SolarWinds NetFlow Traffic Analyzer

SolarWinds NetFlow Traffic Analyzer

This template assesses the performance of the SolarWinds NetFlow Traffic Analyzer by retrieving performance data from performance counters and checking services' status.

Prerequisites: WMI access to the target server.

Credentials: User with administrative privileges on the target server.

Monitored Components

Service: SolarWinds NetFlow Service

This component returns CPU and memory usage of the SolarWinds NetFlow Service. This service is responsible for receiving and saving data to the database as well as providing licensing information to the web console. If this service is stopped, data will not be collected.

Cached Data Queue Length

This monitor returns the amount of data not currently saved to the database. If this service is stopped or disabled, this data will be lost. This value should be as low as possible. If the returned value grows, the NTA server will not be able to save processed flows into the database. It is recommended that you adjust Top Talkers Optimization.

Collapsed Records Per Second

This monitor returns the amount of incoming records that are collapsed, per second.

Note:
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

IP Address Cache Size

This monitor returns the size of the IP address cache. This counter will function only when the DNS resolution is set to "persistent."

Note:
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

IP Requests Per Second

This monitor returns the IP requests rate, per second. This counter will function only when the DNS resolution is set to "persistent."

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

IP Requests Queued

This monitor returns the number of IP requests in the queue. This counter will function only when the DNS resolution is set to "persistent."

IP Resolved Per Second

This monitor returns the IP resolved rate, per second. This counter will function only when the DNS resolution is set to "persistent."

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

IP Responses Per Second

This monitor returns the IP responses rate, per second. This counter will function only when the DNS resolution is set to "persistent."

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

IP Responses Queued

This monitor returns the number of IP responses in the queue. This counter will function only when the DNS resolution is set to "persistent."

IP UnResolved Per Second

This monitor returns the IP unresolved rate, per second. This counter will function only when the DNS resolution is set to "persistent."

Packets Per Second

This monitor returns the packets rate, per second, before the queue.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

Packet Dropped: Unmanaged Node

This monitor returns the number of packets dropped due to a node not being managed by NetFlow. This is caused by the node being disabled or the node not existing in NPM. The returned value should be zero. If the returned value is greater than zero, add these nodes to NPM or disable the exporting of these flows on your router.

Packet Dropped: Unmonitored Node

This monitor returns the number of packets dropped due to a node not being monitored by NetFlow. These nodes are monitored by NPM. The returned value should be zero. If the value is greater than zero, add these nodes as NetFlow Sources or disable the exporting of these flows on the router.

PDU Dropped: Unmanaged Interface

This monitor returns the number of PDUs dropped due to an interface not being managed by NetFlow. This is caused by the node being disabled or the node not being in the NetFlow Sources table. This counter will function only when the option, "Allow monitoring of flows from unmanaged interfaces," in the NTA settings is set.

PDU Dropped: Unmonitored Interface

This monitor returns the number of packets dropped due to an interface not being monitored by NetFlow. These Interfaces are in NPM. The value returned should be zero. If the value is greater than zero, add these interfaces into NetFlow Sources or disable the exporting of these flows on the router.

PDU Dropped: Unmonitored Port

This monitor returns the number of packets dropped due to an unmonitored application. This counter is connected to the "Enable data retention for traffic on unmonitored ports" setting in NTA settings. If checked, flows with unmonitored ports will remain stored in the database. If unchecked, flows will be dropped and this counter will continue to grow. The returned value should be zero. If the value returned is greater than zero, you should verify that all the ports you want to monitor are actually being monitored.

PDU Dropped: Unmonitored Protocol

This monitor returns the number of packets dropped due to a disabled protocol. Protocols to be monitored can be changed in the NetFlow Settings > Monitored Protocols section. The returned value for this monitor should be zero. If the value returned  is greater than zero, you should verify that the protocols you want to monitor are actually being monitored.

PDU Per Second

This monitor returns the PDU rate, per second, after the queue.

Raw Packet Queue Length

This monitor returns the number of raw packets in the queue. If the value returned continues to grow, this indicates that the NetFlow service will not be able to handle the amount of incoming flows quickly enough, thereby placing them in the queue. Consider upgrading your APM server to improve performance.

Netflow V1 Bytes Received Per Second

This monitor returns the number of bytes NetFlow V1 received per second.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

Netflow V1 Flows Received Per Second

This monitor returns the number of flows NetFlow V1 received per second.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

Netflow V5 Bytes Received Per Second

This monitor returns the number of bytes NetFlow V5 received per second.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

Netflow V5 Flows Received Per Second

This monitor returns the number of flows NetFlow V5 received per second.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

Netflow V9 Bytes Received Per Second

This monitor returns the number of bytes NetFlow V9 received per second.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

Netflow V9 Flows Received Per Second

This monitor returns the number of flows NetFlow V9 received per second.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

sFlow V5 Bytes Received Per Second

This monitor returns the number of bytes sFlow V5 received per second.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

sFlow V5 Flows Received Per Second

This monitor returns the flow rate received, per second, for sFlow V5.

Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.

Packet Dropped: Insufficient performance

This monitor returns the amount incoming packets dropped due to the poor performance of the SQL server or NTA Service. The returned value should be zero. If this occurs in one specific instance, verify that the database server is not overloaded. Database Maintenance may be the culprit. If this is a persistent problem, the database server probably is not able to process the amount of incoming flows. It is recommended that you adjust Top Talkers Optimization.

Netflow service time difference error

This monitor returns the number of events when the time difference between the database server and the NTA Server is greater than 5 minutes.

Type of event:Error. Event ID: 340, 341.

Possible impact:Data in the database could be saved and represented wrongly.

Solution:Synchronize the time between the NTA Server(s) and the database server.

Unmonitored traffic record is missing

This monitor returns the number of events that occur when system records go missing in the NTA table.

Type of event: Event ID: 304.

Solution:Run the Configuration Wizard to repair this problem.

Unable to start listening on port

This monitor returns the number of events when the NTA service cannot start the port listener on NTA port. (Default is port 2055).

Type of event: Event ID: 323.

Impact: NTA Service is not able to receive flows.

Solution: Verify the actual port that is occupied and attempt to free it, or, change the port of the NTA service which can be located on the NTA Settings page.

APM_SolarWinds_NetFlow_Traffic_Analyzer_template_pack.pdf

[Updated 5/25/14] PDU Dropped: Unmanaged Interface enabled the Count Statistic as Difference option by default