10-27-2016 03:45 AM - edited 10-27-2016 03:46 AM
Hi, Please I need Help !!
I have installed Netflow integrator to collect netflow data from PaloAlto firewall.I have configured PaloAlto to send netflow data to the server Netflow Integrator.But there is no data is receiving .
How can I know that paloalto is sending netflow.Is there a solution that help me to verify ?
Thanks in advance.
Best Regards.
10-27-2016 04:31 AM
Hi,
By default netflow will use the management port (if you have no service route configured for Netflow service).
Via the CLI you can do the following to capture traffic from your mgmt-port to your Netflow server IP address :
> tcpdump filter "host <IP>"
Let it run the time you have configured your Refresh rate in your netflow server profile.
Press Ctrl-C to stop the capture and use the following command to check your tcpdump content :
> view-pcap mgmt-pcap mgmt.pcap
You also might want to verify if there are actual netflow records :
> debug log-receiver netflow statistics
And it might seem silly, but you did apply the netflow profile to an interface right ?
Hope it helps,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
