Comments
-
You have two options: 1) If the VPN tunnel uses GRE, you can just export your NDE traffic through the tunnel. Clean and simple--and in that case you don't need to do any NAT. This is how I do all my remote site/VPN NDE. The problem is that if you use raw IPSec tunnels, this won't work: at least the last time I checked, NDE…
-
If I understand the question correctly, I don't think the loopback configuration is going to help. It sounds like the problem is that Tyler doesn't want to view the physical interface and the logical interface on separate pages. This doesn't seem to me like a NTA issue per se; it's more the consequence of the fact that the…
-
One other thing to note on this is that a node must be managed by both NPM and NCM using the same IP address. This should be obvious, but it wasn't until I noticed configs not showing up in the NPM integration for one of my devices that I noticed that NPM was targeted (correctly) to the router's loopback interface IP…
-
Yeah, I know you can edit the view. I guess what I was getting at is that I want a faster/better way to change the topN values. Sorry if I was unclear. It would also be useful to get the bottomN values from time to time.
-
I strongly agree with the suggestion and would like to see it at the top of the feature list. This would greatly improve the usability of NCM for config change management.
-
I get this error if I run it from the web console: System.ApplicationException: Field not specified or invalid at SolarWinds.Orion.Web.Reporting.C1QueryWrapper.BuildSQL() at SolarWinds.Orion.Web.Reporting.OrionReport.BuildQuery(IC1QueryProxy c1host, String orderBy, String grouping, String filter) at…
-
Will the current limitation on overlapping address groups be lifted as part of this feature? I am also very interested in being able to do this, but I need to be able to see stuff like: WAN Site 1 <-> WAN Site 2 All WAN Sites <-> Headquarters Etc. Right now you can't define overlapping address groups.
-
I don't think there's a native way to test reachability to a syslog server and reattempt delivery after an outage. For short outages you might try syslog over TCP. I don't believe NPM does syslog over TCP, but Kiwi does (I wish Solarwinds would roll Kiwi into NPM, actually). I have no idea whether IOS would try redelivery…
-
I am curious to know what features people are looking for with direct AD integration could not be achieved through RADIUS. I've worked with a lot of different Windows authentication integrations over the years, and for the most part using RADIUS with Microsoft's IAS seems like a more flexible solution. What am I missing?
-
I'd like some meta-reporting and charting capability: in other words, how do the results of the existing reports change over time? For example, if I run top 100 conversations every day, how many hosts in the top 100 are the same over a month? If I run top 50 receivers by unique partners every day, how do those change over…
-
I'm not getting this to work. I used the following in the template: <Configuration-Management Device="Cisco Ironport" SystemOID=" 1.3.6.1.4.1.9"> <Commands> <Command Name="DownloadConfig" Value="showconfig${CRLF}Y"/> </Commands> </Configuration-Management> It gets logged in fine when I do a "verify login information", but…
-
It looks right to me (although it looks to me like your access-list 101 isn't actually doing anything; you could just remove it). I assume that you have verified that you can actually ping the Solarwinds NTA collector from the router? If not, that's step 1.
-
Is that an Adtran box? It's so close to Cisco-speak it took me a second to realize it's not...
-
FYI, the "ip route-cache flow" command is deprecated in IOS. It still works (and is the equivalent of "ip flow ingress"), but Cisco recommends using the "ip flow ingress|egress" versions in contemporary software.
-
Tyoshida: 1) As far as I can tell we aren't anywhere close to having resource problems with writing to the NTA DB at 3,000 flows/sec. 2) At 100% a query with Flow Navigator takes minutes to complete and sometimes fails to complete at all. Some reports never complete. I don't see why you would want to run at 100%, since NTA…
-
OK, let's first make sure I've got the topology right: OutsideExporters---EdgeRouter---insideNetwork---NTA Server Is that correct? In other words, you have NetFlow exporters outside your network and you want to get the NDE traffic through the edge router? If so, you'll want something like this on your edge router: ip nat…
-
Agreed. Cisco has a tool called "Pari" that their resellers use to link Smartnet to inventory to EoS and EoL dates. It is clunky and expensive; if Solarwinds could pull this off it would be a huge plus.
-
I was thinking specifically of Lancope Stealthwatch and Riverbed's Profiler, both of which claim they can automatically classify application traffic and build heuristic-based alerts off of that. I haven't used either one in production so I don't know how easy or accurate they really are. I know that Lancope ties into…
-
I believe that NTA does application mapping based only on port numbers. My installation doesn't have anything by default for 8417, so I'm not sure where that's coming from. You can change it in NetFlow Settings-->Application and Service Ports, however.
-
I just wanted to check in on this feature, and make sure that you had captured the request to search across all nodes. It would be *so* useful to build an endpoint filtered search and see all the nodes (and interfaces on each node) that recorded flows involving that endpoint. Sample use case: today we detected a system…
-
I'm curious to know if anyone has got drive failure monitoring to work on Dell servers yet? I'm a network engineer rather than a server guy so I'm not up to speed on this issue, but our sysadmins tell me they are using a free tool from Dell called IT Assistant to monitor for drive failures. They want to know if we can use…
-
Another follow-up question: is there a quick way (i.e., by editing the URL) to get more than the top 5 values? I'd like to get the top 25, etc.
-
This feature is often known as "flow fanout", and it would be nice if Orion NTA supported it. There are so many tools that want to receive flow records these days that it's almost a necessity as one's network grows.
-
OK, I figured out that I should put the schema file in the Schemas folder and the reports files in the Reports folder. What about the .cfg file?
-
I think that eventually we might have products that can do this: NetFlow v9 has the ability to export raw packet contents based on an offset value in the IP header. I don't see any reason that a developer couldn't use this to facilitate URL monitoring, but I imagine that there will be quite a lot of overhead associated…
-
If you want to be able to distinguish egress flows, you need to have the "ip flow egress" command enabled. I just use "ip flow ingress" and "ip flow egress" instead of "ip route-cache flow", since I find it useful to distinguish directionality.
-
I have a related question... how can I search for a particular conversation? If I search for just one end of the conversation, say 10.1.1.1, it returns way too much information. Can I see just the conversation between 10.1.1.1 and 10.2.2.2? Or better yet, 10.1.1.0/24 and 10.2.2.0/24?
-
If you need to do this in real time on a single Cisco router, one quick way is to use the CLI: sh ip cache flow | i 06_...._0019_ This shows you all entries in the NetFlow cache with a destination port of tcp/25.
-
lchance, LLNW (Limelight Networks) is one of the large commercial content distribution networks. They host a lot of streaming services, among other things. Same with Akamai (which is even larger). You can look them up on ARIN and get a list of their IP blocks: ws.arin.net/.../
-
There's something I'm misunderstanding about your configuration, then. If you do a "show ip cache flow" on the 6500, you're saying that you see the IP addresses of internal clients?
