cnorborg · Network Professional IV · ✭✭✭✭✭

Ah, didn't know that. Going out on a limb here and guessing you might have a Layer-3 image installed on your switch? If so, can you describe the topology a bit? Are the source and destinations of the traffic your monitoring on the switch itself? Are the source/destination on the same subnet or different subnets? Are you…

No problem, now that its backing up, have you looked at your "configs"? Wondering your thoughts on them...

 I would have to say definitely yes. The biggest problem we have with Orion SLX version is how slow it appears to run even though the server still has plenty of resources. I would like to have better performance out of the hardware I have rather than have to go out and purchase more hardware, something I'm sure everyone…

Re: #2, was wondering if your SW server was rebooted or reconfigured. Not if the switch went up or down. If the server is rebooted it might retrigger alerts, or reconfigured. I think the "Last Status Change" on the switchport is the "Up X days" (on Arista) or the last time the interface went up/down. I don't think that has…

Hmm. Curious, let me prefix this by saying that I really have no idea. The millisecond thing I was fairly certain of, but this is just conjecture... I found an article that says that datetime stamps are stored with a limited precision, they said 0.00333 seconds, and that "Values are rounded to increments of .000, .003, or…

Hmm... Not sure how to do that offhand, most interface specific resources would be associated with an "interface details" page. You'd need to be able to specify the interface within the resource and short of "Multiple Device Chart" and "Multiple UDP Pollers Chart", not sure of any resource that allows you to do that. Maybe…

NTA will give you insight into what traffic is traversing your network quite well, and without having to do Netflow on end-user switches. Normally you would install netflow at points in your network that all the traffic you want to monitor will traverse. If all of your traffic goes through a single core router or firewall,…

I'd also be interested in what protocol you're using? I recommend SSH2 like shown in the screen capture above, much more reliable. Just as an FYI, you might want to do a "no ip domain lookup" which will stop the device from trying to do a DNS lookup when you mistype a command or do something like above (ie: putting the…

What kind of equipment is this? Your screen capture of the firewall configuration isn't very readable. Can you just paste the text of it instead? We would want both the netflow configuration and the configuration of the interface(s)...

Hmm... Talk about disappearing messages!! Got a email notification of a reply on this thread which is no longer here!! First to address this "solution". I have had limited success in doing updates like these of the data in the Solarwinds database. It might change it for a few minutes, but it always seems to go back the…

Yea, this is an odd one. I just tried lowering the number of simultaneous jobs and reducing the # of items I was trying to execute it on and neither seemed to help much...

Yes, there is. The question would be how much would it be noticed, if at all. Back in the day, the premier NMS that was out there (HP Open View) would take down networks because it was aggressively polling the routing tables of all devices it could. But, those devices had minimal CPU power, memory, etc. compared to modern…

Of course there is! The question is whether or not it would affect the devices, these days they should be plenty powerful to handle something like that, although older devices might stumble. Things like polling intervals and such could matter, especially if you make them shorter. If you're really worried, run a performance…

Oh, you didn't say you were in a Report Writer, from the SWQL you posted I was assuming you were just adding it as a "Custom Query" resource to a page. A good way to help you figure out stuff like this is to go look at other reports. In this case I'd recommend something like the "Web-based" version of the "Current Status…

None of mine are that way, they're all "1.3.6.1.4.1.9.1.1861"... Have you tried scanning it in SNMPWalk.exe? Just stick in your IP, the community string, and use "1.3.6.1.2.1.1.2" (SysObjectID) OID and see what it returns... If you get the same result, maybe contact Cisco? Could be a bad router, or maybe a new model that…

Hmm... You might want to look at changing the "Security" settings within NCM itself. Sounds like you have it on "Global - Device Level", while you really want it on "Individual - User Level", or possibly even to use the "Config Management Change Approval" system. Enabling "Individual - User Level" will use an individual…

Try these: Port : ${SQL: SELECT Name from [dbo].[UDT_Port] WHERE (PortID = ${N=SwisEntity;M=PortID})} Device : ${SQL: SELECT Caption FROM [dbo].[Nodes] WHERE (NodeID = ${N=SwisEntity;M=DeviceID})}

Hmm... Yes, AFAIK there is no way to have Orion save a copy of a config that it considers to not have changed, at least within RTCD. So, if it is writing a config that would mean that it either detected a change, or that its broken and downloading configs where it doesn't consider there to be a change. My guess is that its…

Hmm... Its possible. I found this note on a posting on a Cisco site: "Note: When the tftp-server command and the filename are defined, every time the write net command is issued, the current configuration file is always overwritten. That would hint that maybe it does that. I've never used the command personally. The copy…

Are you trying to do this with just NPM? If so, I don't know of a way to do it. NCM allows you to execute commands on a device, not NPM. The reason I'm wondering is your doing the whole "Admin / Alerts & Reports" rather than going into the "Configs / Config Management" as I mentioned previously. You have to use the…

My recommendations would be as follows: Remove "ip flow ingress" from Lo0 interface. Remove "ip flow egress" from Tu0 interface. Add in the two lines I mentioned above to flush out the flows on a regular, and quicker, basis... ip flow-cache timeout inactive 45 ip flow-cache timeout active 1 That should fix it for you I…

You should be able to do quite a bit of this, I do it now on our network. Will take some work, but in the end it would save time.

Yea, I found the "DiscoveredInterfaces" table, but it had LOTS of nodes in it that no longer existed so I decided not to play with it anymore. I think the use of the "ProfileID" would solve that problem, but I thought I'd play with using NCM inventory instead. I'll have to see if there is a way to keep that table "clean"…

Sure, add the ports in Solarwinds like it asks! Actually its not a bad thing to do, all your doing is making a database bucket for the data to fall into I think. It doesn't mean you have to set up the port on the box for Netflow. However, you will most likely be missing part of the picture. But, that depends on how your…

We ran into a problem where we were maxing out the "ConnectionsInUse" on an ASA we had awhile back and causing LOTS of problems, so we monitor it now on the ones we have left. We're moving towards Fortinet where we have ASA's, so their importance is becoming less. Not a fan of that decision, but... Pretty sure the OID…

Yea, I wasn't sure if it would, which is why I resorted to the "dummy" dir command which I knew would work. That's how I've been getting around this problem. @@Solarwinds, you really need to fix this!!! Stop getting rid of the extra carriage returns in our scripts!! It used to work great, if you wanted an extra return, you…

Yea, the beginning of the line is usually sufficient. Of course, if you want to anchor at the end with a possible log, you could do it with '^\s+deny\s+any(| log)\r\n' I believe. You have to love regular expressions, don't have to understand them at all, but ya have to love them!! Kind of like women in that respect!!! 

Well, once again, NPM is recording it correctly for what its doing. If you have one tool monitoring every 10 minutes and there is a 700Mbps spike for 20 seconds and the rest of the time its at 20Mbps, over the 10 minutes its going to average it back out and probably down to something much closer to 20Mbps than 700Mbps.…

You could add the loopback to the management VRF, pay attention to what it says when you do that though, it will probably blow away the IP address configuration on the loopback when you do it. You'll also have to set up routing for the loopback for the Mgmt-vrf... Remember that when working with VRF's everything >has< to…

Yea, I understand the basics, but since I'm not using anything OPTIX your queries give me nothing. I think maybe there needs to be another ) before the last "WHERE". ie: two ending braces on the "ON".