Netflow events keep on showing un-managed interface

Any comments from the resident nerds/geeks out there yet?

There are few solutions for that situation. However Netflow server receives any flows as long as they come, so first it might be possible to administrativly shutdown unnecessary interfaces which should stop incoming flows. Next solution is to replace List of Last xx Events with Custom Querry item in the view and put there SWQL querry which filters events. Ulimate solution is just remove List of Last xx Events to stop anoying you Last 2 solutions will not stop incoming messages but you will not see them. Anyway that is not consuming much bandwidth because those messages are signals of some traffic trespassing interfaces which are not managed by Orion.

Unfortunately I have no access to any NTA instance currently (so I cannot check it) but I remember that it should be something in NTA Settings to exclude interfaces which are not necessary to gather flows.

When you are checking for interfaces like this you should start with doing an snmp walk against the router when it generates the message to see which interface is associated with that .  There is a table that should relate #448304 to an interface name and apparently that interface is not being monitored in NPM.  That is the index number the router is associating with an interface that is reporting Netflow data.  Figure out what interface that is, turn netflow off there or add it to NPM. 

Hi, MESVERRUM.

Thanks for your feedback; Here's the thing, on one of the routers we have, I'm sending flow data from its LAN and WAN interface ONLY. Both interfaces are monitored in NPM and its currently showing in NTA. I also have the settings below. But on the NTA event messages section, I'm getting a lot of event messages stating that I'm receiving flows from interfaces from that router with interface name beginning with "#"; How come I'. receiving this flow if Netflow is turned on only on LAN/WAN interface and not enabled in all other interfaces of my router? This shows for all routers we have across different locations.

I would still suggest doing an snmp walk or just adding that interface to solarwinds to see what it shows up as so you can get a clue where to look in your router configs to try and stop them.  Looking at the screenshot it appears that over 7% of the flow data hitting your server was from unmonitored interfaces so I probably wouldn't just ignore it.  One of the tricky things about Cisco and netflow, especially flexible netflow, is that the command syntax and how it operates is very inconsistent from model to model so I don't have a good guess as to why your devices are sending flow data for interfaces beside the lan and wan that you expect them to.  Solarwinds is just telling you what it is getting so all the troubleshooting and fixing is going to be on the Cisco side of this.