0 Replies Latest reply on Jul 30, 2010 10:22 AM by bberry

    default timeframe for searching by IP address or port / application

    bberry

      Is there a default time frame when doing a search by IP address or port / application? IS it looking through the entire database?

      The reason I am asking is that I am trying to track information from a device that is reporting to Orion but the ports are not showing up or the IP address has 0 bytes for transfer. I added an ACL to the router and there is traffic flowing through the router the cache flow table does have entries for the IP address with packet counts and the like but I have nothing in Orion. I am wondering if there is information missing because I possibly need to tweak something or is there just so much something is rolling out of the export table?

      I am running out of ideas for what to look at.

      Jul 30 10:05:16.675 CST: %SEC-6-IPACCESSLOGP: list 110 permitted udp 172.16.1.145(123) -> 17.151.16.22(123), 1 packets

      Memphis_4506_C1#sh ip cache flow | inc 17.151.16.22
      Gi3/12        17.151.16.22    Vl10          172.16.1.145    11 007B 007B     1

      ip route-cache flow infer-fields
      ip flow ingress infer-fields
      ip flow ingress layer2-switched
      ip flow-cache timeout active 1
      ip flow-export source Vlan5
      ip flow-export version 5
      ip flow-export destination 172.16.4.4 2055