12-01-2011 11:12 PM
I configured Netflow on OS 4.1.0,
for testing reasing i started with 2 interfaces...but in ManageEngine NetFlow Analyzer I get 3 interfaces!?!?
I tried to identify the interfaces but when I look on the traffic showing up then I'm pretty confused...the traffic showing up is not from a interface I configured for netflow.
Is that possible?
12-02-2011 05:25 PM
If you post your Netflow configuration screens (or the relevant sections of your configuration file) to this thread we could see if you have mis-configured anything.
But this does not sound like correct behavior.
-Benjamin
12-05-2011 12:44 AM
Well there isn't much I could do wrong:
Thats what is comming up in ManageEngine NetFlow Analyzer 9
A other Problem I noticed is that if you commit the config this happens:
tcpdump dst port 9995
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:35:13.666174 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 544
09:35:19.072226 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 1318
09:35:19.615405 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 1318
09:35:20.278172 IP 10.122.13.190.41191 > stechsv122.ch.sterianet.palace-4: UDP, length 1318
This 4 packets comes trough, then nothing more. Now you need to go to the session browser and kill the flow. Then it works like it should. My rule for the netflow is just a app rule with netflow.
12-05-2011 12:47 AM
Just to make it clear...I only configured one interface not 3! But NetFlow9 shows me 3 Interfaces.
12-16-2011 08:52 AM
I get same - one int tagged for netflow, but 5 or 6 ints show up in ManageEngine Netflow - we're running 4.1.1, and same issue on several PAs (2020, 2050).
02-20-2012 02:56 AM
We are using scrutinizer and can happily inform you that every interface pops up correctly showing the exact interface name.
We were amazed by the ammount of info available.. @PAN: GOOD WORK!!!!!!!
Now from a different perspective i would like to know at what datarate the PA is capable of generating flow info.. Is there any info on this?
Cheers
Bas
02-27-2012 08:20 AM
I noticed in your screen capture that your ManageEngine application is showing the IP for the PA. Did you override that, or is that what appeared automatically?
When I added our PA to Manageengine, it pulled a different name for our PA.
04-17-2012 08:45 AM
I have the same thing on a PA-5050. I added the Netflow profile to one interface, and four showed up in Manageengine.
Were you able to get Manageengine to show the correct interface name? Ours looks like yours as well with the strange interface names. I also can't get ours to pull the host name.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
