1 Reply Latest reply on Mar 4, 2013 6:52 PM by mavturner

    Packets Dropped:unmonitored Node for Netflow Traffic Analyzer


      I have recently started monitoring our Netflow server using our SAM server and noticed that we are getting quite a hit on the Packet dropped :unmonitored Node for SolarWinds NetflowTraffic Analyzer statistics. I took a look at the events log in NPM and found a lot of entries under Missing Netflow Node saying   "NetFlow Receiver Service [NPMNCM] is receiving a NetFlow data stream from an unmanaged interface on xxxx . The NetFlow data stream will be discarded. Please follow the link xxxx or use the Orion System Manager to add Interface '#3' in order to process this NetFlow data stream." I took a look at our Netflow server and found that this device is in NTA and is receiving traffic flows OK. My next thought was that this specific interface wasn't in NTA, so I took a look at the SNMP interface ID and found that its not even an interface that's exporting ip flows.


      So, is the Interface '#3 mentioned in the events log not referring to the SNMP interface ID and if not, what is it. Secondly, the router is only configured to send ip flows for 2 interfaces and they are being recorded correctly, so what interface is this getting flows from and discarding? I'm actually getting 4 different events for 4 different interfaces on the same node, but as mentioned the router is only configured to export 2 ip flows.


      This is just one example of many that I'm getting this issue for. The nodes are in NTA and collecting flows correctly, but I'm still getting events saying ip flows are being discarded.


      Any thoughts on this would be great.



        • Re: Packets Dropped:unmonitored Node for Netflow Traffic Analyzer

          One thing I like to do in scenarios like this is run a packet capture to make sure nothing weird is going on. We shouldn't show the message unless we get a packet with those interface indexes (wireshark display filter for netflow traffic is 'cflow' but also be sure to set an appropriate capture filter, like the source IP). You could be exporting flows from an interface that is referncing another interface (ex: egress on the one you are monitoring and ingress on the one not sending flows). I assume if you manage the referenced interfaces the errors go away?