Nagios Support Forum

Woah, never gotten a reply from 'Nagios Support' on the forums before. Must be srs bsns. No worries, guys, thanks for looking into this for me. I await your findings.

What kind of server/device sends netflow data to the Nagios Network Analyzer? Can you verify that the data is still being sent? If this is a Linux box, you can run:
to see if fprobe is running and data is sent to the correct port.

Do you see any large gaps in the bandwidth graph since yesterday?

All of the devices sending data to the netflow analyzer server are cisco routers or cisco ASAs. I haven't seen any gaps in bandwidth graphs on any of our sources. The reporting (for time periods less than 2 hours) doesn't appear to work on any of our sources. Data seems to still be sent because I can run reports for any time frame as long as it isn't less than 2 hours ago, and the bandwidth graphs are all still updating.

This screenshot was grabbed just now, and it's 9:23. You can see the graph has data right up until now so it's definitely receiving. If I run a report for the last 10 minutes, 30 minutes, 1 hour, etc. I get nothing. Report of last 2 hours, I get data. I just tested my limits by going back from 2 hours. The minimum time frame I can use and get data is 62 minutes. If I run a report for the past 62 minutes or less I get nothing, 62 minutes or more and it works fine.

I believe you are getting the "correct" or updated bandwidth graph because RRDs get reaped every 5 min. However, nfcapd uses the actual timestamps (whatever is sent from the router). That's why you get the issue, while trying to run a report.
"62 minutes" seems awfully close to 1 hour difference... Is there any way for you to check the time/timezone on the router itself? I suspect is one hour off compared to the Nagios NA server.

This is happening with all of our sources, though, not just this one.

Router: NNA Server:

Let's check a few more places.
Additionally, have you restarted nfcapd services, otherwise known as sources, and the httpd service since correcting the time? Might be possible that httpd or the collector services are still referencing the wrong time as they have not repolled the os for actual time.

I restarted the server after correcting the clock so I had to restart all the sources manually after that anyway.
Looks like some of those are set to Eastern. Holy smokes, who knew I had to correct the time zone in so many places? So far that's clock, date, and setting NTP that I've had to change...How do I go about editing those Eastern timezone settings?

You should just need to modify /etc/php.ini to the correct timezone and restart httpd. Give it a shot after that and see if those populate, that would make an interesting point for the 62 or so minute mark you found too.

Success! Just tested with a past 30 minute and past 10 minute report and both worked great. Thanks for all the help gentlemen, and have a great weekend!

Great! You also have a great weekend! I am locking the post.