Page 2 of 2
Re: Initial Setup Issues
Posted: Thu Oct 04, 2018 5:14 pm
by rkane
I suspect the switch is not sending data for some reason, any thoughts on further debugging there? Last (4) nfcapd files attached.
tgriep wrote:Same problem with the tcpdump command again, it did not capture anything.
So either the Cisco device is not sending data or the file is getting corrupted somehow.
If you want to try again, use this command to capture.
Code: Select all
tcpdump -i any -s 0 -w 9000.cap port 9000
If the capture file is only 24 bytes, don't bother uploading it, it is empty.
Can you go to this folder, and get the last 4 or 5 nfcapd files and upload them here?
Code: Select all
/usr/local/nagiosna/var/uts12a/flows
If the system is capturing data, we can see what it is.
Re: Initial Setup Issues
Posted: Fri Oct 05, 2018 10:51 am
by tgriep
The cap file are empty so it looks like the system is not receiving the Flow data at all which matches the empty tcpdump data.
Take a look at this link to Cisco web site that has instructions for configuring and troubleshooting your switch.
https://www.cisco.com/c/en/us/td/docs/s ... r_010.html
The bottom of the page under this section "Monitoring Flexible NetFlow" are tests you can run to see is the switch is sending data, and where it is sending it to, etc..
If that looks good, verify that there is not another device between the switch and the NNA server that is blocking the traffic.
Re: Initial Setup Issues
Posted: Fri Oct 05, 2018 2:17 pm
by rkane
Attached you'll find output from the various monitoring commands in that section of the link. Of particular interest:
Code: Select all
UTS12-A#show flow exporter statistics
Flow Exporter Netflow-to-Nagios:
Packet send statistics (last cleared 4d00h ago):
Successfully sent: 895328 (1100164456 bytes)
Client send statistics:
Client: Flow Monitor Netflow1
Records added: 18165457
- sent: 18165457
Bytes added: 999100135
- sent: 999100135
So, the switch is sending data. I ran a traceroute from the switch to the NagiosNA box and it successfully found it's way. Any more ideas for me? Appreciate the help.
tgriep wrote:The cap file are empty so it looks like the system is not receiving the Flow data at all which matches the empty tcpdump data.
Take a look at this link to Cisco web site that has instructions for configuring and troubleshooting your switch.
https://www.cisco.com/c/en/us/td/docs/s ... r_010.html
The bottom of the page under this section "Monitoring Flexible NetFlow" are tests you can run to see is the switch is sending data, and where it is sending it to, etc..
If that looks good, verify that there is not another device between the switch and the NNA server that is blocking the traffic.
Re: Initial Setup Issues
Posted: Fri Oct 05, 2018 2:32 pm
by tgriep
Try stopping the firewall on the NNA server.
Another way to run the tcpdump is to run the example below.
What this does is to print ( In Ascii ) what is received on port 9000 to the console screen as soon as it receives the data.
If nothing comes in, then something else is blocking the traffic, or that the IP address the switch is sending to is incorrect, the IOS on the switch is bad and it is not sending the data.
Re: Initial Setup Issues
Posted: Fri Oct 05, 2018 2:41 pm
by rkane
Firewall is stopped on the NNA so we're good to go there. I get the following with the tcpdump command below. IP address the switch is sending to is correct. I've configured two switches so I have to doubt that the IOS on both switches are bad...gotta be something on my network blocking the delivery. How can I check that? I figured a traceroute from the switch to the NNA box would reveal anything in the way. Other ideas?
Code: Select all
tcpdump: NFLOG link-layer type filtering not implemented
tgriep wrote:Try stopping the firewall on the NNA server.
Another way to run the tcpdump is to run the example below.
What this does is to print ( In Ascii ) what is received on port 9000 to the console screen as soon as it receives the data.
If nothing comes in, then something else is blocking the traffic, or that the IP address the switch is sending to is incorrect, the IOS on the switch is bad and it is not sending the data.
Re: Initial Setup Issues
Posted: Fri Oct 05, 2018 3:01 pm
by tgriep
I do not know what devices you have between the NNA and the switch but make sure nothing is blocking UDP traffic.