unable to get information like 5 talkers in network analyzer

[rnjie]

i also noticed that i do not have any files in my .current. see below


flows]# nfdump -r nfcapd.current.19136
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
No matched flows

[cdienger]

Are there any messages in /var/log/messages regarding nfcapd ?

Do you see the configured sources' listening ports if you run "yum -y install net-tools; netstat -nap | grep cap" ?

You may need to restart the service if the listener have crashed. You can check the status and restart with:

Code: Select all

service nagiosna status
systemctl status nagiosna

service nagiosna restart
systemctl restart nagiosna

[tgriep]

Another cause for the missing data is that the device's settings are not sending over the flow data with the correct timestamp so can you post the make and model of the device that is sending the flow data to the NNA server?
Also, can you post the configuration that is setup in the device?

Login to the NNA server as root, run the following commands and post the output here.

Code: Select all

ps -ef --cols=300
df -h
df -i

Get this file from the NNA server and upload it to the post.

Code: Select all

/usr/local/nagiosna/var/backend.log

[rnjie]

the service was stopped and i just restarted it, i can see the netflow graphs populating now, its been almost an hour but still no top 5 talkers

the make and model of the device : cisco ISR4321 running Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)


see output for the commands you requested

code:
# ps -ef --cols=300
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Apr29 ? 00:02:14 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
root 2 0 0 Apr29 ? 00:00:00 [kthreadd]
root 3 2 0 Apr29 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 Apr29 ? 00:00:00 [kworker/0:0H]
root 7 2 0 Apr29 ? 00:00:00 [migration/0]
root 8 2 0 Apr29 ? 00:00:00 [rcu_bh]
root 9 2 0 Apr29 ? 00:00:45 [rcu_sched]
root 10 2 0 Apr29 ? 00:00:00 [lru-add-drain]
root 11 2 0 Apr29 ? 00:00:02 [watchdog/0]
root 12 2 0 Apr29 ? 00:00:01 [watchdog/1]
root 13 2 0 Apr29 ? 00:00:00 [migration/1]
root 14 2 0 Apr29 ? 00:00:01 [ksoftirqd/1]
root 16 2 0 Apr29 ? 00:00:00 [kworker/1:0H]
root 18 2 0 Apr29 ? 00:00:00 [kdevtmpfs]
root 19 2 0 Apr29 ? 00:00:00 [netns]
root 20 2 0 Apr29 ? 00:00:00 [khungtaskd]
root 21 2 0 Apr29 ? 00:00:00 [writeback]
root 22 2 0 Apr29 ? 00:00:00 [kintegrityd]
root 23 2 0 Apr29 ? 00:00:00 [bioset]
root 24 2 0 Apr29 ? 00:00:00 [bioset]
root 25 2 0 Apr29 ? 00:00:00 [bioset]
root 26 2 0 Apr29 ? 00:00:00 [kblockd]
root 27 2 0 Apr29 ? 00:00:00 [md]
root 28 2 0 Apr29 ? 00:00:00 [edac-poller]
root 29 2 0 Apr29 ? 00:00:00 [watchdogd]
root 36 2 0 Apr29 ? 00:00:00 [kswapd0]
root 37 2 0 Apr29 ? 00:00:00 [ksmd]
root 38 2 0 Apr29 ? 00:00:02 [khugepaged]
root 39 2 0 Apr29 ? 00:00:00 [crypto]
root 47 2 0 Apr29 ? 00:00:00 [kthrotld]
root 49 2 0 Apr29 ? 00:00:00 [kmpath_rdacd]
root 50 2 0 Apr29 ? 00:00:00 [kaluad]
root 51 2 0 Apr29 ? 00:00:00 [kpsmoused]
root 53 2 0 Apr29 ? 00:00:00 [ipv6_addrconf]
root 66 2 0 Apr29 ? 00:00:00 [deferwq]
root 97 2 0 Apr29 ? 00:00:00 [kauditd]
root 704 2 0 Apr29 ? 00:00:00 [ata_sff]
root 716 2 0 Apr29 ? 00:00:00 [scsi_eh_0]
root 721 2 0 Apr29 ? 00:00:00 [scsi_tmf_0]
root 724 2 0 Apr29 ? 00:00:00 [scsi_eh_1]
root 725 2 0 Apr29 ? 00:00:00 [scsi_tmf_1]
root 859 2 0 Apr29 ? 00:00:00 [ttm_swap]
root 862 2 0 Apr29 ? 00:00:00 [irq/16-vmwgfx]
root 1402 2 0 Apr29 ? 00:00:00 [scsi_eh_2]
root 1405 2 0 Apr29 ? 00:00:00 [scsi_tmf_2]
root 1407 2 0 Apr29 ? 00:00:00 [vmw_pvscsi_wq_2]
root 2190 2 0 13:05 ? 00:00:00 [kworker/u4:0]
root 2285 2 0 Apr29 ? 00:00:00 [kworker/1:1H]
root 2348 2 0 Apr29 ? 00:00:00 [kdmflush]
root 2351 2 0 Apr29 ? 00:00:00 [bioset]
root 2363 2 0 Apr29 ? 00:00:00 [kdmflush]
root 2366 2 0 Apr29 ? 00:00:00 [bioset]
root 2376 2 0 Apr29 ? 00:00:00 [kdmflush]
root 2377 2 0 Apr29 ? 00:00:00 [bioset]
root 2395 2 0 Apr29 ? 00:00:00 [bioset]
root 2396 2 0 Apr29 ? 00:00:00 [xfsalloc]
root 2397 2 0 Apr29 ? 00:00:00 [xfs_mru_cache]
root 2403 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-0]
root 2408 2 0 Apr29 ? 00:00:00 [xfs-data/dm-0]
root 2414 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-0]
root 2417 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-0]
root 2418 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 2419 2 0 Apr29 ? 00:00:00 [xfs-log/dm-0]
root 2420 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 2421 2 0 Apr29 ? 00:00:00 [xfsaild/dm-0]
root 2443 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-2]
root 2444 2 0 Apr29 ? 00:00:00 [xfs-data/dm-2]
root 2445 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-2]
root 2446 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-2]
root 2447 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 2448 2 0 Apr29 ? 00:00:00 [xfs-log/dm-2]
root 2449 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 2450 2 0 Apr29 ? 00:02:59 [xfsaild/dm-2]
root 2500 1 0 Apr29 ? 00:00:13 /usr/lib/systemd/systemd-journald
root 2528 1 0 Apr29 ? 00:00:00 /usr/sbin/lvmetad -f
root 2535 1 0 Apr29 ? 00:00:00 /usr/lib/systemd/systemd-udevd
root 4086 2 0 Apr29 ? 00:00:00 [xfs-buf/sda1]
root 4097 2 0 Apr29 ? 00:00:00 [xfs-data/sda1]
root 4108 2 0 Apr29 ? 00:00:00 [xfs-conv/sda1]
root 4110 2 0 Apr29 ? 00:00:00 [kdmflush]
root 4114 2 0 Apr29 ? 00:00:00 [bioset]
root 4119 2 0 Apr29 ? 00:00:00 [kdmflush]
root 4126 2 0 Apr29 ? 00:00:00 [bioset]
root 4129 2 0 Apr29 ? 00:00:00 [xfs-cil/sda1]
root 4134 2 0 Apr29 ? 00:00:00 [xfs-reclaim/sda]
root 4138 2 0 Apr29 ? 00:00:00 [kdmflush]
root 4143 2 0 Apr29 ? 00:00:00 [bioset]
root 4146 2 0 Apr29 ? 00:00:00 [xfs-log/sda1]
root 4147 2 0 Apr29 ? 00:00:00 [kdmflush]
root 4155 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/s]
root 4160 2 0 Apr29 ? 00:00:00 [bioset]
root 4163 2 0 Apr29 ? 00:00:00 [kdmflush]
root 4164 2 0 Apr29 ? 00:00:00 [bioset]
root 4165 2 0 Apr29 ? 00:00:00 [xfsaild/sda1]
root 4176 2 0 Apr29 ? 00:00:00 [kdmflush]
root 4182 2 0 Apr29 ? 00:00:00 [bioset]
root 4580 2 0 Apr29 ? 00:00:00 [nfit]
root 4703 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-4]
root 4712 2 0 Apr29 ? 00:00:00 [xfs-data/dm-4]
root 4714 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-6]
root 4715 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-4]
root 4716 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-3]
root 4717 2 0 Apr29 ? 00:00:00 [xfs-data/dm-3]
root 4718 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-3]
root 4719 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-3]
root 4720 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 4721 2 0 Apr29 ? 00:00:00 [xfs-log/dm-3]
root 4722 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 4723 2 0 Apr29 ? 00:00:00 [xfs-data/dm-6]
root 4724 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-4]
root 4725 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-6]
root 4726 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 4727 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-6]
root 4728 2 0 Apr29 ? 00:00:00 [xfs-log/dm-4]
root 4729 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 4730 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 4731 2 0 Apr29 ? 00:00:00 [xfs-log/dm-6]
root 4732 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 4733 2 0 Apr29 ? 00:00:00 [xfsaild/dm-4]
root 4734 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-5]
root 4735 2 0 Apr29 ? 00:02:32 [xfsaild/dm-3]
root 4736 2 0 Apr29 ? 00:00:00 [xfsaild/dm-6]
root 4737 2 0 Apr29 ? 00:00:00 [xfs-data/dm-5]
root 4738 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-5]
root 4739 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-5]
root 4740 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 4741 2 0 Apr29 ? 00:00:00 [xfs-log/dm-5]
root 4742 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 4743 2 0 Apr29 ? 00:00:01 [xfsaild/dm-5]
root 4751 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-7]
root 4752 2 0 Apr29 ? 00:00:00 [xfs-buf/dm-8]
root 4753 2 0 Apr29 ? 00:00:00 [xfs-data/dm-7]
root 4754 2 0 Apr29 ? 00:00:00 [xfs-data/dm-8]
root 4755 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-7]
root 4756 2 0 Apr29 ? 00:00:00 [xfs-conv/dm-8]
root 4757 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-7]
root 4758 2 0 Apr29 ? 00:00:00 [xfs-cil/dm-8]
root 4759 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 4760 2 0 Apr29 ? 00:00:00 [xfs-reclaim/dm-]
root 4761 2 0 Apr29 ? 00:00:00 [xfs-log/dm-7]
root 4762 2 0 Apr29 ? 00:00:00 [xfs-log/dm-8]
root 4763 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 4764 2 0 Apr29 ? 00:00:00 [xfs-eofblocks/d]
root 4765 2 0 Apr29 ? 00:00:00 [xfsaild/dm-8]
root 4766 2 0 Apr29 ? 00:00:00 [xfsaild/dm-7]
root 4772 2 0 Apr29 ? 00:00:01 [kworker/0:1H]
root 4791 1 0 Apr29 ? 00:00:02 /sbin/auditd
root 4814 1 0 Apr29 ? 00:00:16 /usr/sbin/irqbalance --foreground
root 4815 1 0 Apr29 ? 00:00:16 /usr/lib/systemd/systemd-logind
root 4817 1 0 Apr29 ? 00:00:00 /usr/bin/VGAuthService -s
root 4818 1 0 Apr29 ? 00:06:20 /usr/bin/vmtoolsd
polkitd 4822 1 0 Apr29 ? 00:00:10 /usr/lib/polkit-1/polkitd --no-debug
dbus 4823 1 0 Apr29 ? 00:00:40 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
ntp 4827 1 0 Apr29 ? 00:00:00 /usr/sbin/ntpd -u ntp:ntp -g
root 4828 1 0 Apr29 ? 00:00:13 /usr/sbin/NetworkManager --no-daemon
root 4837 1 0 Apr29 ? 00:00:03 /usr/sbin/crond -n
root 4863 1 0 Apr29 tty1 00:00:00 /sbin/agetty --noclear tty1 linux
root 5121 1 0 Apr29 ? 00:00:00 /usr/sbin/sshd -D
root 5124 1 0 Apr29 ? 00:00:55 /usr/bin/python2 -Es /usr/sbin/tuned -l -P
root 5128 1 0 Apr29 ? 00:00:00 /usr/bin/rhsmcertd
root 5129 1 0 Apr29 ? 00:00:30 /usr/sbin/rsyslogd -n
root 5160 1 0 Apr29 ? 00:00:00 rhnsd
root 5215 1 0 Apr29 ? 00:00:11 sendmail: accepting connections
mysql 5217 1 0 Apr29 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
smmsp 5293 1 0 Apr29 ? 00:00:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
mysql 5490 5217 0 Apr29 ? 00:06:47 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
root 5521 1 0 Apr29 ? 00:00:03 /usr/bin/python -s /usr/sbin/osad --pid-file /var/run/osad.pid
root 7553 2 0 14:35 ? 00:00:00 [kworker/0:2]
root 7606 2 0 14:36 ? 00:00:00 [kworker/1:1]
root 8078 2 0 14:43 ? 00:00:00 [kworker/0:1]
nna 8111 1 0 14:43 ? 00:00:00 /usr/local/bin/nfcapd -I 2 -l /usr/local/nagiosna/var/test1/flows -p 9999 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/test1/9999.pid -D -e -w -z -T all
nna 8112 8111 0 14:43 ? 00:00:00 /usr/local/bin/nfcapd -I 2 -l /usr/local/nagiosna/var/test1/flows -p 9999 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/test1/9999.pid -D -e -w -z -T all
root 8300 2 0 14:46 ? 00:00:00 [kworker/1:2]
apache 8535 24012 0 14:49 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 8850 2 0 14:51 ? 00:00:00 [kworker/0:3]
root 8898 2 0 14:51 ? 00:00:00 [kworker/1:0]
root 9125 4837 0 14:55 ? 00:00:00 /usr/sbin/CROND -n
nna 9126 9125 0 14:55 ? 00:00:00 /bin/sh -c /usr/bin/php -q /var/www/html/nagiosna/www/index.php cmdsubsys > /usr/local/nagiosna/var/cmdsubsys.log 2>&1
nna 9127 9126 0 14:55 ? 00:00:00 /usr/bin/php -q /var/www/html/nagiosna/www/index.php cmdsubsys
root 9183 24925 0 14:55 pts/1 00:00:00 ps -ef --cols=300
root 16000 2 0 09:16 ? 00:00:00 [kworker/u4:1]
root 24012 1 0 10:21 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 24014 24012 0 10:21 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 24015 24012 0 10:21 ? 00:00:02 /usr/sbin/httpd -DFOREGROUND
apache 24018 24012 0 10:21 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 24133 24012 0 10:21 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 24134 24012 0 10:21 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
root 24883 5121 0 10:31 ? 00:00:00 sshd: rnjie [priv]
rnjie 24890 24883 0 10:31 ? 00:00:00 sshd: rnjie@pts/1
rnjie 24891 24890 0 10:31 pts/1 00:00:00 -bash
root 24920 24891 0 10:31 pts/1 00:00:00 su -
root 24925 24920 0 10:31 pts/1 00:00:00 -bash
apache 27925 24012 0 11:20 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 29706 24012 0 11:44 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 30637 2 0 11:59 ? 00:00:00 [kworker/0:0]
apache 32578 24012 0 12:32 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 32608 24012 0 12:32 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND





code;

# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg1-root 2.0G 70M 2.0G 4% /
devtmpfs 2.9G 0 2.9G 0% /dev
tmpfs 2.9G 0 2.9G 0% /dev/shm
tmpfs 2.9G 73M 2.8G 3% /run
tmpfs 2.9G 0 2.9G 0% /sys/fs/cgroup
/dev/mapper/vg1-usr 8.0G 1.7G 6.4G 22% /usr
/dev/mapper/vg1-opt 2.0G 33M 2.0G 2% /opt
/dev/mapper/vg1-var 14G 2.2G 12G 16% /var
/dev/mapper/vg1-u01 2.0G 33M 2.0G 2% /u01
/dev/mapper/vg1-u01_app 60G 33M 60G 1% /u01/app
/dev/mapper/vg1-u01_home 5.0G 33M 5.0G 1% /u01/home
/dev/mapper/vg1-tmp 2.0G 51M 2.0G 3% /tmp
/dev/sda1 497M 221M 277M 45% /boot
tmpfs 581M 0 581M 0% /run/user/9003
tmpfs 581M 0 581M 0% /run/user/9004


code;

]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/mapper/vg1-root 1048576 2655 1045921 1% /
devtmpfs 740182 403 739779 1% /dev
tmpfs 743148 1 743147 1% /dev/shm
tmpfs 743148 661 742487 1% /run
tmpfs 743148 16 743132 1% /sys/fs/cgroup
/dev/mapper/vg1-usr 4194304 55050 4139254 2% /usr
/dev/mapper/vg1-opt 1048576 3 1048573 1% /opt
/dev/mapper/vg1-var 7340032 3557 7336475 1% /var
/dev/mapper/vg1-u01 1048576 5 1048571 1% /u01
/dev/mapper/vg1-u01_app 31457280 3 31457277 1% /u01/app
/dev/mapper/vg1-u01_home 2621440 27 2621413 1% /u01/home
/dev/mapper/vg1-tmp 1048576 1146 1047430 1% /tmp
/dev/sda1 256000 341 255659 1% /boot
tmpfs 743148 1 743147 1% /run/user/9003
tmpfs 743148 1 743147 1% /run/user/9004


code;

# tail -50 /usr/local/nagiosna/var/backend.log
2019-05-03 14:00:00 DEBUG : Running checks...
2019-05-03 14:00:00 INFO : Ran checks successfully
2019-05-03 14:00:00 INFO : Successfully reaped nfcapd file.
2019-05-03 14:05:00 INFO : Parsing data for the source id: 2
2019-05-03 14:05:00 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905031400, 2
2019-05-03 14:05:00 DEBUG : Running checks...
2019-05-03 14:05:00 INFO : Ran checks successfully
2019-05-03 14:05:00 INFO : Successfully reaped nfcapd file.
2019-05-03 14:10:00 INFO : Parsing data for the source id: 2
2019-05-03 14:10:00 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905031405, 2
2019-05-03 14:10:00 DEBUG : Running checks...
2019-05-03 14:10:00 INFO : Ran checks successfully
2019-05-03 14:10:00 INFO : Successfully reaped nfcapd file.
2019-05-03 14:15:00 INFO : Parsing data for the source id: 2
2019-05-03 14:15:00 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905031410, 2
2019-05-03 14:15:00 DEBUG : Running checks...
2019-05-03 14:15:00 INFO : Ran checks successfully
2019-05-03 14:15:00 INFO : Successfully reaped nfcapd file.
2019-05-03 14:20:01 INFO : Parsing data for the source id: 2
2019-05-03 14:20:01 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905031415, 2
2019-05-03 14:20:01 DEBUG : Running checks...
2019-05-03 14:20:01 INFO : Ran checks successfully
2019-05-03 14:20:01 INFO : Successfully reaped nfcapd file.
2019-05-03 14:25:00 INFO : Parsing data for the source id: 2
2019-05-03 14:25:00 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905031420, 2
2019-05-03 14:25:00 DEBUG : Running checks...
2019-05-03 14:25:00 INFO : Ran checks successfully
2019-05-03 14:25:00 INFO : Successfully reaped nfcapd file.
[]
Could not access /usr/local/nagiosna/var/test1/9999.pid for killing: [Errno 2] No such file or directory: '/usr/local/nagiosna/var/test1/9999.pid'
2019-05-06 14:45:00 INFO : Parsing data for the source id: 2
2019-05-06 14:45:00 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905061440, 2
2019-05-06 14:45:00 DEBUG : Running checks...
2019-05-06 14:45:00 INFO : Ran checks successfully
2019-05-06 14:45:00 INFO : Successfully reaped nfcapd file.
2019-05-06 14:50:00 INFO : Parsing data for the source id: 2
2019-05-06 14:50:00 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905061445, 2
2019-05-06 14:50:00 DEBUG : Running checks...
2019-05-06 14:50:00 INFO : Ran checks successfully
2019-05-06 14:50:00 INFO : Successfully reaped nfcapd file.
2019-05-06 14:55:01 INFO : Parsing data for the source id: 2
2019-05-06 14:55:01 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905061450, 2
2019-05-06 14:55:01 DEBUG : Running checks...
2019-05-06 14:55:01 INFO : Ran checks successfully
2019-05-06 14:55:01 INFO : Successfully reaped nfcapd file.
2019-05-06 15:00:00 INFO : Parsing data for the source id: 2
2019-05-06 15:00:00 DEBUG : Arguments: /usr/local/nagiosna/var/test1/flows, nfcapd.201905061455, 2
2019-05-06 15:00:00 DEBUG : Running checks...
2019-05-06 15:00:00 INFO : Ran checks successfully
2019-05-06 15:00:00 INFO : Successfully reaped nfcapd file.

[tgriep]

Thanks for the data. So far it all looks good so I would guess that it is a configuration setting that has to be adjusted on the Cisco ISR4321.
Can you post the settings from the Cisco device?

[rnjie]

which settings do you need?

[tgriep]

I would like to see all of the Netflow settings from the Cisco device but I would need to see all of the settings under the "flow record" section.

Like this example.

Code: Select all

flow record Netflow1
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last

[rnjie]

Here’s the complete configurations and flow cache output on the device:

TPCMCT-RT-01#sh run | s flow
flow record Nagios
description config for Nagios
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect interface input
collect interface output
flow exporter EXPORTER
destination 10.2.102.87
source Loopback0
transport udp 9999
flow monitor FLOW-MONITOR-1
exporter EXPORTER
cache timeout active 60
record Nagios
ip flow monitor FLOW-MONITOR-1 input
ip flow monitor FLOW-MONITOR-1 output
TPCMCT-RT-01#sh flow interface


Interface GigabitEthernet0/0/0
FNF: monitor: FLOW-MONITOR-1
direction: Input
traffic(ip): on
FNF: monitor: FLOW-MONITOR-1
direction: Output
traffic(ip): on


TPCMCT-RT-01#sh flow monitor FLOW-MONITOR-1 cache sort counter bytes long top 10
Processed 1417 flows
Aggregated to 10 flows
Showing the top 10 flows

IPV4 SRC ADDR IPV4 DST ADDR TRNS SRC PORT TRNS DST PORT IP TOS IP PROT tcp flags intf input intf output bytes long pkts long
=============== =============== ============= ============= ====== ======= ========= ==================== ==================== ==================== ====================
10.67.200.191 10.7.4.221 443 51763 0x00 6 0x1B Gi0/0/0 Gi0/0/1.4 755370 541
10.67.200.191 10.7.4.235 443 59284 0x00 6 0x1B Gi0/0/0 Gi0/0/1.4 551945 375
10.67.200.191 10.7.4.211 443 65170 0x00 6 0x1A Gi0/0/0 Gi0/0/1.4 468662 317
10.7.4.221 10.67.200.191 51769 443 0x00 6 0x1B Gi0/0/1.4 Gi0/0/0 182368 129
10.7.4.213 10.1.224.42 56708 3389 0x00 6 0x18 Gi0/0/1.4 Gi0/0/0 116040 876
208.75.9.75 10.7.199.10 52008 16742 0xB8 17 0x00 Gi0/0/0 Gi0/0/1.199 112800 564
10.7.4.221 10.67.200.191 51763 443 0x00 6 0x1B Gi0/0/1.4 Gi0/0/0 105365 322
10.1.102.254 10.7.4.126 445 54823 0x00 6 0x1A Gi0/0/0 Gi0/0/1.4 81591 359
10.7.4.126 10.1.102.254 54823 445 0x00 6 0x1A Gi0/0/1.4 Gi0/0/0 81253 390
10.7.0.1 10.2.102.87 55500 9999 0x00 17 0x00 Null Gi0/0/0 80996 76

[tgriep]

Your configuration is missing the following 2 lines that puts in the timestamp in the flow data that the NNA server needs.

Code: Select all

collect timestamp absolute first
collect timestamp absolute last

Add those to the flow record.
Wait for 10 to 15 minutes and check the NNA server for the Top 5 talkers to fill in with data.

[rnjie]

sweet, adding those two lines fixed it, i can now see the the top 5 talkers,

one more thing, is there a way to edit the name of a source after its been created? when i click on edit the name tab is grayed out, is there another way? and does changin the name affect the flow or current setup? see screenshot if i want to change the name from test1 to something more unique