NNA Version 2R1.0 Queries and Reports problems

[martins719]

I have 5 source devices in the NNA new version with data in the Dashboards but is working reports and queries only to 1 device.

[martins719]

Only to better detail, only Queries and Reports from Cisco ASA Netflow is not working.

I have graph informations and files in the flows directory.

[lmiltchev]

Can you show us a screenshot of the error that you are getting? Run the following commands from the command line on the Nagios NA server and show us the output:

Code: Select all

date
file /etc/localtime
grep "date.timezone =" /etc/php.ini

Can you verify the the time on the Cisco device and your workstation is synced to the NNA time?

[martins719]

Firewall time - fw01-it-spo# sh clock - 08:32:01.256 BR Fri Mar 6 2015

Nagios NA Time - [root@localhost ~]# date Fri Mar 6 08:33:32 BRT 2015

[root@localhost ~]# file /etc/localtime
/etc/localtime: symbolic link to `/usr/share/zoneinfo/America/Sao_Paulo'
[root@localhost ~]# grep "date.timezone =" /etc/php.ini
date.timezone = America/Sao_Paulo

This was working with old version.

The problem that I can see in the flows files there are some lines with mistake date 1969-12-31 21:00:00.749 . I don´t know if the firewall is sending mistake or Nagios NA nfcapd is not working well.

nfdump -r nfcapd.201503060830


1969-12-31 21:00:00.749 -0.749 UDP 172.20.8.75:17500 -> 172.20.8.255:17500 0 0 1
2015-03-06 08:30:10.891 0.000 ICMP 192.168.0.210:0 -> 172.20.3.181:0.0 0 0 1
2015-03-06 08:30:10.891 0.000 ICMP 192.168.0.210:0 -> 172.20.3.181:0.0 0 107 1
2015-03-06 08:30:10.891 0.000 ICMP 192.168.0.210:0 -> 172.20.3.181:0.0 0 107 1
1969-12-31 21:00:00.405 -0.405 UDP 172.20.8.75:63993 -> 172.20.3.16:161 0 0 1
2015-03-06 08:35:06.934 0.000 UDP 172.20.1.132:57258 -> 8.8.8.8:53 0 0 1
2015-03-06 08:35:06.984 0.000 UDP 172.20.1.132:57145 -> 8.8.8.8:53 0 0 1
2015-03-06 08:35:06.934 0.000 UDP 172.20.1.132:57258 -> 8.8.8.8:53 0 45 1


Thanks a lot

[martins719]

Follow the errors files..

[lmiltchev]

Can you run the following command on the NNA box for a while (until you see useful output) and post the output?

Code: Select all

tcpdump -i eth0 src 172.20.8.75

Note: change the name of the interface if you need to.

Also, let's see the output of this:

Code: Select all

cat /etc/sysconfig/clock

[martins719]

[root@localhost flows]# cat /etc/sysconfig/clock
ZONE="America/Sao_Paulo"


I dont understand why do you need to see tcpdump with src IP because that IP only come here with Netflow data, I dont have that Ip direct to my NA...

[jdalrymple]

Was this system working prior to an upgrade, or are these entirely new sources on a new system?

If the latter, please post the config from your ASA.

[martins719]

It was working with old version, I didn´t change nothing in the Csco ASA Config. The routers are working but the 2 firewalls are with equal situation.

flow-export destination inside 172.20.39.201 2060

class class-default
user-statistics accounting
set connection decrement-ttl
flow-export event-type all destination 172.20.39.201

[tgriep]

Actually, can you run this and post the output here?

Code: Select all

 tcpdump -i eth0 port 2060

What is the ip address of the Cisco ASA that you are having problems with?