How to Save /Share Application Mappings
We identified port assignments created several Application Map entries related to WORM / Virus signatures and want to share them with other NFA users. Is there a way to export Application Mappings in a format where they can be saved off line and be restored on a different system?
NFA backup
Hi Guys I'd like to back up my NFA server on a daily basis. I want to schedule the backupdb.bat file to compress the database and back up the compressed file. However, the backupdb.bat file creates an archive that is date/time specific, and therefore always creates a new file, which will cause issues for my backup job. Is there any way to run this (or any other) batch file so that it always creates a file with the same name, overwriting it every day? Thanks Stuart
Traffic Monitoring (CISCO router 827H)
Hi, I have installed NetFlow Analyze for test with a touter Cisco 827H I have configured the router over interface Ethernet0, Dialer1, ATM0 (teorically Dialer1 ad ATM0 are the same). Why I see only IN or OUT traffic on interface? There is a method to see IN/OUT on Eth0 and Dialer1 (or ATM0)? In your online demo on Building1Router the Ethernet 0/0 show IN and OUT traffic.
Feature Request
I wonder whether it would be possible to have an "Active Connections" section to track realtime connections within Netflow Analyzer? Thanks - Adrian.
Using pfflowd and netflow analyser
When i use pfflowd (http://www.mindrot.org/pfflowd.html) to convert pf states to netflow flows exporting to netflow analyser the router isn't recognized. Exporting to other tools like NTOP works like a charm When i use a different netflow version like 1 then netflow analyser is complaining about packets received with the wrong version so packets are received
Bandwidth Requirements for data collection
Hi, how much is the needed bandwith to analyse about 20 router in a remote area? If I want to connect to the remote site to analyse the router, would a modem 56k be enough? How much traffic will be used by netflow to send the data to the analysing machine? The Description of NetflowAnalyser mentioned that the database will be as 10GB big. Does this mean that about 10GB of data will be collected? About which time? We want to set up a monitor system for a customer and what to know if we can establish
No Router is currently exporting NetFlow packets to NetFlow
Dear All, As many others I am evaluating NetFlow Analyzer on a Windows 2003 SBS, with a Cisco 800 series Router. Although the Router exporting the packets, the "No Router is currently exporting NetFlow packets to NetFlow Analyzer" message welcomes me starting the program. I send you hereby my router settings, maybe someone see, what I don't: Flow export v5 is enabled for main cache Exporting flows to 192.168.1.202 (9996) Exporting using source interface Ethernet1 Version 5 flow records 2124 flows
flow_log_n.txt
Is there a configuration option to change where these files live? My tmp file system live on a partition less than one gig and fill rather quickly. NFA stops capurting flow when filled. Regards, Chuck
Feature Request
We would like the option of using the ifdescr instead if the ifindex when displaying ports in the web interface.
Feature request!
Hi, On the dashboard view, would it be possible to have the option to have the interfaces ordered by load instead of alphabetically? many thanks, alec
Feature Request
Option the Interface Name or interface description in the web interface.
SQL Load
Hi, I've just installed the Netflow Analyser and i've seen that you are using a 'LOAD DATA INFILE ' request to import Netflow Data into the DB. During this period, my server has 100% load. the tmp file is around 20MB. Why are you importing the data doing this way and not by using SLQ INSERT command ? In my mind, The SQL request: LOAD DATA is process intensive regards Ced
Change Database
Is it possible to change the database server that servicedesk plus and opmanager uses? I would like to use an existing MS Sql Server database server to store the databases.
Monitoring ESP and IPComp traffic
Hi, I want to monitor ESP (IP Protocol no 50) and IPComp (IP Protocol no 108) traffic on my WAN Links. When I go for adding new applications I am getting these applications in the application list but it is asking for the port number again. These application are working only on layer 3, and they dont have any layer 4 port numbers. Even if I give L3 protocol numbers in the port number field I am not able to monitor the traffic. I think Netflow is not supporting monitoring of traffic at L3 level. Pl.
What software can collect and analyze the sniffered traffic
Hi, I have a cisco core switch 4006 with supervisor engine II in my network. But this device does not support netflow protocol. Now I have requirement to know the traffic flow about each user in my network. This information can help me identify some abnormal traffic flow, such as network virus outbreak in specific computers. Now I prepare to setup port mirror in my core switch to sniffer the traffic flow through the core switch to the pix firewall. Can the Netflow Analyzer collect and analyze the
Incorrect traffic statistics
Hi, I just successfully installed NFA on my server, it works great, but I have a question. Why do I get different traffic statistic result for a host if I look between Device Group traffic and IP Group traffic? Is it because the collection for the traffic data of an IP Group started when I create the IP group without taking into account the previous collected traffic data? I've attached the screenshot showing the different result taken on the same period of time. Sorry for the language, I'm not a
Traffic In/Out 0% always
I see traffic 0% alway, Ihave cisco 4500 with netflow 5.0 What problem? I see my switch IP address, interface (snmp), received flow and "sh ip flow export" command it send to NetflowAnalyzer now.
Netflow not exporting flows
I am already running Netflow on one router and is monitoring 2 interfaces of that router, now i have enabled netflow on another router too i mean on the interfaces but NFA is not getting any traffic from that router, even though i have done exactly same configuration on both routers. following is the output: RTR2811#sh ip cache flow IP packet size distribution (501376 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .625 .013 .019 .013 .003 .003 .002 .026 .004 .006
TCP/UDP port number for Cisco VoIP
Hi, Anyone know the TCP/UDP port number for Cisco VoIP? I want to monitor the traffic. Also for Skype? Tks. Sam.
NetFlow Analyzer Traffic problem
Thank your professional support for my case. We have installed the software. The customer used Cisco6513( three devices). As the evaluation result, The customer ask us several question. Please help me solve it. 1. How to get traffic based on switch port and vlan at the same time(At present, we only get traffic volume based on vlan information). 2. For our traffic analysis, We found that some vlan just get traffic in information and have no traffic out information. Please help me how to get traffic
TCP application doesn't have port infomation
Dear support, We are testing the netfolw analyzer, we found out that under the application tab, there is one item named TCP APP, but only shows source and destination IP, no port information, so where we can find more information about the port information? Another problem is as soon as we add 3 routers and configure the IP group, I found if I click some device, there is only traffic in, the traffic out part is data is not available. What is the problem? Thanks
Feature request! Yes, another one :)
Hi, Many thanks for the accounting of number-of-packets - that's great! I don't know how do-able this will be, but how about showing a histogram of average packetsizes for some given time period? A graphical equivalent of this: router#show ip cache flow IP packet size distribution (747423811 total packets): 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .001 .285 .071 .061 .041 .017 .008 .007 .004 .003 .002 .003 .001 .002 .001 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 .002 .001
Updating a router IP
Hi, One of our router will have its IP changed soon. Is there a way to update the IP of the router in the web interface to avoid the lost of data already collected (several months) for this device? I gave a quick look at the database and found that table NetFlow_Router contains a column named ROUTER_IP. Is it enough to update the ip address in this table if it is not possible to perform the changes trough the web interface? Thank you. Best Regards,
Interface called ifIndex0 on non-snmp router?
Hi, For various reasons, I can't use SNMP with NFA for two of my routers. I've edited all the interface descriptions manually to get around this. However, there's a bit of an oddity here. In the netflow_interface table in the database, there's an interface whose snmp_description is IfIndex0 in addition to all the others. This interface doesn't show up in the web interface. The problem is that in the netflowraw_blahblahblah tables, there are rows whose dst_if references the IfIndex0 interface described
Netflow on Hybid 6509's running CATOS
We have a number of CISCO 6509 running CATOS which supports Netflow version 7 upwards only. I understand that the new version of netflow now supports version 7. However, the licensing of the software is based around number of interfaces monitored. With CATOS each individual port appears as an interface, unlike native mode where VLANs are displayed. My question is is there a license option based on the number of devices monitored as opposed to interface. In my environment I would require One license
netflow config on a 12000
Hello I have a GSR here and am evaluating netflow analyzer 4 for purchase in future, I did install it and configure the router and can see results, I have a problem though that the results are not matching my MRTG readings, actually they seem not realisitic ! am polling for example a gigabit interface that is about 45% utilized, though I see max utilzation of 3 Mbps on the analyzer, I also can't see some customized reports outputs for certain network ranges as source, I would like to note that I
NFA stopped when opening graph without Exceed X Window serve
I downloaded and install NFA 4020 build in RedHat Linux 7.2. Sorry, it not required OS version; it's a box with Tivoli Netview installed with right to snmp query to other routers and switches. Everything seems working fine after the installation, and added several routers in. But the NFA service stopped, when I close the Exceed X-window server from my installation PC. To look into the problem, I restart the netflowanalyzer service without running Exceed in my PC. I can open the NFA website, and browser
Data collected, but nothing on traffic or application tabs
Hi Guys I have now instaleld my licenced version of NFA, and am collecting traffic from routers okay, however, when querying an interface, I can see detail in the source, destination and conversation tabs, but none in the traffic or application tabs. Can anyone suggest what might be wrong please? Thanks Stuart
NFA doesn't want to start
Hi, I just installed NFA on win2k sp4. The installation process run without a flaw, but when I want start NFA through the desktop icon it gave an error message like this: Server is starting. This may take a minute ... This evaluation copy is valid for 29 days Database creation failed. Stopping the Server. Please refer logs for more inform ation Press any key to continue . . . and it won't start at all, even if I tried to run the run.bat script from bin folder. I tried to check the log file, but couldn't
No Data from Cisco Router
We are evaluating NetFlow Analyzer and there is no data. "No Router is currently exporting Netflow packets to NetFlow Analyzer " We configured the Cisco 2620 to export the data to port 9996 on the machine we installed NetFlow Analyzer. We have a Firewall in between that we opened up port 9996 UDP from the router to NetFlow Analyzer. Does NetFlow Analyzer need other ports open on the firewall to receive the data.
mysql startup problem
Hello, first thanks a lot for a great application. It works well with SuSE 9.2 and Kernel 2.6.8-24 but with Kernel 2.6.4-52 is see following startup error. "Server is starting. This may take a couple of minutes ... This evaluation copy is valid for 29 days Trying to start MySQL server failed" with ps -el i see no PID of a running mysql database. As an attachement i added the logs from /opt/AdventNet/ME/NetFlow/server/default/log
Lacking port
Nevermind.
How long does hourly data stick around?
I'm not getting hourly data when going back a few days trying to get hourly data from Monday. Please view attached file. Does the product keep hourly data this long? I don't think its a very long time. Is there a configuration change to allow for it?
Percentage still over 100%
Hi, after applying the patch the percentage of utilization is still over 100% (sometimes 500%). A new installation of the software didn't help. cu - Reinhart
Link speed
Hello, Is it possible to change link speed on specific interface ? -- jan shack
IP groups flow aggregation
Can IP groups aggregate data flow from several different sources? Chuck
NFA data storage pattern
Please find below the data storage pattern in NFA as of release 4010 (and above). This information would enable the user to select the appropriate from and to times for the reports and gain optimum value from the product. Traffic Tab and the traffic graph in consolidated reports (Holds good for the speed, utilization and volume sub-tabs): Data within the last 6 hours - 1 minute granularity, however please note that you would have to include at lease one 10 minute data point between the from and to
following the traffic evolution with netflow?
Hello, First of all, sorry for my approximative english : I'm french... I would like to know if there is a netflow analyzer that could be able to provide graphs showing the traffic evolution over several months for example (and let the user being able to choose the period of observation) ??? I sought on Internet but i did'nt find information about it. Thanks in advance ! Have a good day.
netflow and NAT
hello this my network : LAN -[gateway]- DMZ - [firewall] - internet all traffic is masqued (NAT) in the gateway with 192.168.22.25 (example) then all traffic is masqued a second time with our public address i have netflow on the gateway i see traffic like this : LAN-192.168.22.25-port 80 so i don't see the public address of the web site how can i do that (AS ?) ? for info, i can enable netflow on the firewall
Feature request!
Hi, On the graphs of older data, I'd like to see two extra lines for maximum in/out traffic rates, as well as the average values reported at present. The traffic rates on these graphs are averaged down as you go back in time, and the maximum values are lost. A bit like what you can do with MRTG! many thanks, alec --
Next Page