I'm posting things in the General Support to see if I can reach a broader audience with this issue.
I have a stock NNA 2.2.1 install, nothing special. I have a Cisco Meraki device that is supposedly sending netflow data to NNA, both devices on the same network. NNA sees the data and sticks it into rrd, but there is no flow data for me to search. It's weird. Screenshots attached.
No flow data to search, but data being accepted from Meraki
No flow data to search, but data being accepted from Meraki
You do not have the required permissions to view the files attached to this post.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: No flow data to search, but data being accepted from Mer
Can you post 2 or 3 nfcapd files from your NA system?
They should be in this folder.
Can you run this from a root shell on the NA server and email it back?
They should be in this folder.
Code: Select all
/usr/local/nagiosna/var/Bitnetix/flows/Code: Select all
ls -l /usr/local/nagiosna/var/Bitnetix/flows/Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: No flow data to search, but data being accepted from Mer
Yah, I'm guessing we're going to do what I've already done, but I'll play along. 
They're definitely being created. The oldest one is from last night at 21:45 when I was blowing away and recreating the source. Most recent one is "now." No real point in emailing a list of 210+ files, is there?
Code: Select all
ls -l /usr/local/nagiosna/var/Bitnetix/flows/ | wc
210 1883 13596
# ls -lrta | tail -5
-rw-r--r--+ 1 nna nnacmd 20420 Jun 20 14:55 nfcapd.201606201450
-rw-r--r--+ 1 nna nnacmd 276 Jun 20 15:00 nfcapd.current.1445
-rw-r--r--+ 1 nna nnacmd 21694 Jun 20 15:00 nfcapd.201606201455
-rw-r--r--+ 1 nna nnacmd 107 Jun 20 15:00 .nfstat
drwxrwsr-x+ 2 nna nnacmd 12288 Jun 20 15:01 .
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: No flow data to search, but data being accepted from Mer
A shot in the dark of sorts, but I was digging into this and found the following statement in the Meraki documentation a bit suspicious:
Might this apply to NA? I'm assuming NA is expecting an index for the ingress and egress interfaces if this is there by default in Netflow v9. Just throwing this out there.....
https://documentation.meraki.com/MX-Z/M ... rWinds_NTA<other product>... ignores NetFlow packets that do not contain either an SNMP ingress or egress interface index. Support for exporting an SNMP ingress or egress interface index via NetFlow is available in beta.
Might this apply to NA? I'm assuming NA is expecting an index for the ingress and egress interfaces if this is there by default in Netflow v9. Just throwing this out there.....
Be sure to check out the Knowledgebase for helpful articles and solutions!
Re: No flow data to search, but data being accepted from Mer
*sigh* I just independently confirmed this through a different line of research. In the end, Meraki's netflow implementation is sub-par and, while it conforms to standards, does not fully comply. As such, the data is useless for NNA. A great dissection of this is available at https://www.plixer.com/blog/netflow-rep ... w-support/
Time to bitch at Meraki.
Time to bitch at Meraki.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: No flow data to search, but data being accepted from Mer
So my suspicions are confirmed - Aha! Thanks for the helpful link and good luck talking to Meraki. I'll lock this thread now.
Be sure to check out the Knowledgebase for helpful articles and solutions!