cnorborg · Network Professional IV · ✭✭✭✭✭

Well, if the appliances you have either have an NP6 or are set up in a very specific way, then it will probably work. But I was noticing that far less traffic was being classified than was actually transiting the interface. The device on the other end supported Netflow, so it was pretty apparent to us, not to mention the…

Now the nice thing about using the .tar vs. the .bin file is that it does all the checks and such for you, like verifying that the file was downloaded right, checks the CRC and such. Also, if you're doing stacks of switches, and this was true for at least the 3750X's so I'm pretty sure its true for others, it will upgrade…

Hmmm... Less of the output above and more info on your environment might be good. Such as what version of NPM and any hotfixes you might have applied and such? Release notes for Orion.Platform 2015.1.2 Hotfix 2 below shows some fixes have been done to discoveries... Orion Platform 2015.1.2 Hotfix 2 * Allied-Telesis device…

Sorry, must have included too much information and confused things a bit. The point of my post is that flow packets contain both source and destination interface information in every packet, regardless of what interface was used to generate the packet. Lets say your monitoring flows on interface B1 and B12, but not B2…

The message, that its receiving flow data from an unmanaged interface, isn't really accurate since the interface doesn't actually send the Netflow packets. Its receiving it from the box that has the interface on it. This is kind of important in that a Netflow packet has lots of information in it, including the source and…

They tend to use pretty standard regular expressions, so if you search for a regex cheat sheet, you should find a good example. I use one from AddedBytes.com. That being said, regex's can be tricky... For the simple string find, I do believe that "*" matches any number of anything, while "?" matches one of something. Only…

In the "Orion SDK.pdf" reference guide on page 12 under "Common SQL Constructs Supported", it lists:  Subqueries in the SELECT clause  Subqueries in the FROM/JOIN clauses but not subqueries in the WHERE clause... It might be possible to restructure your queries so that its part of a JOIN maybe? Your example is pretty…

Yes, I'm having problems both retrieving an old case and opening a new one. The form for opening a new one isn't enumerating any of the dropdowns to select things like what application, case priority, etc...

Here is a post from Cisco on it: Network Management Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9200 Switches) - Configuring Flexible N… Note the "Prerequisites" which say you must configure a source interface and such. I'd recommend making sure you can ping the Solarwinds server using whatever source…

I believe you have a couple things confused here. The "Custom Query" resource on a page is for a SWQL query, not a SQL query. If you want to do something like that you'll need to convert your query to a SWQL query, which from what I'm seeing, might be impossible or at least >very< difficult. SWQL information can be found…

A first guess would be to update the inventory on that device? Try going to "Configs" and "Configuration Management". Find the device in question and select it, then the "Update Inventory" should be available to click... Its also a good idea to update inventory on all your equipment on occasion, you do this in the "Config"…

Solarwinds has a "Product Upgrade Advisor" that you can try putting in your info and get a recommendation. https://customerportal.solarwinds.com/support/product-upgrade-advisor‌ NTA 4.X doesn't use SQL however, it uses a separate NOSQL "Flow Storage Database", which you'll need to run on a separate server. I'm guessing the…

Ok, lets try and break this down. So, lets say you have an interface on a node, and that interface is polled every 10 minutes. If there was 600Mbits of traffic going across that interface during that period, it would take that 600 Mb, divide it by the time period (which it probably needs in seconds rather than minutes) and…

I did set up a feature request for this some time back, its here:

Been back to working with policy manager a bit and have a few features I'd love to see... 1) Add a "copy" function to managing rules/policies. We're trying to produce our policies to match the written policies of our security team, so we have several rules that are very similar with just minor changes because they are…

As of yet I have not been able to get it to get me a breakfast burrito (with or without green chile), or a soda... It doesn't cook bacon... I've never seen it catch a train or a plane... It doesn't monitor children for you... To the best of my knowledge, it's unable to send back nearly indestructable robots in time to aid…

For those interested in this topic, you might be interested in a feature I've requested to enhance this feature. Details can be found here: Please vote it up if you agree!!

1.3.6.1.4.1.12356.101.1.15000 FortiGate-1500D 1.3.6.1.4.1.12356.101.1.1004 FortiGate-100D 1.3.6.1.4.1.12356.101.1.2005 FortiGate-200D

So, not sure if this qualifies as an "Unknown" device, it doesn't seem to be discovering correctly at all though. We have merged with another company and they have quite a bit of Aerohive products, both AP's and switches. Haven't started on the AP's yet, but the switches I'm having problems with. They're SR2024 switches…

Have you set the source interface that Netflow will send packets from? ie: ip flow-export source <ip address> The IP address you give as the source interface should be the same as what you're managing the device with in Orion. Preferably a loopback?

I can think of a couple ways to do this, but neither one uses the Compliance manager. The problem is that at least currently, the compliance manager only uses the configurations that NCM downloads for compliance checking. There is no way to use another value that NPM or NCM downloads through another means to do a…

Vote on solving this issue! 

Not sure if this has been mentioned yet, but here it is. I'd like to have maybe a global flag that says whether or not "Node Name" gets automatically updated/changed when the "System Name" changes. On occassion a server name or switch name gets changed even though its IP doesn't. The system automatically picks up this…

This feature request might help!!

So, I sent you some pictures of our maps privately, due to the sensitive nature of our campus and such. Hopefully you got them already. Some things we love include the way it zooms in, the ability to filter things out, or do just groups or nodes. While I love the boxes that pop up when you hover, they tend to pop up really…

So, what are your thoughts on my suggestions? If you were able to restrict users to specific views that had the specific subnets in them, would that work for you? If not, what things were you looking for?

Well, Netflow is a bit tricky at times, although I definitely think from what you're saying that there is a problem here. Knowing more details such as what type of equipment your monitoring and how its configured might help. My initial guess would be that your only seeing traffic that is being switched by the processor,…

Glad to be of help, thinking of integrating it into our environment too, so thanks for your initial legwork on it!

Good idea! Try something like this, a Custom SWQL query based off the IP address of the neighbor leveraging the NodeIPAddresses table... EIGRP neighbor ${N=SwisEntity;M=NeighborIP} (${N=SWQL;M=SELECT NIP.Node.Caption FROM Orion.NodeIPAddresses NIP WHERE (IPAddress = '${N=SwisEntity;M=NeighborIP}')}) has gone down for…

The one really nice thing about SWQL is you are only looking at the database, unless you get into actually programming with CRUD. So no worries about "touching" the database with this method. That being said, custom SWQL for alerts can be a bit tricky, you need to play with it for sure. The main difference between the two…