I configured Netflow on OS 4.1.0,
for testing reasing i started with 2 interfaces...but in ManageEngine NetFlow Analyzer I get 3 interfaces!?!?
I tried to identify the interfaces but when I look on the traffic showing up then I'm pretty confused...the traffic showing up is not from a interface I configured for netflow.
Is that possible?
Well there isn't much I could do wrong:
Thats what is comming up in ManageEngine NetFlow Analyzer 9
A other Problem I noticed is that if you commit the config this happens:
tcpdump dst port 9995
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:35:13.666174 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 544
09:35:19.072226 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 1318
09:35:19.615405 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 1318
09:35:20.278172 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 1318
This 4 packets comes trough, then nothing more. Now you need to go to the session browser and kill the flow. Then it works like it should. My rule for the netflow is just a app rule with netflow.
We are using scrutinizer and can happily inform you that every interface pops up correctly showing the exact interface name.
We were amazed by the ammount of info available.. @PAN: GOOD WORK!!!!!!!
Now from a different perspective i would like to know at what datarate the PA is capable of generating flow info.. Is there any info on this?
I have the same thing on a PA-5050. I added the Netflow profile to one interface, and four showed up in Manageengine.
Were you able to get Manageengine to show the correct interface name? Ours looks like yours as well with the strange interface names. I also can't get ours to pull the host name.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!