Port-channel25

transport udp 2055

template data timeout 60

export-protocol netflow-v9

option application-table timeout 60

option application-attributes timeout 300

 

 

*** MONITOR ***

 

 

flow monitor SolWnds-Netflow-KH-GRD-MON-IN

exporter SolWnds-Netflow-KH-GRD-EXP

cache timeout active 60

cache timeout inactive 10

record SolWnds-Netflow-KH-GRD-REC-IN

 

 

flow monitor SolWnds-Netflow-KH-GRD-MON-OUT

exporter SolWnds-Netflow-KH-GRD-EXP

cache timeout active 60

cache timeout inactive 10

record SolWnds-Netflow-KH-GRD-REC-OUT

 

 

 

 

*** ASSOCIATE FLOW MONITOR TO INTERFACE ***

 

conf t

interface Te1/1/2 and Te3/1/1

ip flow monitor SolWnds-Netflow-KH-GRD-MON-IN input

ip flow monitor SolWnds-Netflow-KH-GRD-MON-OUT output

 

As soon as I associate a flow monitor to one of the interfaces i get a message:-

 

Failed to add monitor to interface: invalid set of fields in monitor record for wired interface

Switch(config-if)#

 

If I remove the "match application name" bits from the Record section of the config it accepts the commands and works perfectly fine.

 

This is great, but the issue issue when going into NTA and selecting NBAR2 from the drop down menu it doesn't show anything.

 

Any help / advice would be much appreciated.

Report inbound connections to firewall

September 4, 2018, 1:23 pm
$
0
0

Does anyone have a report to show number of connections per hosts to a firewall? I have been looking into Report Writer, seen an option, Count of termination Address but report shows 0. Before I look into SQL query, thought i would ask, thanks

SolarWinds NTA Upgrade from 4.2.2 to 4.6

September 10, 2019, 4:50 am
$
0
0

I am planning to upgrade our SolarWinds application.  Currently we have a 2012 windows server as the main Orion Platform and a second 2012 windows server used for NTA NetFlow Storage, and finally a SQL 2014 server.

 

Our current versions are:  NCM 7.6, NPM 12.1, NTA 4.2.2, UDT 3.2.4

 

And want to upgrade to:  NPM 12.5, NTA 4.6, NCM 8.0, UDT 3.4

 

We plan to migrate the SQL database to 2016 SP2 and migrate the two windows servers to 2016.

 

My question is, do we require a second windows server for NTA NetFlow Storage as this will now be stored in a SQL database?  I think this was originally set up this way due to NTA 4.2.2 requirements.

How to add the network device into NTA ? please explain

November 23, 2019, 8:43 pm
$
0
0

Hi,

 

please suggest on how to add network device in NTA version 4.5. please explain or provide any link.

we have already given the NTA setting and everything is fine and network team given configuration in devices

can you please explain how to add network devices into NTA.

 

 

Regards,

Krish.

Traffic per VLAN (Cisco)

February 20, 2019, 11:32 am
$
0
0

We have a infrastructure made up of entirely Cisco devices, with the Core being 3850's, access layer of 3650's, and data center switches a mix of 5k and 9k's.

 

This is a large research company with 92 VLAN's breaking up the various lab networks. Roughly half of the VLAN's are routed across the core, with the other half being routed across the FMC.

 

I need to track the amount of traffic over the VLAN's but I havent been able to figure out how to make that happen. I have NetFlow configured on all our network devices, except the FMC (thats going to be a nightmare) and can see the data in NTA, so that part is working.

 

When I try to configure a Monitor on a VLAN interface on the Core (3850) I get the following error:

 

% Flow Monitor: Flow Monitor 'Netflow-Monitor-In' flexible netflow not supported on vlan interfaces

 

Anyone know how to set the 3850's up so I can get NTA to report VLAN traffic?

 

Per Cisco documentation, https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/37e/flexible_netflow/configuration_guid… , page 3, "Layer2, VLAN,WLAN and Layer3 interfaces are supported,but the switch does not support SVI and tunnels."

 

UPDATE:

 

I ended up applying the Flow Record to the Layer 2 Vlans [vlan config ###]. I can see the data on NTA, but its still not represented in a data per VLAN point of view. I need to be able to see how much data is flowing over a VLAN, and VLAN to VLAN traffic.

How to get a traffic report by VLAN?

December 29, 2016, 12:09 pm
$
0
0

Hi,

 

How can I get a 90 day traffic report by VLAN?

 

Thank you!

Tracking changes for Netflow Sources

November 27, 2019, 11:35 pm
$
0
0

Hello All,

 

   Well, Its a simple question really , can I track the changes done to Netflow Sources ( Adding or removing for example CBQOS Polling )

Search

Config Wizard - NetFlow Database FAILED

December 3, 2019, 5:40 am
$
0
0

Hi,

I'm getting the below error from Configuration Wizard after installing Hotfix 1 for Orion 2019.4

 

NetFlow Database FAILED

Services configuration failed:

•  Error while executing script- A timeout occurred while waiting for memory resources to execute the query in resource pool 'internal' (1). Rerun the query.

The statement has been terminated.

 

Any Advise?

Cisco C9300 Catalyst switches Netflow config for NTA

December 12, 2019, 9:11 pm
$
0
0

Hi there,

 

I have been struggling with setting up Netflow config for Cisco C9300 Catalyst switches to work with Solarwinds NTA. I am also aware of someone posting their configs here but so far none of them are working for me. I think the problem is we like to pull Netflow data on L2 Port-Channel interfaces and VLAN interfaces. The config script I use for ASR1001 routers is fine with NTA but I think it is a bit different for Cisco C9300 Catalyst switches. Could anyone please point me to the right direct what needs to be done. Here is the config snip I use for ASR1001.

 

flow record Recorder

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match flow direction

collect counter bytes long

collect counter packets long

collect interface input

collect transport tcp flags

collect timestamp absolute first

collect timestamp absolute last

 

flow exporter Exporter

description Export to NTA

destination 10.10.1.100

source Loopback100

transport udp 2055

 

flow monitor Monitor

exporter Exporter

record Recorder

 

interface po100.101

ip flow monitor Monitor input

Router outside (ASA)firewall unable to send netflow to solarwinds server

December 16, 2019, 9:34 am
$
0
0

Hi Team,

I have router with public IP address which is outside cisco ASA firewall and its unable to send netflow to solarwinds server with private IP address which is inside the firewall.

I have natted the solarwinds server  IP address which is private to a public IP address .Below are config done on ASA.

access-list out-ili-in extended permit udp 41.204.xxx.0 255.255.254.0 host 172.26.0.xx eq 2055

flow-export destination inside 172.26.0.xx 2055

 

I have done show flow exporter statistics on router to confirm if netflow   configuration are working

 

IIKE-INT-RTR#show flow exporter statistics

Flow Exporter NTAexp:

  Packet send statistics (last cleared 1w5d ago):

    Successfully sent:         2834615               (3706395917 bytes)

    Reason not given:          3827857               (3976106528 bytes)

 

  Client send statistics:

    Client: Flow Monitor NTAmon

      Records added:           125687778

        - sent:                11041105

        - failed to send:      114646673

      Bytes added:             4273384452

        - sent:                375397570

        - failed to send:      3897986882

 

    Client: Option options application-name

      Records added:           23070111

        - sent:                23070111

      Bytes added:             1914819213

        - sent:                1914819213

 

    Client: Option options application-attributes

      Records added:           4537904

        - sent:                4537904

 

ILRIKE-INT-RTR#show flow interface

Interface GigabitEthernet0/0/0

  FNF:  monitor:          NTAmon

        direction:        Input

        traffic(ip):      on

  FNF:  monitor:          NTAmon

        direction:        Output

        traffic(ip):      on

Cisco 9300 switches and NetFlow

November 13, 2018, 11:44 am
$
0
0

Is anyone successfully getting NetFlow to work on Cisco 9300 switch stacks? I only get the CBQoS information to display, not NetFlow. Here's my config:

 

flow record OrionFlowRecord

description Flow Record for Orion and QRadar

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect transport tcp flags

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

!

!

flow exporter OrionFlowExporter

description NetFlow exporter to Orion

destination 10.2.12.210

source Vlan100

transport udp 2055

template data timeout 90

option application-table timeout 60

option application-attributes timeout 300

!

!

flow exporter QRadarFlowExporter

description NetFlow exporter to QRadar

destination 10.2.100.7

source Vlan100

transport udp 2048

template data timeout 90

option application-table timeout 60

option application-attributes timeout 300

!

!

flow monitor OrionQRadarFlowMonitor

description NetFlow monitor for Orion and QRadar

exporter QRadarFlowExporter

exporter OrionFlowExporter

cache timeout inactive 30

cache timeout active 60

record OrionFlowRecord

 

interface TenGigabitEthernet1/1/8

description LAN Routed link to DC-Core1 T1/2

no switchport

ip flow monitor OrionQRadarFlowMonitor input

ip flow monitor OrionQRadarFlowMonitor output

ip address 10.255.3.1 255.255.255.252

no ip redirects

no ip proxy-arp

ip ospf message-digest-key 10 md5 7 120D0D161C0C

service-policy input AutoQos-4.0-Trust-Cos-Input-Policy

service-policy output AutoQos-4.0-Output-Policy

ip nbar protocol-discovery

Report inbound connections to firewall

September 4, 2018, 1:23 pm
$
0
0

Does anyone have a report to show number of connections per hosts to a firewall? I have been looking into Report Writer, seen an option, Count of termination Address but report shows 0. Before I look into SQL query, thought i would ask, thanks

Viewing all 1535 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>