xr219

Hi Guys, Did you have any joy with this? I'm just looking to add my Barracudas now using SNMP V3 and for the life of me I cant get it to poll. The Barracuda is on SNMP v3, The username and password are definitely correct, and I've set it to SHA and AES. On the SAM side I've SHA1 and AES128 using the same password that I…

I've put a post up on the Barracuda forums, but no response as yet. I'll open a support case with them when I get a chance, but the Barracuda support is very hit and miss.

The device is a Cisco 2921. We're only using flows on this device as its the de-mark connection to our customers, so all traffic flows through it. When a customer queries their bill, we can run a Netflow report for the period that gives some degree of detail for them. The issue we have is that, although small, this…

Hi, Just spoken with him and the values aren't set so they will be the router defaults. The device is a Cisco 2921. We're only using flows on this device as its the de-mark connection to our customers, so all traffic flows through it. When a customer queries their bill, we can run a Netflow report for the period that gives…

Hi, Thanks for that, it makes sense. My Network engineer has provided the follow. Its a v9 flow, but with no customization, other than to send the flows to the poller. interface GigabitEthernet0/0 description Connection to NLL3S002 (172.20.20.126) ip address 10.50.40.98 255.255.255.248 ip flow ingress ip flow egress duplex…

Thanks for that. We are seeing AutoDetect:No Sampling. So I've changed this to Override Autodect and set it to 1 of 1 flows. Excuse my ignorance, but does that mean that the flow data is sent to NTA and by default it samples the flow data rather than reading everything in it? That's why I've chosen 1 of 1. I clearly have…

Hi, Thanks for getting back to me. We are seeing some DNS in the same time window, but much less than in Wireshark. We're using the default V9 Netflow setting from the router and running a conversation report showing traffic in both directions over the same time period. Could it be that NTA is summarizing this data in some…

Thanks for those details. The problem is that the little read and green dots are too small for two large screens mounted on the wall. The nice thing with the charts (although not vert specific) is that the highlight very clearly that there is a problem with a group. The support guys can then open SW on their own PC and…

Hi Rharland2012, Sorry for the delay in getting back to you. We've made some progress (we think.) From the Wireshark, it looks like it may be DNS requests. I'm not sure exactly how Netflow / NTA handles such small requests, but when we look at the traffic between the endpoint and the internal DNS server over a 2 hour…

Thanks for that, That's the sort of thing I'm after, but I was hoping there was a way to select the groups natively within the SW UI without having to write custom code / scripts as we don't have any SQL / Java guys or girls to do it. I was hoping for a "Click here and select the group name" kinda option.

Hi Guys, Thanks for this. Yes, I suspected as much. We are only gathering data from two edge routers which are in failover mode, so only really getting data from one at any one time... but there is a lot of data. Ideally I'd like to export the data out to another database and let our developer guys run reporting against…

Hi Guys, having gone back over the NTA settings (thanks for the prompt Chris) It looks like the error was down to Top Talker optimisation which was at the default 95%. For now we have pushed this up to 100% and will run in this way for 24 hrs to get some data, but comparing the first hours worth of data, it looks much…

Hi guys, Sorry to bounce this, but does anyone have any idea why the Netflow Data volumes could be significantly (60 - 70 %) lower that the counted data using Wireshark? To try and get some clarity we put a port mirror on the switch port for Wireshark to Analyse the data. in a 30 minute period, Wireshark was showing…