I’ve spoken to quite a few customers who would love to gain visibility into top bandwidth users on their network, but alas, their networking gear does not support flow-based traffic analysis (e.g., NetFlow, sFlow, J-Flow). I’ve also heard from existing Orion NetFlow Traffic Analyzer (NTA) customers who’ve got great visibility in their core network, but would like to extend NetFlow-based analysis to other non-flow capable sites.
If you fall into either the aforementioned scenarios, you have several options:
1. Leverage your Cisco ASAs – Cisco ASAs running the 8.2 software release support exporting NetFlow which Orion NTA can collect and analyze. For instructions on how to enable NetFlow on your Cisco ASA, see this KB article
2. Deploy devices that do support NetFlow – This may be overstating the obvious, but if you have the budget, it makes sense to simply deploy devices that support NetFlow into those locations and configure them to export to your Orion NTA collector. For example, a Cisco 800 series router supports NetFlow and is relatively inexpensive
3. Use a software exporter on a span or mirror port - If you have a managed switch, you can usually configure it to send all the traffic to a single span or mirror port (consult your vendor’s documentation). You can then install a software exporter on a computer and attach it to the span port. The software exporter will then send flow records to your Orion NTA collector.
#1 and #2 are pretty straightforward, so I won’t spend any more time talking about those options. So, let’s focus on #3. What is a software exporter and how do you set it up to work with Orion NTA?
A software exporter transforms received network packets into summarized flow data that collectors like Orion NTA can store and analyze. There are quite a few software exporters out there, but nProbe is probably the most popular. nProbe also runs on both Windows and Linux, so I’ve focused my integration testing with this software exporter.
NOTE: For more detailed technical documentation on nProbe configuration, please see the nProbe User Guide.
Here’s how to set up nProbe to work with Orion NTA:
1. Download and install nProbe on a Windows (or Linux) server
- Download an evaluation version of nProbe and install it on a server. As noted in the diagram above, you'll need a server with two NICs - one to connect to the span port of the switch and the other to export flows to the Orion NTA server. The eval version of nProbe supports 2,000 flows export, so you’ll eventually need to purchase a copy. It’s around $100.
3. Add the nProbe server to Orion
- Add the server running nProbe to Orion, including all interfaces
- Add the server interfaces as monitored NetFlow Sources
- Go to NTA settings and enable “Allow monitoring of flows from unmanaged interfaces”
4. Configure nProbe to export flows to Orion NTA
- Open command prompt on nProbe server and navigate to C:\Program Files\nProbe-Win32>
- Run nProbe from CLI using the options listed below:
/c - output to console. This is the easiest method, especially for a demo situation, because you can review the debug messages.
-n <Orion NTA server address>:<port> - IP address and port that should receive the flow records. Use 2055 for port.
-b 1 - modest level of reporting
-i <interface> - generally 1 on Windows; en0/eth0 on Linux; en0 for Ethernet on OSX, en1 for wireless
-u <in-index> - sets the ingress interface for all flows (use 1).
-Q <out-index> - sets the egress interface for all flows (use 2).
E.g. nprobe /c -i 1 -n 10.199.15.50:2055 -b 1 -u 1 -Q 65539
NOTE: It’s important the ingress (-u) and egress (-Q) interface indexes be set to the server interfaces being managed in Orion. NTA will drop flows from interfaces that are not managed in Orion. You can see the interface index for the server interfaces in Orion by drilling down to their respective interface details view. So, if your nProbe server had two interfaces being monitored in Orion NTA, you would just set the option –u to the index of one of them and the –Q switch to the index of the other. See nProbe documentation for other command line options.
Please visit this link for OID information : Juniper Networks - [Junos] How to find the SNMP OID which corresponds to the SNMP object name - Knowledge Base
You can use UNDP to create graphs, tables and charts to monitor specific items via OID. This does not have to be applied to orion one device at a time and if the OID is valid for the device it will appear on the webpage automatically when you assign it.
The provided article provides information on how to find the SNMP OID that corresponds to the SNMP object name only in Junos and I 'd ask regarding Netscreen?
Thanks...again, please guide how I can able to monitor particular field which not currently getting in list resource,
Cross-reference table for MIB to OID relationships for ScreenOS MIB / Module OID Description NETSCREEN-CHASSIS-MIB 220.127.116.11.4.1.3224.21 Defines the objects that are used to monitor device status such as battery, fan, power and temperature
Thanks for valuable support.
Yes, go too the universal device poller on the solarwinds server and select add new universal device poller. Input the oid and search to be sure it is in the tree. Apply against the node and select the websites to show. If it does not show on the page, use the multiple device poller chart to display. I have no screen shots because mine is broken.
I woould reccomend to update screen os and run the test again, the current version does not support this oid.
I'm doing the same and will update so as close this helpful discussion.
Thank you for wonderful support.
You are more than welcome sir and thank you.