Help me Security Analytics
Hi, how to read the logs Security Analytics?? DoS / Flash Crowd(7) how do you know who and how to attack? which rows that mean? Help me plz.
Netflow Daily /Weekly/Month reports (Just for Office Timing 8AM To 5PM)
HI, We are using Netflow Analyzer 8.0 professional edition and we need to generate Daily / Weekly / Monthly report but just for office timing (8 AM To 5 PM) not for 24 hours. Kindly advice for this. BR
adding a device to monitor
Hi Everyone, When I setup NetFlow Analyzer for the first time, it gave me a chance to add a device. Now, I would like to add another device to monitor. How do I do that? Thanks.
unaccounted data on Netflow Pluggin
Hi, I used Opmanager Netflow Plug in build number 9861. When I need to see detail data application in last 15, or 30 minutes and 1 hours, there's no data (unaccounted data). but in last 6 hours its show detail data. Is there any configuration to set if I want to see detail data in last 15, 30 minutes and 1 hours ?? thanks,
AVC monitoring - Available in NetFlow Analyzer(GA)
We are extremely glad to announce that the Cisco AVC reporting feature, which was available in the beta version earlier, is now available generally in version 9.9 of NetFlow Analyzer(build 9900) With this report, you can monitor ASR 1k and ISR G2 routers(that support AVC monitoring) and get valuable insight into the application traffic in your network. The different reports that are available in this module are: NBAR2 application monitoring http host monitoring(URL hit count) QoS class
Wrong traffic speed reported on Netflows from Nexus 7010
Tried NetFlow v5 and v9 and in both cases when I show the vlan interface stat on the switch, it would tell me say: "input rate 87.95 Mbps, 7.96 Kpps; output rate 3.32 Mbps, 4.22 Kpps" for 5 min, but the Analyzer say "In Avg 312.4 Kbps, Out Avg 8.22Kbps" for the same 5 min. No sampling configured on the Nexus. Any ideas? Thanks!
Exclude specific interface or device from charts
Is there a way to exclude interfaces/devices from dashboard charts? I have a number of routers and firewalls added to NFA and I really like the "Top Devices" and "Top Interfaces" widgets. The issue is, my firewalls process a tremendous amount of traffic compared to the routers - thus skewing all the charts. It would be really great if I could exclude specific devices, or groups of devices, from these charts. Is this possible?
problem with UDP traffic multicast
Hello, I have a problem with the UDP multicast traffic in an OUT interface , on the web interface I can't see the multicast traffic despite the fact that the multicast traffic is well routed by this interface but I can see the multicast traffic in the IN interface of the router. What can i do to solve this problem? thank you for your response
Destination - Issue
I am trying to display all destination for a particular device and have been able to do this until today. Today, when I display all destinations for a particular device, the last line shows as unaccounted (only one page is displayed). Prior to today, I was able to select the next page (multiple pages). My - Count of Top Records to Store is set to 100. Any thoughts here?
LDAP per user traffic statistics
Hi all I wanted to know if I can integrate Netflow Analyzer with our AD to view per user data. I want to be able to graph what websites/traffic a user is viewing by AD Username, not only IP address. Is this possible with ManageEngine? Regards
the conversation tab
hi ... i have 2911 router interface GigabitEthernet0/0 ip address ******************************* ip nbar protocol-discovery ip flow ingress ip flow egress ip nat outside ip virtual-reassembly in load-interval 30 duplex auto speed auto crypto map s2s ! interface GigabitEthernet0/1 ip address ****************************** secondary ip address ****************************** ip nbar protocol-discovery ip flow ingress ip flow egress ip nat inside ip virtual-reassembly in duplex
using two versions of netflow
Hi All, earlier we were using netflow version 7 and now we have upgraded to version 9.8. since we have two versions of netflow our routers are configured to export IP flow to both the destinations. Also both are configured with exactly same alert profiles and they also send out an email if the alert is generated. I was assuming to receive two emails and should see the same alerts on both the versions but this is not the case. I can see most of the time alert is generated on only either of the versions
Archive Flow data before deleting object
Hello We have migrated the network to new platforms Before deleting the old sources of Netflow data, I would like to archive the data, in case I need to retrive statistics from previous periods. How can this be done ? TIA --félix
Conversation
I just setup a port on a Cisco 7606: ! interface TenGigabitEthernet4/7 description ATT ASE 1 mac-address 001c.b0ca.0101 bandwidth 10000000 no ip address ip flow ingress ip flow egress ! When we look at the conversations (with 10.223.250.53), we do not see the traffic that we wish to monitor. However, we can see this information on the 7606 with the command below: sh ip cache flow ! Te4/7.2940 172.18.180.137 10.223.250.53 tcp 54117 443 1 What are
New with Netflow analyzer
Hi guys, I successfully installed Nestflow analyzer on my computer however when the installation was done I got this web inteface where I should put a user name and a password to log into a session, my question is : which session are they talking about , because I didn't get any request asking me to create one before , and if I should then could you post the link please. thank you. P.S: I ve already tried the defaut informations they suggested but it didn't work either.
Cisco 1900 series and 2900 Series Netflow Not Working
Dear ManageEngine, We are in the process of replacing some of our old routers with some of the new generation routers. We have already replaced two of our routers with the following routers: Cisco 1941 Cisco 2901 We are currently not getting any Netlfow information in Netflow Analyzer. We have double checked the Netflow settings on the routers and they are fine. I can see in Netflow that it actually does pick up the Serials and Says Flows Received which is incrementing every 5 seconds but the serials
About Bulk loading IP Groups XML format
Hi Sir, Would you please give me some suggestion for XML template about "Between sites",I try following but fail .. <GrpIPNetwork from netmask_addr_id="255.255.255.0" network_addr_id="192.168.1.0" to netmask_addr_id="255.255.255.0" network_addr_id="192.168.2.0" flag="Between sites"/> Thank you! BP <Reference> http://netflow.realtek.com.tw:8080/help/admin-operations/ip-group-mgmt.html#addgroup
Publish a graph on a web page
Dear All, I'm the new to the forum, so firstly hello community! I am using Netflow Manage Engine v9.7. I have a nice graph which I'd like other people to see, published on another webpage, without having to use the form/query. It would be the same query each time... display IP Group X utilisation over 24 hour period. Is there anyway to do this? I can see in the source of page it is a static link that changes each time I do a browser refresh. For example: <img src="/netflow/servlet/DisplayChart?filename=myChart13977334632494161905820096471147.png"
NFA 9.8.7 try to send e-mail to netflowanalyzer-support@manageengine.com
Hi, we have NFA 9.8.7 and see from mail daemon events such as: to=<netflowanalyzer-support@manageengine.com>, relay=none, delay=0.36, delays=0.3/0.04/0.02/0, dsn=4.4.3, status=deferred (host or domain name not found. name service error for name=manageengine.com type=mx: host not found, try again) from=<netflowreport@localdomain.com>, size=3799, nrcpt=1 (queue active) But our NFA placed in DMZ and can't mail anything to internet. How we can turn off this activity from NFA? Thank you.
Heartbleed - NetFlow Analyzer is not affected
The Heartbleed vulnerability is sending out panic waves all over the place and we understand your concerns regarding the same. We would like to inform you that we don't use openSSL encryptions in our product(NetFlow Analyzer). So, this vulnerability won't affect us. Thanks Sai Sundhar P
Flexible Netflow on Cisco Catalyst 3850E (IOS-XE 3.2.1)
I have seen a lot of blogs and posts about Flexible Netflow on Catalyst 3K's and 4500's, but it seems as if some of the commands in these blogs are not available on the new Cisco Catalyst 3850E switch. Also, there is a lot of variation from blog post to forum post on "what" commands should be configured. I have created the following configuration but I haven't had a chance to test as this switch will not go into pilot until a few weeks from now and I do not have a test NFA box (I could set one
Problem with default login
HI there, we just installed Netflow Analyzer on Windows Server 2012 r2 with default settings. After setup has been finished successfully the webseite http://localhost:8080 opens where i should login with Admin/Admin. The problem is: the default credentials do not work. I tried several times but it does not work. I also started /bin/startdb.bat and received "Could not start postgres database, the post 13310 is in use" What should i do next?
Problem using NetFlow first time
good day I'm using this program for the first time, successfully installed the program, but when he starts the following message appears: From the device is currently exporting NetFlow / sFlow packets to NetFlow Analyzer. Listening for NetFlow / sFlow Packets at Port 9996 Click here for instructions to enable NetFlow / sFlow Exports on the router / switch. You guys can help me telling if missing some other configuration and what configuration?
Impact of unmanaging interfaces
Hi, We are successfully using NFA with Brocade routers and sFlow. We are running several interconnected routers, thus traffic can flow through multiple routers. We extensively make use of IP groups. In order to not count traffic multiple times, we currently only sample interfaces on the perimeter of our backbone. This way we measure traffic coming in from the outside on the transit router and traffic going out on the router connecting the customer. For billing purposes this works great. Now we'd
Problem updating NFA 9.8.6.2
NFA 9.8.6.2 (64 bits) applying AdventNet_ManageEngine_NetFlow_Analyzer_9_8_2_SP-1_0.ppm to move to 9.8.7.0 : Exception while checking NetFlow Analyzer Module. Any suggestion? Regards HSD
Can't access netflow analyzer web interface
Hi, first of all, sorry my english. i can't acces my netflow analyzer web interface. last day netflow server goes down and i restarted. and now when i want to login web interface netflow.mydomain.com, page open but blank page says ""NetFlow Main Page"" when i try netflow.mydomain.com:8080 (my default web interface) page doesn't open. i use linux server. when i doing nmap my netflow analyzer server, nmap says: PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind netflow
Netflow with Cisco WAAS
Hi, We recently installed some WAAS devices in our network, and now I can only see outbound traffic as a GRE tunnel for the WAAS. I have been reading a bit about it and I have seen that I need to run Netflow v9 to be able to see the detail inside the tunnel, I am currently running Netflow v5 Anyone know if this is the case and how I could set it up to be able to see the outbound traffic correctly? Thanks.
IP_app for IP-SEC traffic with Flexible Netflow from Cisco Router
Hi, I configured Flexible Netflow on Cisco 2821 router running IP-SEC tunnel. Flow data are sent from the LAN ports and I have "output-features" command as recommended. On ManageEngine at the other end of the tunnel, all traffic shows IP_app as application with port 0. Am I missing anything in my Cisco router flexible config or on ManageEngine config?
No License Management option.
My installation of OpManager build 9200 and NetFlow Analyzer Professional V 9, build 9000 doesn't seem to have a License Management link. I need to stop management on some interfaces and add others and I can't figure out how to do it. Thanks for your help.
Capturing Appflow data from Citrix Netscaler
Hi, I configured Appflow monitoring for my Netsaler device as per the instructions given below. https://blogs.manageengine.com/product-blog/netflowanalyzer/2012/04/17/appflow-configuration-on-citrix-netscaler-device.html I am able to see the TCP based netflow data in the Netflow Analyzer dashboards and reports. But I can't see the Appflow data displayed anywhere in the console. How do I get to the report which is mentioned in the link above? fyi, I installed this version of netflow analyzer: http://www.manageengine.com/products/netflow/2028821/ManageEngine_NetFlowAnalyzer_9870.exe
Netflow don't start
Hello man's Sorry for the bad english We start netflow, but ..... [root@netflow bin]# ./run.sh /opt/NetFlow/bin/.. JAVA_HOME : /opt/NetFlow/bin/../jre SERVER_HOME : /opt/NetFlow/bin/.. DATE : Thu Mar 20 07:25:45 EDT 2014 Check webServerPort http value : 8080 https Port : null PortCheckerUtil.getPort : serviceName :NETFLOW_LISTENER_PORT Flag : true NFAPropFile :/opt/NetFlow/bin/../conf/netflow/nfa.properties PortValue is : 9996 Check for NetFlow Port with value :9996 PortCheckerUtil.checkPorts
NetFlow Analyzer doesn't display graphs/reports
Hi There, Initially we started using netflow analyzer 7 which was working all good and now we have moved on to version 9. We have routers configured for both netwflow analyzer destinations and I can see traffic hitting to both destinations. Also I can see flow increments on both destinations but the problem is we cant see graphs/reports for "application in" "application out" "source in" "source out" on version 9. Network analyzer 7 is working all fine we can see all graphs/reports but for some reason
95th Percentile Programmatically
I'm trying to figure out how to get a 95th percentile of an IP without having to set them up originally in the software programmatically. I know once it's setup that I can run a report within the software but I have hundreds of thousands of IPs. I can't take the time to set these up individually. Why doesn't NetFlow Analyzer let me run a 95th percentile report!?! without defining it first. The data is in the software. Also if I keep 1 min data for 3 months why in the world won't the software let
95th Percentile Automatically
How in the world do I get NetFlow Analyzer to give me 95th percentile on IP addresses that I have not previously configured. If I have a user that does a ton of traffic, unless he's already setup it won't give me 95th percentile. Just bandwidth total. Is there a way I can get this programatically?
NetFlow on NetGear M4100-D12G
Does this software support being able to receive flows from this device? I'm basically looking at managed switches to monitor LAN traffic on the network.
netfloow free linux
Hello, please tell me. I downloaded and installed netflow analyzer on Linux. When installation is not an option netflow analyzer, netflow server and only netflow collector. I chose the collector installation. But when the period of 30 days has expired, he refused to work and the necessity of the license. I only have 2 interface, so I need a free version. I think that maybe I installed the wrong version. Please tell me that I need to install or how to get a free license?
Postgress Database Migration for NetFlow Analyzer
NetFlow Analyzer installation can be migrated to a different server with old database and configuration provided both the installation are in same version and build number. Please follow the steps given below to migrate between PGSQL between different server : NOTE: Make sure that the raw data are dropped using rawCleanup.bat/sh under <NetFlow\troubleshooting> to speed up the migration 1. Stop the NetFlow analyzer service on the old server and make sure postgres and java are not running. 2. Install
Netflow
I'll have Netflow Enterprise Edition vers 6.5.0 licensed for 1000 interfaces. in the last few weeks I'll decided to reinstall it and the collector. since then the collector give me an error mesage "Unable to contact central server". i'll verify communication between two machines and it is ok. any ideea why it dont works?
How do I run a report for all traffic for a particular application/port?
I would like to find all sources of smtp. We have data collected from pretty much all of our site routers, so I should have the data I need. But I don't see a way to do this. It looks like we have only Devices defined, a few IP groups (but what I probably need is an IP Group for RFC-1918 addresses), and nothing under CBQoS/NBAR. Can anyone give me at least a high level HowTo for getting a report on a port?
Ifindex naming and output data
Hi I am using Cisco 3850 (with WLC and ios SE) and inspecting one routed inteface using FNF and exporting it to a NFA server but NFA server is unable to display output data and inteface index (Ifname , speed) where as SNMP is enabled in the the device and NFA server collecting device name and ip address and input data of the inspected interface. Note: I have observed in L3 switch and NFA server using wireshark , l3 switch sending both direction data of flow . I am attaching FNF configuration along
Next Page