the message about unmanaged device means that server running nProbe is not added to Orion, I guess you've added the node later, since you can see list of interfaces. You also need to enable “Allow monitoring of flows from unmanaged interfaces” in NTA settings, or set egress interface index to server interface managed by Orion (which is most probably two: -Q 2 in your command). More information can be found here - Orion NTA and nProbe: Analyzing bandwidth hogs without flow-capable network equipment
Thank you Martin for your response; However, 'Allow monitoring of flows from unmanaged interfaces' was already selected and all the interfaces from the nProbe servers have been set to monitor 'NetFlow' and 'QoS' within NTA.
I have two NIC's on the nprobe server which when checked return indexes of 0 and 1. I've tried all combinations; 'nprobe /c -i 1 -n 10.0.99.34:2055 -b1 -u 1 -Q 0', 'nprobe /c -i 1 -n 10.0.99.34:2055 -b1 -u 0 -Q 1', 'nprobe /c -i 0 -n 10.0.99.34:2055 -b1 -u 1 -Q 0' and 'nprobe /c -i 0 -n 10.0.99.34:2055 -b1 -u 0 -Q 1' .
Either way, NTA shows ingress and egress traffic on all interfaces. Yet the loopback address is the only one that is flagged as 'Last Recieved NetFlow', all others show 'Never'.
If you are able to see traffic on that loopback address then I believe it's working correctly. Do you see all traffic there? If you use nProbe like this it will insert specified interface indexes into every flow (0 and 1 in your example), so each flow will appear to go to/from these interfaces. NTA does not match 0 to any interface, that's why you see just one interface with NetFlow data. If you want flows to appear on second interface also, you can navigate to that interface on NPM Interface Details page - there is Index of that interface which you can then use in your command to start nprobe. But this will be mostly cosmetic change, you'll see same data on both interfaces, only with different direction.
I think we need to start by taking a look at your nProbe command as I see a few recommended changes.
First, you should add the following switches:
-V 5 (this tells the probe what version of NetFlow to export)
-t 60 (this tells the probe to export active flows every minute)
-d 15 (this tells the probe to export inactive flows after 15 seconds)
-L <subnet> (this tells the nProbe what traffic should be considered inbound and what should be considered outbound)
Next, it sounds like the NetFlow collector you're using doesn't like seeing flows on interface 0. "NTA does not match 0 to any interface, that's why you see just one interface with NetFlow data."
This means you're going to want to use something other than 0 for your -u (input interface) and -Q (output interface) switches.
In the end, you'll have something like this:
"nprobe /c -n 10.0.99.34:2055 -i 1 -t 60 -d 15 -u 1 -Q 2 -L 10.1.0.0/16 -V 5 -b 1"
If you're using the nProbe for NetFlow, it can export much more than traditional NetFlow has to offer. For example, I have it setup to export HTTP URL's along with client, server, and application latency. NTA doesn't support these IPFIX fields, so you'll need to use a NetFlow collector that does. I'm using the demo version of Scrutinizer for this and you can find a configuration guide on how to configure nProbe over at their website.
I hope this helps!