Hello Team,
We have recently purchased Network Analyzer license and we do not have anyone holding previous experience of this tool. I am working on Nagios XI. We have to start implementing network devices monitoring using Network Analyzer.
We are already done with Network Analyzer setup. We have used a Linux (Centos 7) box for the same.
I was going through the Administrative Guide for NNA. The very first topic I could find their was "Configuring A Linux Server To Send Netflow Data To Nagios Network Analyzer".
What I could understand is, we need a new Linux box which will collect netflow data and it will send the same data to Network Analyser.
So, for the fprobe configuration, a new Linux box is required? How this box will send data to Network Analyzer?
Also, could you please guide me through the directory structure of NNA?
Basic start with network Analyzer
Re: Basic start with network Analyzer
You don't need a new linux box for this, you install fprobe (or another netflow sending utility) on the linux servers that you want to send netflow data from in order for that systems flows to show up. There is no built-in netflow sender in the base OS. You would still see communication from those hosts if you had netflow/sflow sending from the routers/switches that it crosses. fprobe just gives you the added ability to send the flows directly from the linux host (say if you didn't have a netflow/sflow capable switch/router device to pick those up that it crossed).
See here for the architecture overview:
https://support.nagios.com/kb/article/n ... ew-56.html
Code: Select all
/var/www/html/nagiosna # Contains the web application files
/usr/local/nagiosna/bin # Contains NNA binaries
/usr/local/nagiosna/etc # Not currently used that I can tell
/usr/local/nagiosna/scripts # Contains scripts used by the application
/usr/local/nagiosna/tmp # Not currently used that I can tell
/usr/local/nagiosna/var # Application log files
/usr/local/nagiosna/var/SOURCENAME # Contains the nfcapd PID file and the bandwidth.rrd file to show the bandwidth for the source
/usr/local/nagiosna/var/SOURCENAME/flows # Contains the flows NFCAPD creates for the source
https://support.nagios.com/kb/article/n ... ew-56.html
-
- Posts: 246
- Joined: Fri Jul 03, 2020 4:18 am
Re: Basic start with network Analyzer
Hello,
Thanks for you reply!!
I have configured one one router and I can see its showing some data in NNA. I am attaching screenshot for your reference.
Now, if I want to see the traffic on individual interfaces say, Fastethernet0, Fastethernet1, etc on the same router, where I can that data?
Also, I was checking for Nagios self paced training. I could find it only for Nagios XI and Nagios Core.
Could you please guide me where I can find complete video tutorial for Network Analyzer that covers full functionality of Network Analyzer?
Thanks for you reply!!
I have configured one one router and I can see its showing some data in NNA. I am attaching screenshot for your reference.
Now, if I want to see the traffic on individual interfaces say, Fastethernet0, Fastethernet1, etc on the same router, where I can that data?
Also, I was checking for Nagios self paced training. I could find it only for Nagios XI and Nagios Core.
Could you please guide me where I can find complete video tutorial for Network Analyzer that covers full functionality of Network Analyzer?
You do not have the required permissions to view the files attached to this post.
Re: Basic start with network Analyzer
That functionality doesn't currently exist as a feature. I have previously submitted a request to have development add that but it doesn't currently exist as not all flows that are sent contain the interface names.Now, if I want to see the traffic on individual interfaces say, Fastethernet0, Fastethernet1, etc on the same router, where I can that data?
Here's the docs we have (we don't really have any guided self-based training):
See the Help menu item in the NNA web interface and here as well:
https://support.nagios.com/kb/category.php?id=4
https://library.nagios.com/library/prod ... mentation/
You can also go here and once the page loads click on Nagios Network Analyzer:
https://www.nagios.com/videos/
-
- Posts: 246
- Joined: Fri Jul 03, 2020 4:18 am
Re: Basic start with network Analyzer
Hello,
Could you please request Development team again to add this feature? It would be really helpful.
Also, if we want to check conversation from a particular source to all destinations, how we can check that?
One more query here, while adding a source, it is asking for unique port every time. What is the reason behind that?
Could you please request Development team again to add this feature? It would be really helpful.
Also, if we want to check conversation from a particular source to all destinations, how we can check that?
One more query here, while adding a source, it is asking for unique port every time. What is the reason behind that?
Re: Basic start with network Analyzer
Submitted again with a link back to this thread:
FR: NNA - Add source/dest interface names if the flows have them with the ability to aggregate by interface name to see all traffic on specific interfaces on the same source
If you wanted to use a source IP you could add this in the query box:
Or even:
See here:
https://assets.nagios.com/downloads/nag ... alyzer.pdf
Technically, if the port is already defined you could just point your other devices at that port but then everything would show up under that single source for it. The recommendation is to create a port per source so that you can view by source.
FR: NNA - Add source/dest interface names if the flows have them with the ability to aggregate by interface name to see all traffic on specific interfaces on the same source
You can click on Sources > Click on the Source > Queries and then use:Also, if we want to check conversation from a particular source to all destinations, how we can check that?
Code: Select all
Aggregate By: srcip,dstip
Code: Select all
ip 192.168.1.236
Code: Select all
src ip 192.168.1.236
https://assets.nagios.com/downloads/nag ... alyzer.pdf
It is for sorting, if you add a source with a unique port you can view by source. Then you can create Source Groups to aggregate them.One more query here, while adding a source, it is asking for unique port every time. What is the reason behind that?
Technically, if the port is already defined you could just point your other devices at that port but then everything would show up under that single source for it. The recommendation is to create a port per source so that you can view by source.
-
- Posts: 246
- Joined: Fri Jul 03, 2020 4:18 am
Re: Basic start with network Analyzer
Hello,
Thank for you reply!!
We will check it.
One more thing, can we create sources in bulk in NNA?
I mean the way we have bulk configuration option in XI, do we have the same here?
Thank for you reply!!
We will check it.
One more thing, can we create sources in bulk in NNA?
I mean the way we have bulk configuration option in XI, do we have the same here?
Re: Basic start with network Analyzer
There isn't really bulk import tool like in XI.
You could create the sources via the API:
- Change YOURNNASERVER, SOURCENAME, PORT, X.X.X.X, and YOURTOKEN
Then modify the command and do it for the next, etc.
Once you're done adding them all you can run this after to start them all up:
The description of the values:
name: Assigns the name of the Source. This option must be unique and is required.
flowtype: Must be either 'sflow' or 'netflow' and denotes the flow type expected from the source. This is a required argument.
port: The numerical port number that the source will be sending netflow data to us on. This option must be unique and is required.
addresses: The IP address of the source
lifetime: The max time flows will be kept before throwing away. Must match this regex: [0-9]+w|d|H. Defaults to '1d'
And here as well:
https://support.nagios.com/kb/article/n ... s-800.html
You could create the sources via the API:
- Change YOURNNASERVER, SOURCENAME, PORT, X.X.X.X, and YOURTOKEN
Code: Select all
curl -g -k -L -XPOST 'http://YOURNNASERVER/nagiosna/index.php/api/sources/create?q[name]=SOURCENAME&q[port]=PORT&q[addresses]=X.X.X.X&q[flowtype]=netflow&q[lifetime]=1w&token=YOURTOKEN'
Once you're done adding them all you can run this after to start them all up:
Code: Select all
/etc/init.d/nagiosna restart
name: Assigns the name of the Source. This option must be unique and is required.
flowtype: Must be either 'sflow' or 'netflow' and denotes the flow type expected from the source. This is a required argument.
port: The numerical port number that the source will be sending netflow data to us on. This option must be unique and is required.
addresses: The IP address of the source
lifetime: The max time flows will be kept before throwing away. Must match this regex: [0-9]+w|d|H. Defaults to '1d'
And here as well:
https://support.nagios.com/kb/article/n ... s-800.html