tgriep wrote:Same problem with the tcpdump command again, it did not capture anything.
So either the Cisco device is not sending data or the file is getting corrupted somehow.
If you want to try again, use this command to capture.If the capture file is only 24 bytes, don't bother uploading it, it is empty.Code: Select all
tcpdump -i any -s 0 -w 9000.cap port 9000
Can you go to this folder, and get the last 4 or 5 nfcapd files and upload them here?If the system is capturing data, we can see what it is.Code: Select all
/usr/local/nagiosna/var/uts12a/flows
Initial Setup Issues
Re: Initial Setup Issues
I suspect the switch is not sending data for some reason, any thoughts on further debugging there? Last (4) nfcapd files attached.
You do not have the required permissions to view the files attached to this post.
Re: Initial Setup Issues
The cap file are empty so it looks like the system is not receiving the Flow data at all which matches the empty tcpdump data.
Take a look at this link to Cisco web site that has instructions for configuring and troubleshooting your switch.
https://www.cisco.com/c/en/us/td/docs/s ... r_010.html
The bottom of the page under this section "Monitoring Flexible NetFlow" are tests you can run to see is the switch is sending data, and where it is sending it to, etc..
If that looks good, verify that there is not another device between the switch and the NNA server that is blocking the traffic.
Take a look at this link to Cisco web site that has instructions for configuring and troubleshooting your switch.
https://www.cisco.com/c/en/us/td/docs/s ... r_010.html
The bottom of the page under this section "Monitoring Flexible NetFlow" are tests you can run to see is the switch is sending data, and where it is sending it to, etc..
If that looks good, verify that there is not another device between the switch and the NNA server that is blocking the traffic.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Initial Setup Issues
Attached you'll find output from the various monitoring commands in that section of the link. Of particular interest:
So, the switch is sending data. I ran a traceroute from the switch to the NagiosNA box and it successfully found it's way. Any more ideas for me? Appreciate the help.
Code: Select all
UTS12-A#show flow exporter statistics
Flow Exporter Netflow-to-Nagios:
Packet send statistics (last cleared 4d00h ago):
Successfully sent: 895328 (1100164456 bytes)
Client send statistics:
Client: Flow Monitor Netflow1
Records added: 18165457
- sent: 18165457
Bytes added: 999100135
- sent: 999100135tgriep wrote:The cap file are empty so it looks like the system is not receiving the Flow data at all which matches the empty tcpdump data.
Take a look at this link to Cisco web site that has instructions for configuring and troubleshooting your switch.
https://www.cisco.com/c/en/us/td/docs/s ... r_010.html
The bottom of the page under this section "Monitoring Flexible NetFlow" are tests you can run to see is the switch is sending data, and where it is sending it to, etc..
If that looks good, verify that there is not another device between the switch and the NNA server that is blocking the traffic.
You do not have the required permissions to view the files attached to this post.
Re: Initial Setup Issues
Try stopping the firewall on the NNA server.
Another way to run the tcpdump is to run the example below.
What this does is to print ( In Ascii ) what is received on port 9000 to the console screen as soon as it receives the data.
If nothing comes in, then something else is blocking the traffic, or that the IP address the switch is sending to is incorrect, the IOS on the switch is bad and it is not sending the data.
Another way to run the tcpdump is to run the example below.
Code: Select all
tcpdump port 9000 -A -vvIf nothing comes in, then something else is blocking the traffic, or that the IP address the switch is sending to is incorrect, the IOS on the switch is bad and it is not sending the data.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Initial Setup Issues
Firewall is stopped on the NNA so we're good to go there. I get the following with the tcpdump command below. IP address the switch is sending to is correct. I've configured two switches so I have to doubt that the IOS on both switches are bad...gotta be something on my network blocking the delivery. How can I check that? I figured a traceroute from the switch to the NNA box would reveal anything in the way. Other ideas?
Code: Select all
tcpdump: NFLOG link-layer type filtering not implemented
tgriep wrote:Try stopping the firewall on the NNA server.
Another way to run the tcpdump is to run the example below.What this does is to print ( In Ascii ) what is received on port 9000 to the console screen as soon as it receives the data.Code: Select all
tcpdump port 9000 -A -vv
If nothing comes in, then something else is blocking the traffic, or that the IP address the switch is sending to is incorrect, the IOS on the switch is bad and it is not sending the data.
Last edited by rkane on Fri Oct 05, 2018 3:11 pm, edited 1 time in total.
Re: Initial Setup Issues
I do not know what devices you have between the NNA and the switch but make sure nothing is blocking UDP traffic.
Be sure to check out our Knowledgebase for helpful articles and solutions!