1 of 1 people found this helpful
there could be several reasons why you don't see all data in you NTA. E.g. you are missing some traffic because not all interfaces are monitored by NTA.
You know that each flow carries information about 2 interfaces - Input(Ingress) and Output(Egress) (which is just SNMP indexes).
To be able to store flow to the database, NTA requires at least one of interfaces to be managed by NPM and monitored by NTA same time (I agree that it sounds little bit more complicate that it actually is).
When you receive flow where one interface is managed by NPM and monitored by NTA, second interface is not managed by NPM and option "Allow monitoring of flows from unmanaged interfaces" in ON - you will not receive any warnings and flow will be saved to the database.
When you receive flow from interface that managed by NPM and not monitored by NTA and "Automatic addition of NetFlow sources" option turned ON - this interface will be automatically added to NetFlow sources and flow will be saved to the database.
When you receive flow where both interfaces are not managed by NPM - you will receive notification message and flow will be dropped as we can't process it.
So I would recommend you to check NTA options under NTA Admin settings:
- Enable data retention for traffic on unmonitored ports - should be ON
- Allow monitoring of flows from unmanaged interfaces - should be ON
If that won't help, please open support ticket (http://www.solarwinds.com/support/ticket/), so we can investigate your case in more details.
Thanks for the quick response. I understand what you meant by 2 interfaces on each flow. Im currently monitoring the LAN interface but not the WAN interface. The reason for this is we need to know which endpoints inside the LAN is generating most of the traffic both in and outbound (mostly in as our traffic is more downloads).
Enable data retention for traffic on unmonitored ports was on already
Allow monitoring of flows from unmanaged interface set to enable as stated. Is it best to put ip route-cache flow command on the WAN interface as well?
I will test this throughout today and will reply to this thread. If no changes, I will raise a ticket with SW.
I've done a test by downloading large number of data. From my PC, I can see my download is averaging around 300Kbytes p/s and when I did a search on my IP Address using NTA Search By Endpoints, the flow chart is accurate but the table below doesn't seem correct.
The table states TCP 10.6Mbytes only.
The small graph below NTA shows that I have downloaded 800+ Megabytes in the last 30mins.
Netflow1.JPG 37.5 KB
I have the exaxt same problem. I had it on older versions of the software as well. I have not found an answer yet.
chart that you've provided actually displays Amount of Data transferred per time interval, this is not rate chart. We have interval = 1 minute there, so in your case it shows ~350Kb of data per 1 minute and it's equal to 30 min * 350 Kb / min = 10Mb of data which is reflected in table below chart.
Please can you show the same resource, but in the Rate(Kbps) mode. I also strongly recommend to open support ticket and attach SolarWinds diagnostics and Router config there.