IP Groups with Exclude Criteria alone
IP Group Management lets you monitor departmental, intranet or application specific traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol.
We provide the option to create IP Groups with IP Criteria like IP address / IP Network / IP Network Range with Include, Exclude and Between Sites option.
This document is to provide details on the IP Groups created with only the Exclude criteria in do not reflect the expected output:
The IP Group criteria in NetFlow Analyzer works based on the IP and not the actual direction of the traffic.
During flow lookup , if the flow doesn't contain excluded ip then we add that conversation octet in both (Src , Dst) table .
So for Example, if we created a IP Group with the Exclude criteria of 1.1.1.1.
We will check if this IP is available in the flow data or not, if not then we will dump all the data for both IN and OUT traffic for that IP Group.
This is the reason we show the same data for IN and OUT traffic if a IP groups is created only with exclude criteria.
I Hope this helps in understanding the behavior for the IP Groups.
If you have any further quires, you can get support by send email to our support email address netflowanalyzer-support@manageengine.com
We provide the option to create IP Groups with IP Criteria like IP address / IP Network / IP Network Range with Include, Exclude and Between Sites option.
This document is to provide details on the IP Groups created with only the Exclude criteria in do not reflect the expected output:
The IP Group criteria in NetFlow Analyzer works based on the IP and not the actual direction of the traffic.
During flow lookup , if the flow doesn't contain excluded ip then we add that conversation octet in both (Src , Dst) table .
So for Example, if we created a IP Group with the Exclude criteria of 1.1.1.1.
We will check if this IP is available in the flow data or not, if not then we will dump all the data for both IN and OUT traffic for that IP Group.
This is the reason we show the same data for IN and OUT traffic if a IP groups is created only with exclude criteria.
I Hope this helps in understanding the behavior for the IP Groups.
If you have any further quires, you can get support by send email to our support email address netflowanalyzer-support@manageengine.com
New to ADSelfService Plus?
Related Articles
Consolidated fix for NetFlow Analyzer Build 10250 for Stand Alone
Note: This can be done with NetFlow Analyzer build 10250 only. Take the backup of the files before replacing. For Distributed Edition, make sure to follow the steps in Central and Collector servers. The consolidated fix is available over 10250 which ...UDP port block Message In NetFlow Analyzer
In NetFlow Analyzer we do two types of check in windows firewall, while flows are being received in server 1) Check if there is any allow rules created to allow UDP port say "9996" -Once our product find out this rule then flows collection will get ...Incorrect traffic information in Netflow analyzer
NetFlow Analyzer shows the information based on the flow Packets (NetFlow, sflow, Jflow, netstream etc..) exported by the device to the NetFlow Analyzer installed server. We have seen many customers come with the issue that the Utilization ...SNMP walk - check if the router is responding to NFA's SNMP Request.
How to check if the router is responding to NetFlow Analyzer SNMP Request For Version 12 and above: In a CMD prompt, navigate to the NetFlow installation directory (OpManager\troubleshooting\). Execute SNMPWalk.bat for windows or SNMPWalk.sh for ...UnknownHostException: addr is of illegal length
Thank you for writing to us. Please follow the below steps and check on the issue: 1. Stop the NetFlow Analyzer service. 2. Edit the /etc/hosts entries as below 127.0.0.1 localhost ncm-test //where ncm-test is a machine name {Serever ...