Comments
-
Please post the NetFlow config from your switch.
-
You might be able to do this by configuring an IP Address Group that contains all the address space reachable via the WAN links.
-
Could you create separate IP address groups for the two networks, then use traffic view builder to get the information you want?
-
The quickest way to do this on a small network is to capture a bunch of traffic with Wireshark (free), and look at the traffic statistics available under the "statistics" menu. If you have a router that supports NetFlow, the free Solarwinds Real-Time NetFlow Analyzer tool might also be useful, as would the NetFlow…
-
Try putting this query in a custom report. I think this is what you want: SELECT g.name,r.low,r.high FROM netflowipgroups g,netflowipgroupranges r WHERE g.ipgroupid = r.ipgroupid ORDER by g.name
-
I had the same problem and had to manually re-add the views. The views I added were: NetFlow Sources Top 10 Netflow Sources by % Utilization NetFlow Sources Traffic View Builder A bunch of search options Last 25 Traffic Analysis Events
-
There's a complex Cisco CDP MIB available to SNMP, but unfortunately I get "OID not supported" when I try to query most of the interesting entries with the Solarwinds UnDP tool. I think your best bet would be to try writing an EEM policy to send a syslog message when the CDP table changes, then alert on that syslog…
-
You should only need to allow a single port (udp/2055 by default in NTA) from your NetFlow exporters. If you don't want to allow multiple source IPs, I think Lancope sells a commercial NetFlow forwarder and I believe the flow-tools package contains an open-source one.
-
Agree completely. I've mentioned this before too. From what I've seen, most of the competing products have this feature.
-
You can go either way. It just depends whether you need the additional visibility on flows that might be confined to lower layers of the topology. NetFlow is interface-specific, so you need to export from all interfaces for which you need detailed visibility. If you only need visibility at the L3 point in the topology,…
-
nProbe is not a Solarwinds product, so you might have better luck at their website: http://www.ntop.org
-
My experience with this has usually been that an "unknown state" means one of two things: * The Windows SNMP service is messed up and needs to be restarted. * The SNMP OID of the NIC has changed for some reason. If this is the case you will probably see a new unmonitored NIC in "List Resources". You should then monitor the…
-
Yeah, I had this same problem, among others. I opened a support ticket and they sent me a SQL query to run, which got rid of the error. Now I'm getting "There is no active cbQoS policies" and "No data for selected time period". Guess I need to open another ticket on that one. Getting pretty frustrated with NTA lately.
-
The 3750E does not support NetFlow. No Catalyst 3750 series switches have full NetFlow support. The 3750X has limited support, but only if you have the appropriate 10G uplink module. The newer mid-range access switches (3650, 3850) have NetFlow support, along with the 4500E (with appropriate Supervisor), 4500X, 6500, 6800,…
-
I use the "Cisco IPS Module" template in NCM 5.5.2. It works fine with my IDSM-2 modules, with the exception of downloading the annoying "Generating current config" lines from the IDSM.
-
If I'm understanding you correctly, this would be a function of a) how your routing is configured, and b) the amount of RTP traffic you have. If you have a lot of RTP traffic and your routing policy is directing it over that link, you would expect to see those traffic patterns.
-
I'm not with Solarwinds, and I'm not sure I fully understand your question, but you might want to check out the Physical Entities report in the NCM inventory. This tracks all the component serial numbers for stuff like 3750 stacks. This is how I do my Smartnet reconciliations, but it still takes a lot of post-processing of…
-
I always hate disagreeing with Solarwinds staff, but Malik's explanation is not quite correct. NetFlow is *interface* specific, and it's directional. For a particular interface, ingress NetFlow measures packets coming *into* that interface from the router's perspective, and egress NetFlow measures traffic leaving the…
-
What exactly are you trying to monitor? From the document it sounds like you're just trying to get a list of the tunnel destination addresses. Is there anything else?
-
The 3560G does not support NetFlow. The commands are there (probably for OS-level compatibility with the 3560-X with the Flexible NetFlow expansion module), but they don't do anything.
-
If you have access to a Cisco router you could use IP SLA to perform the test, then set up a universal device poller in Orion to alert you when the IP SLA test fails. Something like this: ip sla 1 tcp-connect 1.1.1.1 666 tag testTCP ip sla schedule 1 life forever start-time now Then set up a UDP to monitor this using the…
-
So, is this impossible? Can I really not have a policy that says username goodAdmin must be present, but username Cthulu (or rather, any user except goodAdmin) cannot be present?
-
You can't get accurate statistics at the HTTP level with NetFlow. This isn't a limitation of NTA: it's due to the fact that most websites are hosted on servers that have multiple sites associated with the same IP address, and are differentiated only by the host headers in the HTTP request. Flow-level data doesn't contain…
-
NTA doesn't support TCP flag tracking at all.
-
I'm kind of surprised by the generally negative response. I probably wouldn't implement the specific example you gave (changing the priority queue size), because I can't think of a situation where I would have a small priority queue, a number of calls that could burst above that size, and where I wouldn't use CAC. As a…
-
Just to be clear: your problem is that you're using traditional (that is, crypto-map based) IPSec configurations on your routers, and the routers aren't exporting NetFlow data at all, correct? If so, one solution to this is to use IPSec-encrypted GRE tunnels instead of standard crypto-maps on interfaces. The NetFlow export…
-
Can you do a traditional NetFlow v5 config on the 7E, or does it require the Flexible NetFlow syntax? It looks like you're only connecting standard v5 fields anyway.
-
This is not possible in NTA today. That data isn't present in NetFlow v5 or traditional NetFlow v9 at all. Some exporters (some Cisco ISRs and ASR1ks with NBAR2 enabled, and some dedicated NetFlow DPI probes) can send the application name as part of their NFv9 or IPFIX exports, but NTA doesn't support this. There is at…
-
Servers typically aren't NetFlow exporters. You need to configure your infrastructure devices (i.e., routers and switches) to export NetfFlow to NTA.
-
If you check your NetFlow cache with "show ip cache flow", you'll see that the VirtualAccess interface is the one actually tracked by NetFlow, not the Dialer interface. Hence, it's expected behavior. The dialer interface is sort of a logical abstraction used to hold configuration information, whereas the VirtualAccess…
