Comments
-
I know I can get the SN for an individual, SNMP-enabled node with a UnDP; I already do that for all my Cisco IOS devices. The wireless LAN controllers are a bit of a different animal. Each WLC controls up to several hundred access points. Since NPM already automatically reads the names and IP addresses of all these access…
-
Thanks--I was staring right at that and missed it!
-
Check to see if the database is caching bad information for his account: go into the NPM database, open the WebUserSettings table, find the NPM user who is experiencing the problem, then delete the CirrusISPassword setting value.
-
This is tricky, because Internet radio commonly uses three different ports: 80 (HTTP), 553 (RTSP), and 1935 (Flash). I've also seen less common streaming apps using odd UDP ports from time to time. I don't know of any way to easily sort out streaming traffic from other traffic that uses the same ports. The best thing I've…
-
Netflow also works fine if you use a GRE/IPSec configuration, which one of the easiest tunnel methods to set up and manage. Here's a sample config using pre-shared keys. For more scalability use DMVPN with a CA. crypto isakmp policy 1 encr 3des hash sha authentication pre-share group 2 crypto isakmp key foo address 2.3.4.5…
-
Perfect. I should have remembered my own motto, "when in doubt, capture packets". I was missing the "mls nde sender version 5" command, whereas I did have the "ip flow-export version 5" command; hence data plane flows were being exported as version 7.
-
I just realized I should add an explanation of why plain vanilla NetFlow won't work: Because BitTorrent uses lots of different port numbers, NetFlow doesn't have a way to classify it and report on it natively. Some high-end NetFlow collectors (Plixer, Lancope) have heuristic analysis that claims to be able to identify…
-
Yeah, that's what I did. There is a "save results to a file" checkbox, but it saves one file per node on which you run the script.
-
I finally finished migrating my syslog server and now I have a chance to look at this closely. As far as I can tell, this script only counts the number of syslog messages per host, not the number of each message type. I'm looking for something that shows the count of each message type. Specifically, I'd define the message…
-
The serial interface has no subinterfaces; everything is configured on the physical interface (the ":0" in the interface name is due to the fact that it's a MFT-T1 card). I tried adding the ip flow commands to the FastEthernet subinterfaces too, but that doesn't make a difference.
-
In Cisco-land at least, a router won't send its own Netflow traffic through a local native IPSec tunnel--at least on the 2800 series, anyway. I had to put it into an IPSec encrypted GRE tunnel to get this to work. FYI.
-
^ signifies the beginning of the line, not negation. The expression "^username (alice|bob)\s" works by itself; i.e. I can confirm that either "username alice" or "username bob" appears in the config. The problem is with the second part: confirming that no other usernames exist. For negation, I'm trying to use a negative…
-
Clarifications on superfly99's comment: If you use SPAN to mirror the traffic from a non-NetFlow switch to a NetFlow-capable one, you're still not going to get NetFlow export from the second switch because those packets aren't going to be forwarded by the second switch; on Cisco devices at least, NetFlow export is…
-
I hate to contradict a SW staff member, but the Catalyst 2960 does not support NetFlow. The only way to get NetFlow data out of lower-end switches is to mirror the traffic to an external flow generator. Only the Catalyst 3750-X and higher support NetFlow.
-
This is excellent, thanks! Are the NetObject parameters documented anywhere?
-
Can you give an example or two? I have a DBA who can help me with this if I have a place to get started.
-
Do a search on the forums for nProbe--it will take traffic from SPAN ports and export NetFlow based on that. Your 2600 router isn't going to produce NetFlow export without being in-line.
-
Sorry, I should have provided more detail. NPM and NCM are on the same server, I can validate SNMP credentials successfully, and the inventory runs. However, it never picks up the hostname, location, etc. Please note this is not a Pix. It is an IDSM2 module in a 6500. Based on advice in another thread here, I modified the…
-
On older images you need to use "ip route-cache flow" on the interface instead of "ip flow ingress".
-
There is a Security Onion list on Google Groups that can help with that sort of thing. I don't think this is the appropriate place for it. Suffice to say you will need to build some basic Linux skills if you want to get anything out of it.
-
I'm not entirely clear on what you're trying to do. If you just want to filter on all traffic from Akamai, probably the easiest way is with the BGP Origin-AS feature in NTA--assuming you have a BGP router available with full tables. You could also use an IP address group like Andy suggested, but for a CDN as vast as Akamai…
-
It looks like it has the correct info and I can modify that report to fit my needs. Thanks!
-
It seems to me that the superficial answer would have to be "no". If you are looking at the CMDB in the true pie-in-the-sky ITIL sense--as a universal configuration repository--then NCM clearly can't do this, as it has no way to track the configuration state of servers at all. I've read somewhere that less than 5% of ITIL…
-
If the outside exporter is sending the netflow packets with an "outside" source address (e.g., a public Internet address), then you would need to configure a translation on your NAT router that translates the destination address to the Orion server's address. Your firewall will also need to be configured to allow the…
-
The flow export and datagram counts look normal to me. The "25 export packets were dropped due to adjacency issues" means that 25 flow export packets were lost due to some transient routing problem on the device that caused it to lose its route to the Orion server (probably an interface flap). Since your Orion server isn't…
-
Just to add to rharland's post, I'd recommend doing the endpoint filter on an Interface Detail view instead of a summary view. As was discussed recently in another thread, it seems like certain filters produce either strange or no results at all with summary views.
-
If you want average PDUs per minute, just take your average PDUs per second and multiply by 60. The only vendor I'm familiar with that uses a "flows per minute" value is Riverbed, and they count "deduplicated" flows per minute. That's a hard number to calculate, since the amount of post-collection deduplication varies…
-
smasher953-- If you have WCS you can always use that to back up the configs.
-
As has been previously mentioned, there's no way to do flow-to-user correlation solely with NetFlow. There are other flow analytics vendors that integrate user ID with NetFlow by querying Active Directory logon events and caching username-to-IP address mappings. Since Solarwinds already has event querying capability built…
-
The sysadmins here are looking to create a step-by-step restore procedure for rebuilding our Orion installation in the event that either the NPM/NCM server or the DB server dies. They are already backing up the database using their normal MS SQL server backup procedures, but what we don't have is a procedure for a)…
