need assistance in getting traffic to my Nagios NA

[frankmerfalen]

Dear Nagios support,


I installed today a trail version on two separate boxes, one for Nagios XI and another for Nagios NA. I installed both of them on Centos version 6. It wasn't too hard. I configured Nagios NA within Nagios XI. I want to see network traffic coming inside our firewall. I ran the cmd line to our firewall below using our the ip address inside our network 172.16.32.150 (this is our Nagios network analyzer) with 9912 as the listen port. Saved it in Nagios NA. That was about on hour ago. In Nagios web UI under dashbaord there isn't anything for "Traffic Last 30 Minutes" I am on a time deadline to get a network solution in house. Solarwinds is calling but I'm pushing Nagios as our solution. Your timely reply is greatly appreciated.

Command line I ran inside my Cisco firewall:
configure terminal
flow-export destination inside 172.16.32.150 9912 <-This is our internal ip address of our Nagios Network Analyzer. We set ~ 30 min ago, no traffic yet
flow-export template timeout-rate 1
flow-export delay flow-create 60
logging flow-export-syslogs disable


In the Nagios admin UI under dashboard, I see disk usage 1.4M, but no data under (traffic last 30 minutes)

Please advise.

Thanks,
Frank

[Box293]

Inside of NA, did you create a source?

http://assets.nagios.com/downloads/nagi ... alyzer.pdf

http://assets.nagios.com/downloads/nagi ... es/nna-ag/

[frankmerfalen]

Dear Nagios Support,


It appears I missed page 2 of the configuring routers and switches access control commands listed below. However, I'm now encountering an error when I input he last command below to the Cisco Firewall (flow-export event-type all destination 172.16.32.150) Error is: ERROR: % invalid input detected at '^' marker. We are manually inputting in the command. Please advise. Attached are the command errors and the Cisco Firewall version

make and Model: Cisco ASA5520
IOS: 8.2(5)

Commands to run on Cisco Firewall:

enable
configure terminal
flow-export destination inside 172.x.x.x 9911
flow-export template timeout-rate 1
flow-export delay flow-create 60
logging flow-export-syslogs disable

access-list netflow-export extended permit any any
class-map netflow-export-class
match access-list netflow-export
policy-map global-policy
class netflow-export-class
flow-export event-type all destination 172.x.x.x <----- We are unable to input this command. Encountering an error. Screen shot attached
exit


Thanks,

[frankmerfalen]

Yes I created a source in Nagios NA Sources tab > Source name = ASA-3 in the configuration I have the Sender IP Adress = Cisco Firewall listening in on port 9911.

[tgriep]

In your screen shot that you posted, it looks like you missed the word "export" in the class "netflow-export-class" command.
Try typing the command below again and let us know it is works or not:

Code: Select all

class netflow-export-class
flow-export event-type all destination 192.168.5.191
exit

[sreinhardt]

Tgriep is likely correct, you should need to be within classmap config before that would execute correctly. However I may have also had an older IOS version I had when writing that document. If all the other commands have completed successfully you should be able to do a command to show your current config regarding flow exporting. The last command is just a different way of defining where to export.

Cisco command: show flow-export counters

Code: Select all

Nagios# show flow-export counters

destination: inside 192.168.1.2 9911
  Statistics:
    packets sent                                               17
  Errors:
    block allocation failure                                    0
    invalid interface                                           0
    template send failure                                       0
    no route to collector                                       0
    source port allocation failure                              0

Provided that your IP address, interface, and port allign on the destination line, and you have packets sent, the cisco device is all ready, and we can move on to other potential issues. Can you post back the output from the command above and we can see whats going on.

[frankmerfalen]

Every thanks for your help in helping me solve this last part to get network flow traffic to network Analyzer. We followed each command by manually typing them in. Screen shot will show we add via cmd line the following: flow-export event-type all destinations 172.16.32.150, but encountered the error. Attached screen shot shows that.

From the last reply post:
Tgriep is likely correct, you should need to be within classmap config before that would execute correctly. However I may have also had an older IOS version I had when writing that document. If all the other commands have completed successfully you should be able to do a command to show your current config regarding flow exporting. The last command is just a different way of defining where to export. Is his the cmd I need to run and provide the output?

show flow-export counters




Thanks,

[frankmerfalen]

Here the command:


ASAFirewall1# sh flow-export counters

destination: inside 172.16.32.150 9911
Statistics:
packets sent 238
Errors:
block allocation failure 0
invalid interface 0
template send failure 0
no route to collector 0

ASAFirewall1#

[455157]

In your screen shot that you posted, it looks like you missed the word "export" in the class "netflow-export-class" command.
Try typing the command below again and let us know it is works or not:

So by this, do you mean that if the preceding command is missing the 'export' portion, the following command:

Code: Select all

flow-export event-type all destination 172.16.32.150

Will be unable to execute?

If that is the case, I wonder if frankmerfalen has tried running that whole portion again:

Code: Select all

class netflow-export-class
flow-export event-type all destination 172.16.32.150
exit

...as tgriep recommended.

Have you tried re-running those commands again?

I don't know much about firewall configs, maybe I misunderstanding?

[frankmerfalen]

We re-ran this command and it worked, but I still show NO DATA. Any ideas?

class netflow-export-class
flow-export event-type all destination 172.16.32.150
exit