cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Network + Netflow first setup

Hi,

I've managed to convince my manager to give solarwinds a try, specifically Netflow Traffic Analyzer and Network Performance Monitor.

I'm just after a little advice. I've never deployed any software like this befor, so I'm flying a bit blind.

Network monitor  only showing information for a few client machines, Netflow has virtually nothing.

I'm not sure I've deployed the software correctly to our workstations, or if I've imported them incorrectly.

Using the MSI and generated mst I've deployed it to all our computers, and they are showing up as agents but in the all nodes summary screen they mostly show up as a list of IPs under unknown up unknown.

These all show up as agents

agent list.png

computer list.png

with some showing up with the actual computer names under windows > windows 7 workstations

These show up as nodes.

workstation list.png

Should I be converting all the agents to nodes?

I ran a network discovery,and there is one scheduled every morning, which has found the above but nothing else.

Weirdly, all the laptops it deployed to immediately converted to nodes and seem to show up correctly

0 Kudos
9 Replies
Level 12

Using agents are a new feature in Solarwinds products, so while you were asking we are also learning the quirks of this new scanning method. Personally I would not want to get an alert each time a windows 7 machine was shutdown, so I would only monitor Servers Routers, switches, and other devices. So I would limit deployment of Agents to those to limit alert storms, and cost.

Also what could be happening on the agents is that they are deployed but not being used. You can check this by clicking on settings -> Manage Agents.


With some devices SNMP might be better for identifying nodes.


I noticed in your screenshot the Manage node view is sorting by something "Unknown" and then up/down status. You can click on the Edit button for hte resource and change the first level to Vendor and the second to Machine Type.


There are some easy to follow training videos on Thwack. You may already be done with the trial at this point, I hope you were able to get the information you needed, otherwise this should help someone else. I recommend working with Solarwinds sales or VAR like Loop1 during the trial to get the most out of the modules your testing. They will make sure you get what you need out of the product quickly. A 14 day trial can go by quick.

0 Kudos
Level 7

I already have it sorted in that order, those unknowns are what I'm trying to get sorted out.

We've 25 days on our trial left at the moment.

I wanted to get the information from every computer as i as hoping that would give us a more accurate map of the network and our traffic, as at the moment its not picking up many of our switches.

We have periodic hangs on our network we can't track down, we were hoping that by monitoring all the status it would give us something to look at when that happens, Too see if something is overloading somewhere

0 Kudos
Level 12

What make model switches do you have. You will need to setup SNMP and Netflow on these as well as your routers to get the information your looking for. If it is sorted that way then there is something else wrong, cause that is not exactly how it is being displayed in the screenshot.

You then need to add the switches in manually setting the right version of SNMP as you will want to adjust which interfaces you want to monitor to just active (and later important ones).

Also make sure you know which version of SNMP your device is using and if it is using authentication traps.

SNMP v1 is common

SNMP v2 is a little more secure

SNMP v3 is most secure but a little more difficult to setup (can be implemented a little different on each device) uses two layers of authentication and encryption

You will need to make sure all devices are ping able by the monitoring device, which means they should have a management IP configured.

Netflow is a different beast, and really depends on the make model if it will even work. There are plenty of instructions, but I found netflow the most helpful in identifying bottle necks. 

Also are you using Class of Service or QoS?

0 Kudos
Level 7

I have just noticed the agents that are replying are polling as a windows server agent. those that aren't are set to status only ICMP.

Should I change them all to SNMP?

What are the settings I should use for that?

I guess I need to find an unlocked port (or unlock a port) but what is the community string to use or is there an advised port?

0 Kudos

The community string should be defined in your shop.

Typically each environment has a different community string (windows servers, linux servers, unix servers, network devices, etc.)

Not sure what ports the agents use...yet.  SNMP will use 161 and 162.  They need to be opened in the windows fire wall on each server.

The polling server needs to be allowed to queuery the SNMP agent on the monitored node (setting within the SNMP agent on each server).

0 Kudos
Level 7

So do i define the community string somewhere? Or is it defined from when I start using it on a set of nodes?

0 Kudos

If there is not one already defined or in use at your shop.

0 Kudos

you might check to see if reverse lookup for those ip addresses resolve to a proper server name.

0 Kudos
Level 7

It looks like the IP's don't exist anymore. I'm guessing the machines were assigned different IP's or they were wireless deceives.Although 106.176.81 does correspond to a workstation

0 Kudos