In this article you will learn how to verify and capture the Traffic is been received for the NTA ( NetFlow / Traps & Syslog )
Firstly you will have to make sure you have configured your device correctly to send required Traffic on Orion server IP & Port .
If you are new and have no idea about WHAT IS NETFLOW i would recommend to watch these videos carefully and understand the requirements and configuration required on the Device .
Please see the Video below
How to troubleshoot NetFlow using Wireshark - Video - SolarWinds Worldwide, LLC. Help and Support
Cisco Netflow Advanced - YouTube
MicroNugget: Netflow - YouTube
How to configure Netflow on devices ?
How to Configure NetFlow on a Cisco Router - YouTube
Cisco ASA NetFlow Configuration Using ASDM - YouTube
Configuring NetFlow on Cisco 3700 Router and Cisco ASA - YouTube
SolarWinds Knowledge Base :: Configuring Cisco ASA devices for use with Orion NTA
Overview of Network Traffic Flow Technologies - YouTube
If you are new and have no idea about WHAT IS SYSLOG i would recommend to watch these videos
Cisco - Syslog (kiwi) - YouTube
CCNA 200-120 - Syslog Basics - 81 of 84 - YouTube
If you still not able to see the traffic within Orion application please follow the steps below in order to filter and verify the traffic is actually been received at Orion port.
For this you will have to install the Wireshark as below.
Download Wireshark and install on Orion Server / Kiwi Syslog Server .
Make Sure Windows / McAfee / Norton / Any other A/V Firewall Disabled on Orion Server / OR Create a Rule in Windows Firewall to allow port traffic in some cases i have found the Windows Firewall blocking the traffic to the service even the traffic can bee seen in the Wireshark
Click > Capture >Interfaces > Select "Required " Correct interface >
Now apply required filter.
Change the IP in filter of Node which is sending Netflow to Orion (Cisco / Juniper / Switch / Router ) and apply.
ip.src == 192.168.1.1 && udp.port == 2055
OR
udp.port == 2055
click apply .
Are you able to see Flows from the Node like (Cflow (for Cisco )/ Jflow for Juniper / Sflow ) ?
if no packet please check your device or network for further troubleshooting as this will confirm that
Orion is not receiving any packet hitting NTA default port 2055 .
******************** Use following for Traps / Syslog filter in Wireshark as above example *************
For Traps
ip.src == 192.168.1.1 && udp.port ==162
OR
udp.port == 162
For Syslog
ip.src == 192.168.1.1 && udp.port == 514
OR
udp.port == 514
For more details please find
SolarWinds Technical Reference Troubleshooting NetFlow
http://www.solarwinds.com/documentation/ref/NetFlowTroubleshooting.pd
After receiving NetFlow packets if you still not able to see the results
Please Note:
Solarwinds nta requires bytes group information.
Make sure NTA packets are not missing data (octet)
For more details see below KB post.
Required Flow template fields in NTA
Please contact device vendor you might need to change the netflow record and add the following.
collect counter bytes long
collect counter packets long
