In this article you will learn how to verify and capture the Traffic is been received for the NTA ( NetFlow / Traps & Syslog )
Firstly you will have to make sure you have configured your device correctly to send required Traffic on Orion server IP & Port .
If you are new and have no idea about WHAT IS NETFLOW i would recommend to watch these videos carefully and understand the requirements and configuration required on the Device .
How to configure Netflow on devices ?
If you are new and have no idea about WHAT IS SYSLOG i would recommend to watch these videos
If you still not able to see the traffic within Orion application please follow the steps below in order to filter and verify the traffic is actually been received at Orion port.
For this you will have to install the Wireshark as below.
Download Wireshark and install on Orion Server / Kiwi Syslog Server .
Make Sure Windows / McAfee / Norton / Any other A/V Firewall Disabled on Orion Server / OR Create a Rule in Windows Firewall to allow port traffic in some cases i have found the Windows Firewall blocking the traffic to the service even the traffic can bee seen in the Wireshark
Click > Capture >Interfaces > Select "Required " Correct interface >
Now apply required filter.
Change the IP in filter of Node which is sending Netflow to Orion (Cisco / Juniper / Switch / Router ) and apply.
ip.src == 192.168.1.1 && udp.port == 2055
udp.port == 2055
click apply .
Are you able to see Flows from the Node like (Cflow (for Cisco )/ Jflow for Juniper / Sflow ) ?
if no packet please check your device or network for further troubleshooting as this will confirm that
Orion is not receiving any packet hitting NTA default port 2055 .
******************** Use following for Traps / Syslog filter in Wireshark as above example *************
ip.src == 192.168.1.1 && udp.port ==162
udp.port == 162
ip.src == 192.168.1.1 && udp.port == 514
udp.port == 514
For more details please find
SolarWinds Technical Reference Troubleshooting NetFlow