• State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 24 subscribers
  • Views 683 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Interface Netflow wrongly identified

FormerMember
FormerMember

Hello all,

 

I am trying to monitor a Linux server network interface with Netflow.

I got the Netflow running and NTA is receiving data. Problem now is that NPM discovers the machine with SNMP and one eth0 interface with the interfaceid of "2".

Netflow is receiving traffic from an interface '65535', which doesn't know on how to match to the SNMP discovered interface id.

There used to be the way to manual change the id in the DB, but each time you restart the NPM it is overwritten with the SNMP discovered value.

Any ideas on how to get it running?

 

Best regards,
Andreas

  • 0

    Hi,

    are you sure that it's about Interface ID and not about Interface Index? I think that you don't have managed interface with interface index 65535  and that's why NTA can't map interface index to interface ID.

    In version 3.1 you need to have both interface managed, otherwise we drop input traffic.

    This value 65535 (0xFFFF) seems to be some dummy index, right? You can set up your monitor to export both interface indexes (IN/OUT), or at least export zero value instead of 65535 which is accepted by NTA according RFC.

    Thanks ET

  • 0

    Someone asked the same question in another post. Follow this link to see how to quickly map Interfaces indexes and their matching names:

  • FormerMember
    0 FormerMember in reply to ET

    Dear ET :),

     

    thanks for the reply , yes you are right it is the "InterfaceIndex" which is the trouble.

    SNMP only discovers one interface eth0 -> interfaceindex = 2, but the Netflow receives traffic from an interface having the index of 65535.

    For tweaking the exporter I don't see those options, I would rather align NTA to the interfaceindex of 65535

     

    Any thoughts?

     

    Regards,

    Andreas

  • 0 in reply to FormerMember

    Hi,

    I wrote that 3.1 has limitation that both in/out interfaces need to be managed. Right now, you can upgrade to NTA 3.5, which eliminates this behavior and it requires only one interface. Unmanaged interface index will be automatically converted to zero, and your traffic will be only ingress/egress according which interface is valid.

    So if you are not able to force exporter export zero values, solution for you is upgrade to 3.5

  • FormerMember
    0 FormerMember in reply to ET

    Hi,

     

    actually I am already running 3.5 and the behavior is as described.

     

    NetFlow Receiver Service [NETFLOW] is receiving a NetFlow data stream from an unmanaged interface on Test-04. The NetFlow data stream will be discarded. Please follow the link build-sles-11 or use the Orion System Manager to add Interface '#65535' in order to process this NetFlow data stream.

     

    Best regards,

    Andreas

  • 0 in reply to FormerMember

    And is your option [] enabled? This is disabled by default, so maybe .....

    thanks

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.