Migrate Netflow Analyzer to new server
Hi, I would like to move Netflow Analyzer to another server. I have the Windows version and I would like to migrate the data. Do you have the proper procedures? Thanks, Herman
StoopingNetflow Analyzer
Is there an approved way of stopping the server? I find that when I stop Netflow Analyzer via a reboot or just by stopping the service, I lose the last 10 minutes of data. What I would like to do is to get the database written up to date before stopping the service.
Internal Change from build 5001 to 5002
Hi, I've just upgraded from NF 5.0 buimd 5001 to 5002 and it looks like the /tmp directory is not used anymore.... In fact i can't see any flow_log_xxxx.txt files in it. The release does not mention this. What's has been changed internally ? regards Ced
Plz help
Source IN others 71% As it to understand and in general for what others
Ip Group In/Out interpretation
Hi, I would like to aggregate two lines from two devices. Both lines represent the traffic from my data center. To achieve this, i've created an Ip group where i've defined subnets in my data center. However, when i try to interpret the In/Out traffic given under this ip group, the in & out is completely flipped compared with the physical lines. If i sum the in traffic on physical lines, it correspond to the out traffic in my Ip GROUP. How Netflow counts the in or out traffic when we deal with ip
IP Group Speed
Hello, We are currenlty evaluating Netflow and have to admit that it is a great tool. My question is on the IP Group Speed. I have 4 T1 lines going in to my router and using Multilink on a Sprint BGP network. Do I set my IP group speed to 1000000 for every interface or need to to adjust to reflect the number of T1 lines?
Remote interfaces
I am looking to purchase the netflow analyzer product. I have several locations with routers all in a private network. If I install the software and point them all to one collector will this use up a lot of bandwidth, the reporting I mean? Or can I install a collector at each site and then aggregate the data to one location?
firewall setting for NFA server
Hi, I am testing demo NFA 5 on RHEL 4.3 if i turn on iptables ... no netflow data is being receive. i already open up : port 9996 tcp & udp port 8080 tcp port 161 tcp & udp still no data can be receive other port that is open : port 22 tcp (SSH) all connection that is establish and related any clue ? foo~> cat iptables-config *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT
ADDING IP GROUPS
I AM USEING NETLOW ANALYZER 5 DEMO VER. I AHVE ADDED ONE GROUP AND FACEING PROBLEM IN ADDING ADDITIONAL IP GROUPS CAN YOU PLEASE HELP ME IN THIS REGARDS. REGARD VAIBHAV
ADDING IP GROUPS
I AM USEING NETLOW ANALYZER 5 DEMO VER. I AHVE ADDED ONE GROUP AND FACEING PROBLEM IN ADDING ADDITIONAL IP GROUPS CAN YOU PLEASE HELP ME IN THIS REGARDS. REGARD VAIBHAV
Upgradation from NFA 4 to NFA 5 - Some tips
Hi Check your build number of Netflow Analyzer version 4 by using the link at the top Right "About" in the Dashboard view.And then follow the link below to upgrade the Netflow version 4 to Netflow version 5 by using the service packs: http://manageengine.adventnet.com/products/netflow/service-packs.html Thanks Santhosh
Difference between Application and Application details
Hello, AdvantNet! I can't understand one trouble: I see one traffic value for some protocol in Application tab and other (lesser) value if I click 'View details'. For example (Application Tab): pop3s 161.61 MB 67% http 28.87 MB 12% microsoft-ds 28.49 MB 12% And if I clicks on 'http': Source IP Destination IP Application Port Protocol Traffic(14.91 MB) % of Traffic x.x.x.x x.x.x.x http 80 TCP 14.16 MB 95% x.x.x.x x.x.x.x http 80 TCP 384.56 KB 3% 192.168.7.202 192.168.77.1 http 8080 TCP 299.19 KB 2%
No Router is currently exporting NetFlow packets to NetFlow
No Router is currently exporting NetFlow packets to NetFlow Analyzer.
netflow MSFC configuration
Hello, I have a 6500 switch with a MSFC module. I want to receive flow information from one VLAN interface on that MSFC. Lets say vlan interface 900. How do I configure this in the MSFC and the switch configuration. Because not all traffice goes directly through the VLAn interace. There's a caching mechanism so not all traffic needs to pass through the MSFC. How can I build my configuration so I receive all traffic flow information from that VLAN interface Please help. Kind regards, Maarten Vervoorn
Does Cisco 2800 router support netflow export?
Hi, From all the post/links, Cisco 2600 supports NetFlow export. What's about 2800? I did not get any confirmed answer to this. Thanks, -Yuemo
SNMP router name not changing
Hi, I have just installed the V5 Beta and have hit a problem immediately. I changed the default SNMP community to match our network, and the correct interface names (FastEthernet0/1, etc...) now display. The name of the router itself has not been updated, so I am left with IP addresses, which will be a serious pain to fix manually. Any Ideas how I can force netflow to rescan the names? I have tried deleting the nodes, with no effect. Kind Regards David Martin
Mapped IP Port still not showing
I have mapped several IP ports which are now showing up in the Protocol graphs as I had mapped them, but the Filemaker port I mapped '5003' still shows up as part of unidentified TCP_APPS Can you think of any reason why this would be so?
About Simulation Kit
Hello, This is Anil Kumar Dasika from India, I had downloaded the adventnet simulation kit5 from this site but i am sorry to say i am not able to understand how to use it. I request u to post the tutorials regarding that topic. Looking forward for a early reply. Thanking u, Anil Kumar Dasika
Error Remote Viewing NetFlow Product
I get this error, I can see the Netflow tool after I rebooted on the local server - restart of service didn't help but now I can't remote in - thoughts? HTTP Status 500 - -------------------------------------------------------------------------------- type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception java.lang.ArrayIndexOutOfBoundsException: Array index out of range: 0 java.util.Vector.get(Unknown Source)
Utilization Miscalculation (Opmanager vs. Netflow Analyzer)
Netflow Analyzer doesn't seem to calculate an interfaces utilization correctly possibly because of the Ingress nature of the Netflow capture? Please see the attached image. From what I've read Netflow Analyzer is supposed to determine interface speed from SNMP, which it is doing...but if it's only registering ingress traffic, then it should probably divide the bandwith it gets from SNMP by 2. Am I correct, or is Netflow Analyzer misconfigured?
I get a very high value in the "OTHERS" field of N
Hello AdventNet!! Netflow is a great tool, i am starting to enjoy it. I just want to know why do I have in my reports the filed OTHERS and it gets like 60% of the traffic. What packets are thease?? 217.26.44.x 665.95 MB 11% 217.26.44.x 572.44 MB 10% 217.26.44.x 466.41 MB 8% 217.26.44.x 204.58 MB 3% 217.26.46.x 94.87 MB 2% 217.26.46.x 75.59 MB 1% 217.26.44.x 62.72 MB 1% 217.26.44.x 22.6 MB <1% 217.26.44.x 19.41 MB <1% 217.26.44.x 14.89 MB <1% Others 3654.74 MB 62% I just want to know where my traffic
rate of aggration for netflow reports
Hello, What is the aggregated rate for reports greater than an hour old? 1 mnute? 5 minute? Can this rate be changed easily to match customer's reporting need? (i.e if default is 1 minute, can we change to 5 minute) or can we just disable the aggregated rate and use just the raw data? ---Luke---
aggreation report rate vs. raw data question
Hello AdventNet, What is the aggregation rate of reports greater than an hour? 1 minute? 5 minute? Can this rate me modified or customized? (i.e. if currently 1 minute, change to 5 minutes) luke.yee@btradianz.com
Outbound Netflow Info
Hi, i know this has been touched on in another topic, but this has not answered my question. i have a router with three interfaces, Fast Ethernet, which connects to the LAN, and two Dialer interfaces. i have enabled Netflow collection on all three, but i am only getting inbound info for the dialer interfaces, the fastethernet one, i am getting both. i am using one of the dialer interfaces as the netflow source interface. can someone advise how i can collect outbound info on these dialer interfaces?
Upgrade causes higher CPU utilization/
I just upgraded to NF 5 and noticed an ever increasing amount of memory utilization. It used to hover around the low sixties, but not ever since the upgrade, its moving up 1 to 2 percent daily (now aroun 75%). Is there a tweak I should utilize to limit this growth? Is this normal? This server has 1 GB of memory.
In & outbound traffic on Cisco routers
Hi, I've just installed NFA and have a question about Cisco routers: After configuring the flow commands on the router, the NFA receives the flow data. When I look at the router in NFA, it displays 2 interfaces (one for outbound traffic and 1 for inbound). When I select an IP group, I only see inbound traffic, no data is available for outbound traffic. Is this normal ?
Restricting Subnets
Hello, I recently downloaded the trial of NFA5 and set it up to recieve netflow data from our core switch (6509/sup720). I setup IP groups for all of our subnet's so that i could monitor traffic coming in/out of our remote sites. The interface names that show up on NFA do not appear to correlate to vlans/interfaces, but by monitoring individual interfaces I have been kind of able to tell which is which. I want to mainly see the traffic destined for the Internet from these sites. However there is
TCP_APP and UDP_APP with IP Groups
I collect statistics from our dual MPLS routers here at our main site. I have set up an IP group for a particular remote site using just the WAN interfaces of the two routers. This works fine and I get the utilisation, conversations and traffic types. However I am seeing a significant amount of TCP_APP type data. I cannot seem to find the port number(s) for this traffic anywhere. How can I find these port numbers so that I can add new applications to represent them. I cannot use the router interfaces
IfIndex Shows Up Instead of Serial0/1/0:0
I have a Cisco 2621 and have the following configured for route-cache flow interface GigabitEthernet0/0 ip route-cache flow interface Serial0/1/0:0 ip route-cache flow ip flow-export source Serial0/1/0:0 ip flow-export version 5 ip flow-export destination 192.168.50.47 9996 Why does NFA report the following interfaces? If Index1 IfIbndex15 IfIndex8 See attached Thanks, Chris
"show interface" shows 0bps yet Netflow is reporti
I have a router with a GRE tunnel (several actually) set up off of the f0/1 interface. Tunnel12 shows an 5 minute input rate of 0bits/sec and an output rate of over 400Kbps. However, when I look at the interface on Netflow, it shows input and output rates of around 400Kpbs. Tunnel9 has a similar issue where there is only input traffic and Netflow shows this one correctly (blue line only, no output). Any idea what could be wrong with monitoring the Tunnel12 interface? Where is Netflow getting the
IN vs OUT
Hi! I have a question on traffic calculation. I read your comments on executing "ip ..." for each interface BUT it is impossible to set "ip route..." for interfaces that are not used but present. Details: Let's start with the description of my router configuration: It has 4 fast ethernet switch ports (FastEthernet0-FastEthernet3) that are connected to single virtual lan port (Vlan1, intranet). It has one WAN port (FastEthernet4, internet) that is connected to DSL. During the setup of NFA I was able
Monitoring Cisco 1751
Hi, I've just installed NFA, and have a question: After configuring the ip flow exports on a Cisco 1751, I receive the data in NFA, but instead of giving 1 interface with in & out traffic, I get a separate interface for inbound traffic, and 1 for outbound traffic. Is this normal ? thx, Tom
Double Netflows?
Hi all, can you tell me how you manage to avoid double accounting of Netflow data? If several routers are activated, there's no way to tell if a flow has already been accounted for on a previous router. Does NFA solve this problem for the user? Thanks in advance Melitta
Install on Fedora Core 5 - dual xeon 2.8 4 gigs of ram
After testing NFA on a small box, we want to test it under full load from our Cisco 12K's w/ about 400 megabits of traffic running through them. After installing it on a dual xeon 2.8 4 gigs of ram running fedora core 5, I change to the bin directory, and execute ./run.sh this is the output [root@hb207-29-223-56 bin]# ./run.sh ================================================================================ JBoss Bootstrap Environment JBOSS_HOME: /var/AdventNet/NetFlow JAVA: ../jre/bin/java JAVA_OPTS:
Trying to identify a specific host
I am using my NetFlow and have noticed a tremendous amount of traffic going to a single host. The IP is "205.161.6.57" and the protocol is HTTP. I have tried to connect to this host but can not. Also I can't find out what it is? Can anyone offer any advice on this?
egress traffic
Hi, We have a couple of Cisco 1700 routers that we currently monitor with Netflow Analyzer. What if have noticed in the new IOS 12.4 versions is the possibility to turn on ip flow ingress as well as ip flow egress on the interfaces. Turning on this options seem to give better statistics of outgoing traffic. It also creates an extra interface null0 do you know if this interface also needs to be included in Netflow? Any idea about the purpose of this interface. (Why is it created when ip flow egress
OUT Traffic
Hi, I just test trial version of netflow analyzer 5. All works fine & i want to buy your product, but i think i found some bug. We have some linux routers & i use http://sourceforge.net/projects/ndsad program. In Router List i see all my linux routers, also i see In Traffic but no OUT Traffic. Also IN & OUT Traffic for all my IP groups work well. Thisi is a bug, or i need to use other netflow sensor?
(bps != kbps != Mbps) = Messed up Utilization reports
Hello, I'm new to the software and testing it out for evaluation purposes. First let me start off by saying this software is awesome. I'm very excited about what I have seen thus far. I have a question on how you calculate bps, kpbs, Mbps etc. with regards to entering in "IP Group Speed"... I'm setting up a new IP Group Management for one of our locations that has a VPN that comes back through the router I'm monitoring. There is a field that says "IP Group Speed (this value will be used for calculation):"
NFA5 stops collecting netflowdata
Hallo, we are evaluating the NFA5 in our environment (120 Customers). The tools works fine with 10 - 20 Customers/IP-Groups. Now we are testing the software with the real Netflow-data. Here the facts: - 400 interfaces - 120 customers/IP-Groups - 3 Mbit/s continuously Netflow-data After 15-30 minutes the nfa stops collecting netflow-data. After restarting the software works for the 15-30 minutes... The webinterface still work Thanks Tom
NFA5 & softflowd
I have 1 cisco router & 1 linux router. NFA5 work with Cisco fine, but with linux router I have problems- NFA dont show linux on Dashboard ( Device Group Management - linux in selected routers) What's softflowd - http://www.mindrot.org/softflowd.html (Softflowd is flow-based network traffic analyser capable of Cisco NetFlow� data export) ./softflowd -i eth0 -n 10.4.0.2:9996 -v 5 tcpdump: 11:46:01.176748 10.4.0.1.3628 > 10.4.0.2.9996: udp 1464 (DF) 11:46:01.177876 10.4.0.1.3628 > 10.4.0.2.9996: udp
Next Page