2 Replies Latest reply on Dec 24, 2014 10:01 AM by choly

    Netflow ip address group




      I've just started to setup a netflow collector and what I've noticed is that under the predefined "Private addresses" group I'm getting traffic which should be listed under more specific address group that I created to collect all the traffic to and from private addresses inside the organization.

      My question is how are overlapping networks managed within the ip address groups feature? Will I see the traffic reported two times (a kind of doubled traffic view witch in my opinion is incorrect) or will solarwind be smart enough to use the more specific address group to report the traffic under the "ip group" view ?

      Can anybody clarify this ?

      Thanks, luigi.


        • Re: Netflow ip address group

          out of the box, all private IP addresses are caught by the defaults


          Admin > NetFlow Settings >  IP Address and Groups


          Define your networks


          the highlighted ones are the defaults, which I no longer use

          Default IP groups.JPG

          When done you will get the following after some polling time:

          IP Groups.JPG

          • Re: Netflow ip address group

            If two groups overlap, data will be shown twice in IP groups resource. Let me explain:

            Let's say you have 2 IP groups - a bigger one called 4th floor (e.g. range and overlapping subgroup HR office (e.g. range

            If there is a 100MB communication from HR office to exchange server - the traffic will counted to both HR office and 4th floor because otherwise you will get your sum of data for 4th floor wrong (e.g. 100MB less).


            But that multiple reported data will only appear in IP group charts/reports, to report exact data transfer use total transferred bytes or protocol resource.