Page 1 of 1
No data with Cisco 4331 and Netflow Exporter
Posted: Thu Aug 11, 2016 11:48 pm
by ebounous
No data with Cisco 4331 and Netflow Exporter
I have the exact same setup on another router... but I ungraded the server to the latest NA ver. and this router stopped working. I deleted, added (with a different name) the device, but I am getting no data. The flow info is getting sent.
Ideas??
Re: No data with Cisco 4331 and Netflow Exporter
Posted: Fri Aug 12, 2016 1:21 am
by Box293
Re: No data with Cisco 4331 and Netflow Exporter
Posted: Fri Aug 12, 2016 9:07 am
by ebounous
Those are all great resources. I have gone through them initially and they all appear to be correct. I'll look at them in more detail and let you know.
Thanks
Re: No data with Cisco 4331 and Netflow Exporter
Posted: Fri Aug 12, 2016 12:52 pm
by bwallace
Definitely let us know what you find out, we'll leave this thread open in the meantime.
Re: No data with Cisco 4331 and Netflow Exporter
Posted: Mon Aug 15, 2016 3:03 pm
by ebounous
I found that the Firewall was turned on, I stopped it and now one of my two sources is working that was not working. I performed a NA updated and rebooted the server and now I have completely disabled the FW. The one source still not functioning, while receiving data and the flows folder looks correct, I still see 'do data' on the source. I have seen some sequence errors in the /var/log/messages, so I am thinking that somehow NA is unable to pull the data in completely, if it is out of sequence? Both 4331 routers have the exact same version and config, except a different port.
Any thoughts?
Re: No data with Cisco 4331 and Netflow Exporter
Posted: Mon Aug 15, 2016 3:40 pm
by tgriep
Can you post the errors you are seeing in the /var/log/messages file so we can view them?
Also, check this log to see if there are any errors.
Code: Select all
/usr/local/nagiosna/var/backend.log
Can you login to the NNA server as root and run the tcpdump command to see if the server is receiving data?
Replace xxxx with the port that it should receive data on.
You may have to install tcpdump and that can be done by running
Re: No data with Cisco 4331 and Netflow Exporter
Posted: Mon Aug 29, 2016 11:48 am
by ebounous
I have resolved the issues with the 4331 and Netflow. After running TCPDUMP and knowing it was receiving data, I started some other troubleshooting steps....
First, changing the UDP port helped. I started all my routers with UDP ports starting in the dynamic range of 49152. The port I was using must have conflicted somehow. It wasn't' receiving all the data.
Second, I had to with one router make sure all options existed.
collect timestamp sys-uptime first
collect timestamp sys-uptime last
This must be included in the FlowRecord section of the Cisco Config. ( one router was missing this and nfdump which reads the netflow data was giving me a time error)
I now have multiple locations sending netflow data and it's working beautifully.
Thanks,
Evan
Re: No data with Cisco 4331 and Netflow Exporter
Posted: Mon Aug 29, 2016 2:33 pm
by mcapra
Is it alright if we lock this thread and mark the issue as resolved?