6 Replies Latest reply on Jan 15, 2009 7:43 PM by rsprim

    Perplexed by Netflow event

    sotherls

      I am showing an event fron Netflow saying something like:

      "... the netflow data stream will be discarded. Please use the Orion system manager to add interface #127 in order to process...."

      How do I know what Interface #127 is? There is no coresponding in the System Manager that shows the interfaces as 127. Do I have to enable all interfaces and narrow it down that way or is there a better way to identify the mysterious interface?

        • Re: Perplexed by Netflow event
          jeff.stewart

          You could look at your exporters for the last 15 minutes to see which interfaces are sending netflow data.

            • Re: Perplexed by Netflow event
              borgan

              That message indicates that the interface is not currently being monitored by Orion. You need to actually add it as an interface via System Manager or the web. One thing you could do is open Database Manager and look in the Interfaces table for the Interface ID in question. Note the Node ID that it is associateed with. Now open the Nodes table and find the Node ID and Caption or IP address.

              Now all you have to do is List Resources in System Manager and check the box next to the interface on the node. Or, go to the Manage Nodes on the Orion web site and add the interface. Now it can be a NetFlow source,

              Hope that helps.

                • Re: Perplexed by Netflow event
                  sotherls

                  Borgan, I tried this before I submitted the question. I do not have a 127 in the Interface table either as an InterfaceID or an InterfaceIndex.

                  I took jeff's advice and looked at the exporters and found an interface that wasn't check and checked it. Hopefully this will settle it down.

                  Now, to find out why the same device is listed twice under the exporters.....

                  Curious

              • Re: Perplexed by Netflow event
                Jesquitin

                If this is a Cisco device you could run the following command in enable mode and this should display the interfaces and the associated ifindex numbers.  Look for the interface with 127 as the index number

                Hostname#show  snmp mib ifmib ifindex

                  • Re: Perplexed by Netflow event
                    rsprim

                    Absolutely, this will probably work better than my suggestion.  I would recommend piping that command to an include statement to narrow the output:

                    Hostname#show snmp mib ifmib ifindex | i 127

                    For a non-cisco device though the Mib Browser is probably the best bet.

                    Robert

                  • Re: Perplexed by Netflow event
                    rsprim

                    The best way to resolve this problem is to use a MIB Browser (I use the one in the Solarwinds Engineer's Toolset) to browse the device exporting the flow.  Simply put in the device IP and Read SNMP community string and click Get Tree.  Let it run for a while (30 seconds) then stop it.  Click Find under the Edit menu and do a search for ifDescr.127.  The value should tell you the common interface name (i.e. GigabitEthernet1/24) and you can manage that interface under System Manager.

                    Robert