Comments
-
I was more curious than anything - especially if I were to just move the poller/web function off the existing server. The most likely thing for me to do would be to move the db to one of our dozen or so SQL boxes. That said, I need to have a better understanding of the requirements for the db server before I go to our…
-
Would you recommend moving the poller or the DB? Also, the minimum specs listed on NPM's datasheet don't really provide much insight considering my current hardware is well over what is listed. Can you give me a better idea of what type of hardware would be adequate for each? Also note that we are looking to add APM as…
-
I'm seeing this issue as well in 8.5.1 SP3. Is this fixed in version 9? Seems like I should be able to modify the file name since it is clearly just missing an "n" in the code, but I don't want to do that just to have to change it back when I upgrade. Thanks, Scott
-
I'll be honest and say I haven't read this whole thread over. That said, I was having massive performance problems until I discovered something. We are running SQL 2005 and by default, SQL is configured to take as much memory as it wants. In our case this meant it left about 100Mb of memory for everything that wasn't SQL.…
-
Are there any general guidelines for server specs? Separation of polling engine from DB always recommended? Single box here dedicated to running NPM and NTA as well as the SQL instance. Roughly 450 nodes and 700 interfaces currently. Server is dual-quad-core 3Ghz processors and 4Gb RAM. Not sure on the exact specs of the…
-
Just curious - how early in 2009 are we talking? I've been having this error for some time now and would love to see a fix. On a side note - will the new version have better capabilities around IP groups?
-
I guess I'm not following your question entirely. If all of the interfaces on which you are collecting NetFlow data are in NPM and you are continuing to get NEW instances of that error message, I would go into NPM and rediscover each of the Netflow enabled interfaces on the device it is complaining about. I have had to do…
-
Maybe someone can correct me if I'm wrong. I'm not a database expert by any stretch but from what I've seen poking around in the tables it appears that if a port is not considered as monitored it is given a value of "-1" and the original TCP or UDP port is not retained. Therefore you may want to set up some reports that…
-
It's not enough to just have the device itself being monitored. The interface on which you are collecting data - with the "ip flow ingress/egress" has to be a managed interface as well or you will get that error.
-
Well, you can still build reports based on multiple address groups but I agree that it is limiting only being able to put a single contiguous range into an address group. The beef I have with the report tool though is that you can't copy an existing report and then modify it. Each one you have to start from scratch it…
-
I think if you click on "Disabled Applications" and then click on "Monitor All" that will do it. Then again just about anything is possible en-masse if you are adventurous and creative with SQL. :)
-
Sorry for such a late reply but I wanted to get back to you. I did try this and unfortunately it did not work. I think I tried every possible combo under the sun but it appears that tdanner was correct as I could not find any way to pull it off. Instead I wound up keying off of the core switch stack at each location as…
-
Yes - the scheme is ridiculous and we are actively going about changing it, but it will probably be at least 6 months before that is complete. I guess I'm thinking that the IP address groups is the way to go as it isn't going for the short-term fix that may have long-term implications. Another thing I'm curious about…
-
I see it listed as well, but it appears by default it isn't enabled. Try going to the port in the Netflow settings under Application and Service Ports and under "actions" click "enable". By contrast, when I look at port 80 it's option is to disable rather than enable. Hope that works for you.
-
They really aren't competing products. MARS is a security product and uses NetFlow as one part of gathering information. MARS is more about gathering info from different systems and correlating events and data so that action can be taken - potentially automated action at that. NTA is going to give you a view into what's…
-
You may want to check in IIS to see if the website is set to only answer on a specific IP address on the box. If this is the case then you cannot use the loopback address. Otherwise, just try changing the 127.0.0.1 to the actual IP or name of the box.
