Is there a default time frame when doing a search by IP address or port / application? IS it looking through the entire database?
The reason I am asking is that I am trying to track information from a device that is reporting to Orion but the ports are not showing up or the IP address has 0 bytes for transfer. I added an ACL to the router and there is traffic flowing through the router the cache flow table does have entries for the IP address with packet counts and the like but I have nothing in Orion. I am wondering if there is information missing because I possibly need to tweak something or is there just so much something is rolling out of the export table?
I am running out of ideas for what to look at.
Jul 30 10:05:16.675 CST: %SEC-6-IPACCESSLOGP: list 110 permitted udp 172.16.1.145(123) -> 17.151.16.22(123), 1 packets
Memphis_4506_C1#sh ip cache flow | inc 17.151.16.22
Gi3/12 17.151.16.22 Vl10 172.16.1.145 11 007B 007B 1
ip route-cache flow infer-fields
ip flow ingress infer-fields
ip flow ingress layer2-switched
ip flow-cache timeout active 1
ip flow-export source Vlan5
ip flow-export version 5
ip flow-export destination 172.16.4.4 2055
