donthomas

Cisco docs says the command has been supported from 12.2(15)T release train onwards. Is your device an ASA? ASA command reference states that "logging device-id hostname" would set the hostname of the device as the device id to be sent in syslog messages.

Let me try with an example. Say you have a router with only one LAN and one WAN interface active and an IP conversation traverses from 10.1.1.1 (in the LAN) to goog.le.com When you enable ip flow ingress on the LAN interface, it captures the IN traffic across the LAN. The NetFlow record for this IP conversation also holds…

But you do not need to use separate monitors. All you need is one flow record and exporter and you can associated it to the same monitor which then can be associated to each interface. Can you configure as below and check the issue: flow record NTArecord match ipv4 source address match ipv4 destination address match…

Yes - enabling ingress and egress on all the WAN interfaces will work perfectly, provided that is the only interface from each router you would monitor. You can find the explanation on ingress and egress here: Netflow design

I am not sure it would work even with another vendor, at least as per this bug raised: Resolved in WLC software relase 8.0? netflow on 7.4 will not support 3rd party NMS | Security and Network Management |…

Ah perfect. If its OS specific and the device sends NetFlow packets, SolarWinds NTA would work with it.

what martinstenner‌ has stated is correct - with that right OS, Fortigate would support NetFlow export and the commands he has listed should work. But the datasheet of Fortigate 500D doesnt list NetFlow support (might be due lower mem on the device or ASIC capability).

Saw this today. Thank you bhavikdalsania. Let me try! The number not in the bracket refers to, of the total traffic that matched the filter (say 100GB) you used to create the report, x% was used by that name (app, endpoint, conversation, protocol, etc.) in the first row of the report. The number in bracket refers to how…

When you monitor both interfaces, have only one command on all interfaces. If you are monitoring only one interface with SolarWinds NTA, you still have one command on all interfaces or use both commands only of the particular interface you are monitoring.

I agree with acgarton‌. I have read in a couple of forums that NetFlow v5 provides accurate stats when compared with NetFlow v9 in the case of SonicWall.

If you are referring to Bandwidth Analyzer pack (Network Bandwidth Analyzer – Bandwidth Monitor | SolarWinds‌), its a single pack that includes both the products. So NPM and NTA or Network Bandwidth Analyzer bundle will both work for your requirement.

This is the link I always recommend: https://supportforums.cisco.com/document/30476/configuring-netflow-asa-asdm Make sure you have firmware 8.2.1 and when configuring, set the template timeout to 1 minute.

NTA currently does not support IPv6 traffic but this is a feature request now open for voting. Can you add your vote from the below link please. http://thwack.solarwinds.com/ideas/1052 Thanks, Don

This was discussed in another thread here, but below is the summary: Say you have a router with only one LAN and one WAN interface active and an IP conversation traverses from 10.1.1.1 (in the LAN) to goog.le.com When you enable ip flow ingress on the LAN interface, it captures the IN traffic across the LAN. The NetFlow…

You can find information on NetFlow v9 here: thwack.solarwinds.com/docs/DOC-171037#comment-169123 R, Don

Are the Cisco? If they are Cisco devices, make sure you have enabled origin-id logging for syslog messages. The command is: logging origin-id { hostname | ip | ipv6 | string user-defined-id } "hostname" specifies that the hostname will be used as the message origin identifier and "ip" specifies that the IP address of the…

From what I understand, Cisco WAAS devices do not export NetFlow or similar packets that can be used by monitoring tools. Yes, there is an option called flow agent but it seems it was developed by Cisco with NetQoS (since acquired by CA) and those flows can be read only by NetQoS SuperAgent which I think is now part of CA…

This post should help you with nprobe config: Orion NTA and nProbe: Analyzing bandwidth hogs without flow-capable network equipment

Can you try the below changes: * Add: "match interface input" to the flow record * Change:* collect counter bytes to "collect counter bytes long" * collect counter packets to collect counter packets long * Reduce the active cache timeout to 5 seconds from 60 seconds

You are right, it changes per device and network My ( rudimentary) recommendation is as below and you will need to go through trial and error and then bring in changes based on what you see and what you wish to see. The basic thumb rule is monitor the interfaces on which you see traffic and among that monitor those…

There is already a built in rule for portscan - go to Build - Rules and search for portscan.

I read that NX-OS has ifindex persistence enabled by default. But I also happened to read about a possible Cisco bug on the Nexus which causes the ifindex can change. https://supportforums.cisco.com/thread/2187129 Could it be that you have an older OS on the device with this bug? And then, can you check the interface name…

Is it a case of interface indexes changing and then the new interface index being discovered with NetFlow data? Make sure you have ifindex persistence enabled on the Nexus.Reguar IOS devices uses "snmp-server ifindex persist" for ifindex persistance. R, Don

Download here: Network Traffic Analyzer – Bandwidth Monitor | SolarWinds. Supports NetFlow, sFlow, jFlow, vSwitch, etc.

Is there any reason for using separate flow exporters and monitor for each interface? You can create 1 flow exporter and record, associate it to the same flow monitor and then apply that flow monitor on all the interfaces. Have you tried using the same flow monitor as the one you used for Gi interface on VLAN? R, Don

Just realized that NX-OS has ifindex persistence enabled by default. But I also happened to find this thread where it says that ifindex can change. https://supportforums.cisco.com/thread/2187129 Could it be that you have an older IOS on the device? And can you check the interface name for ifindex8 on the Nexus. I believe…

If your device has only a WAN and LAN interface, its enough to enable ingress or egress on both the interfaces, or enable ingress and egress on any one of the interface - say the WAN. If you enable ingress and egress on both the interfaces, it can result in traffic double count. And can you tell us why are you looking to…

Does the SAN log traffic usage data and export them as logs? I dont think so - I believe you should explore NetFlow monitoring at access or core layer. LEM does support NetFlow sources and a few NetFlow reports too. Of course, your switch will need to support NetFlow or sFlow export for this to work.…

I believe you can capture bridged traffic with NetFlow. You can specify the list of VLANs here to enable bridged traffic. ip flow ingress layer2-switched vlan <vlanlist> ip flow export layer2-switched vlan <vlanlist>

NetFlow feature is available on AOS data products running firmware version 16.1 or later. But I am not sure if Adtran 1238POE supports NetFlow export. You can verify if it does from this link: AOS Feature Matrix - Product Feature Matrix | ADTRAN Support Community If it does, you need to enable NetFlow on the Adtran and…