Page 5 of 5
Re: Error No data found
Posted: Fri Apr 03, 2015 2:24 pm
by mgallamore
Looks like we are having the same issue with a evaluation setup of NNA 2R1.0 with our ASA 5520 running ios 9.1.3, while our Cisco 6509 are working perfect.
nfdump -r
Code: Select all
2015-04-03 14:09:20.282 0.000 TCP 192.168.220.57:55550 -> 54.225.150.195:443 0 2978 1
2015-04-03 14:09:36.971 0.000 TCP 192.168.220.57:55589 -> 23.12.251.197:443 0 576 1
2015-04-03 14:09:36.971 0.000 TCP 192.168.220.57:55590 -> 23.12.251.197:443 0 576 1
1969-12-31 18:00:00.56344 -56.344 TCP 192.168.220.57:55590 -> 23.12.251.197:443 0 0 1
2015-04-03 14:09:38.971 0.000 TCP 192.168.220.57:55594 -> 216.249.24.56:443 0 576 1
2015-04-03 14:09:41.151 0.000 TCP 192.168.220.57:55598 -> 216.249.24.56:443 0 576 1
2015-04-03 14:09:32.641 0.000 TCP 192.168.220.57:55581 -> 50.97.233.185:443 0 576 1
We have our network time all in sync as that was my first thought but i've hit a roadblock on this. Issue is we are attempting to replace another monitoring solution which works fine with the ASA in question.
Re: Error No data found
Posted: Mon Apr 06, 2015 10:54 am
by tgriep
Can you edit the settings in the Cisco ASA to match our default settings that are known to work.
Code: Select all
flow-export destination inside XXX.XXX.XXX.XXX YYYY
flow-export template timeout-rate 1
flow-export delay flow-create 60
logging flow-export-syslogs disable
access-list netflow-export extended permit any any
class-map netflow-export-class
match access-list netflow-export
policy-map global-policy
class netflow-export-class
flow-export event-type all destination XXX.XXX.XXX.XXX
Where XXX.XXX.XXX.XXX is the IP address of the NA server
Where YYYY is the port used on the NA server
Re: Error No data found
Posted: Tue Apr 07, 2015 7:54 am
by mgallamore
Running into the same issue with those settings. Been playing with the setting for a couple days and cant get past that 1969 time stamp and the time window unknown on the nfdump
Setting active during my last port
Code: Select all
flow-export destination inside x.x.x.x 10000
flow-export template timeout-rate 1
flow-export delay flow-create 20
access-list global_mpc extended permit ip any4 any4
class-map Netflow
match access-list global_mpc
policy-map global_policy
class Netflow
flow-export event-type all destination x.x.x.x
Test setting and result
Code: Select all
flow-export destination inside x.x.x.x 10000
flow-export template timeout-rate 1
flow-export delay flow-create 60
access-list global_mpc extended permit ip any4 any4
class-map Netflow
match access-list global_mpc
policy-map global_policy
class Netflow
flow-export event-type all destination x.x.x.x
nfdump -r
Code: Select all
2015-04-07 07:24:56.257 0.000 ICMP 192.168.181.110:0 -> 192.168.220.50:2.0 0 32 1
2015-04-07 07:24:56.257 0.000 ICMP 192.168.181.110:0 -> 192.168.220.57:2.0 0 32 1
2015-04-07 07:24:56.257 0.000 ICMP 192.168.181.110:0 -> 192.168.220.58:2.0 0 32 1
1969-12-31 18:00:00.000 0.000 TCP 192.168.220.217:54801 -> 66.210.135.6:443 0 0 1
2015-04-07 07:24:57.427 0.000 UDP 192.168.222.131:53125 -> 192.168.190.190:53 0 42 1
2015-04-07 07:24:58.337 0.000 TCP 192.168.220.132:55361 -> 172.16.11.35:10081 0 117 1
2015-04-07 07:24:56.387 0.000 TCP 192.168.181.100:63136 -> 192.168.221.170:49152 0 4.4 M 1
2015-04-07 07:24:28.488 0.000 TCP 192.168.220.234:57970 -> 10.83.170.141:9301 0 0 1
2015-04-07 07:24:58.517 0.000 UDP 192.168.220.35:61687 -> 192.168.190.190:53 0 42 1
1969-12-31 18:00:00.000 0.000 TCP 192.168.222.54:55888 -> 66.210.135.6:443 0 0 1
2015-04-07 07:24:13.359 0.000 TCP 192.168.181.100:63112 -> 192.168.221.170:49152 0 351.6 M 1
2015-04-07 07:24:59.257 0.000 ICMP 192.168.181.110:0 -> 192.168.220.20:2.0 0 32 1
Summary: total flows: 14473, total bytes: 2695001176, total packets: 0, avg bps: 15, avg pps: 0, avg bpp: 0
Time window: Time Window unknown
Total flows processed: 14473, Blocks skipped: 0, Bytes read: 868828
Sys: 0.247s flows/second: 58367.8 Wall: 0.420s flows/second: 34378.1
Re: Error No data found
Posted: Tue Apr 07, 2015 4:05 pm
by tgriep
I am going to try and recreate the issue. It might take a while.
Re: Error No data found
Posted: Tue Apr 28, 2015 7:55 am
by sput
I am having the exact same issue with two ASA's running 9.2.2(4) -- netflow works fine with PRTG but not getting any data in Nagios. Bandwidth graphs show up fine. I'm also seeing random entries in nfdump showing a date of 1969-12-31. Has anyone found a fix for this yet? Please advise!
Re: Error No data found
Posted: Tue Apr 28, 2015 9:30 am
by jolson
mgallamore, sput,
It's possible that this issue is cropping up with devices that use NSEL - Cisco's netflow variant for ASA devices. This is different than normal netflow, and can require a special option to be enabled when nfdump is compiled.
Please note that you may lose previous flow information by performing this procedure.
To enable NSEL support in nfdump:
Code: Select all
cd /tmp
wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.13/nfdump-1.6.13.tar.gz/download
tar xzf download
cd nfdump-1.6.13/
./configure --enable-sflow --enable-nsel
make
make install
You can check whether NSEL support is on with the following command:
We can easily revert to the previous nfdump version if the above does not work. Any test results you guys could provide could be a big help.
Re: Error No data found
Posted: Tue Apr 28, 2015 10:36 am
by sput
You are the BEST jolson! This fixed the issue for me
Thank you so much!
Re: Error No data found
Posted: Tue Apr 28, 2015 10:39 am
by tmcdonald
Great to hear!
We'll leave this open for mgallamore to test and respond.
Re: Error No data found
Posted: Tue May 26, 2015 9:50 am
by mgallamore
Jolson, that did the trick for us as well. got 5 ASA reporting netflow now.
Thanks for the help.
Re: Error No data found
Posted: Tue May 26, 2015 9:57 am
by tmcdonald
I'll be closing this thread now, but feel free to open another if you need anything in the future!