|
| | |
Forum Newbie
Group: Forum Members
Last Login: 10/10/2008 3:40:21 PM
Posts: 4, Visits: 17 |
| | I have installed WUG 12.3 as a test instance on a test server (completely separated from my production WUG server). Setup of Netflow was easy and using it has not been a problem over the last 30 days or so. I was troubleshooting a problem for a user at one of my 30 sites and realized that not all traffic for my sites are being logged. When I setup initially everything was working - I haven’t changed any configuration settings so I am not sure what went wrong. Three of my sites (out of 30 total) are not collecting data - I have verified each router is sending the data but for some reason the WUG server says it is 'not receiving' under Netflow traffic status. Site 1 - Last active 9/11/2008 - Netflow traffic status 'Not receiving'
Site 2 - Last active 9/21/2008 - Netflow traffic status 'Not receiving'
Site 3 - Last active 9/21/2008 - Netflow traffic status 'Not receiving' |
|
|
| | |
Time Traveler
Group: Ipswitch Employees
Last Login: Today @ 5:05:16 PM
Posts: 227, Visits: 1,332 |
| Hi Jeff,
Do you have installed the final release build? How much traffic are you collecting in flows per minute or seconds?
It will be good to change the log level to verbose for few minutes in Netflow settings and then look at netflow logs.
It seems that you have a large network (because of the 30 sources), and we may need to do some DB maintenance more often to keep it in shape.
Hope this help.
Claudio Robles
Ipswitch Network Monitor Team |
|
|
| | |
Forum Newbie
Group: Forum Members
Last Login: 10/10/2008 3:40:21 PM
Posts: 4, Visits: 17 |
| | I installed Premium v12.3 but have no idea how to tell what release build it is.. I can't find anywhere that tells me total flows per second but I added up each interfaces flow and came up with a number around 17,000 flows per minute. Let me know if there is a more accurate way of getting this info. I didnt think 30 sites was large but I guess that is all relative when you are talking about keeping a database of each conversation into and out of those 30 networks. I am not a DB admin and know very little about it so my policies or settings are probably all wrong. Any help setting those would be appreciated. Netflow.mdf size is 3.2 GB Here is an excerpt from my log...
Message Source 10.10.1.1 could not find NetFlow template ID 256
Severity Errors Only The sources that I get no data on all show up in this log with the same message. |
|
|
| | |
Time Traveler
Group: Ipswitch Employees
Last Login: Today @ 5:05:16 PM
Posts: 227, Visits: 1,332 |
| The total traffic (sum of the sources) can be see when clicking on the Collector icon on the bottom right corner of the Netflow homepage.
However 17,000 FPM is low traffic, so it is not overloaded.
We are going to review this error. There are a couple of reports indicating the same error, which only happen on Netflow V9. You could change the version exported on the routers to v5 in the meantime.
Hope this help.
Claudio Robles
Ipswitch Network Monitor Team |
|
|
| | |
Forum Newbie
Group: Forum Members
Last Login: 10/10/2008 3:40:21 PM
Posts: 4, Visits: 17 |
| Service status: Running
Data collection interval: Every 2 minutes
System traffic: 258.45 flows per second
Listening ports: 9997
Duration running: 1d 19h 24m
Start time: Mon Oct 6 13:29:50 EDT 2008 Database name: NetFlow
Database edition: Express
Current size: 3430.89 MB
Maximum size: 4 GB
Unused space: 665.11 MB
Percent used: 83.76% I was able to set ip flow export to version 5 and for now the data is being collected. |
|
|
| | |
Time Traveler
Group: Ipswitch Employees
Last Login: Today @ 5:05:16 PM
Posts: 227, Visits: 1,332 |
| Hi Jeff,
We have a bug on our collector when routers send a NetFlow v9 packet with more than one template. We had not seen this here and so far we do not have a reliable way to test the fix. Do you know how to make a router send several templates in one packet?
What kind of router do you have? Or what kind of configuration do you have?
Thanks.
Claudio Robles
Ipswitch Network Monitor Team
|
|
|
| | |
Forum Newbie
Group: Forum Members
Last Login: 10/10/2008 3:40:21 PM
Posts: 4, Visits: 17 |
| I have two models of routers:
25+ Cisco 2811 (IOS: c2800nm-advsecurityk9-mz.124-11.T.bin)
4 Cisco 3845 (IOS: c3845-advsecurityk9-mz.124-11.T.bin)Configurations are all pretty much as follows: ip cef interface FastEthernet0/0
ip address 10.20.4.1 255.255.255.0
ip route-cache flow interface Serial0/0/0:0
encapsulation frame-relay IETF
ip route-cache flow interface Serial0/0/0:0.100 point-to-point
ip address xx.xx.xx.xx 255.255.255.252
frame-relay interface-dlci 100 IETF ip flow-export source FastEthernet0/0
ip flow-export version 9
ip flow-export destination 10.10.11.202 9997 The problem shows up on two 2811 and one 3845 router with same configuration but all other routers function properly. |
|
|
| | |
Time Traveler
Group: Ipswitch Employees
Last Login: Today @ 5:05:16 PM
Posts: 227, Visits: 1,332 |
| | Thanks Jeff. The bug has been fixed. Claudio Robles
Ipswitch Network Monitor Team |
|
|
| | |
Forum Newbie
Group: Forum Members
Last Login: 11/13/2008 6:38:45 PM
Posts: 3, Visits: 3 |
| I have this same problem... how do I download the fix?
Thanks
|
|
|
| |