Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NNA does not receive data from Juniper SRX100H2

https://support.nagios.com/forum/viewtopic.php?t=41559

Page 1 of 1

NNA does not receive data from Juniper SRX100H2

Posted: Tue Dec 13, 2016 8:19 am
by HduarteEservices
Hi everyone

I've got a situation with a Juniper SRX100 services gateway and my NNA.

NNA won't receive any Jflow data from the Juniper. I've checked the config many times and still can't figure it out.
This is an example of my CLI

Code: Select all

forwarding-options
     sampling {
          input {
               rate 1;
               run-length 0;
               max-packets-per-second 50000;
          }
          family inet {
               output {
                    flow-active-timeout 60;
                    flow-server 192.168.33.38 {
                    port 9996;
                    }
                    flow-server 192.168.33.96 {
                         port 9996;
                         version 5;
                    }
               }
          }
     }
}
Then i enable the NTP server but still NNA wont capture any Jflow.

I will appreciate any help.

Thanks in advance.

Re: NNA does not receive data from Juniper SRX100H2

Posted: Tue Dec 13, 2016 12:58 pm
by bwallace
A couple of things to check on the NNA box right off the bat....

1) check if the source's nfcapd process is running...

ps aux | grep /usr/local/nagiosna/var/<source name>

You can also refer to the bottom of page 2 'General Troubleshooting Advice' here
https://assets.nagios.com/downloads/nag ... ackend.pdf
___________________________________________

2) Navigate to the flows/ directory of the source in question...
/usr/local/nagiosna/var/<source name>/flows
...and find the newest nfcap file that is not nfcap.current. Then run:

nfdump -r <newest nfcap file>

If this shows any data at all, it should also be present in the web interface, if this is showing zeros, then the web interface should be showing zeros as well. Take note of the time shown in the output as this is the sending device's time - compare this to the NNA system time, mentioned below - the two must be in sync with each other - this is very important us know if they are not in sync.

*****If there is no data at all here, then the flows are not even reaching NNA. This could be due to a firewall in the way or the sending device is improperly configured. To further test/confirm if flows are arriving at NNA, run a tcpdump on the NNA machine...

tcpdump dst port <port that traffic is supposed to be coming in on>

*Run 'yum install tcpdump' if you get a 'command not found' error message*

The tcpdump will provide indisputable proof as to whether or not flows are reaching NNA. If the tcpdump is showing up empty then the issue is either with the sending device's configuration or some other network device is blocking this traffic.


If in any doubt, feel free to post any output from the above commands. Thanks.

Re: NNA does not receive data from Juniper SRX100H2

Posted: Mon Dec 26, 2016 2:55 pm
by HduarteEservices
Hi bwallace

first of all, thank you for such a detailed answer.

Yes, I've checked, step by step all what you listed above.

I just hear from our client, and the problem was a solved. They told me that it was on the Juniper's side, apparently the command was not complete. I say(write) in that way because I do not know exactly what was wrong. But luckely in the Nagios Network Analyzer part was everthing okay.

Thanks one more for your time.

Merry Christmas and Happy New Year.

Re: NNA does not receive data from Juniper SRX100H2

Posted: Tue Dec 27, 2016 1:22 pm
by bwallace
Appreciate the update and glad to hear it is resolved!
Merry Christmas and Happy New Year to you as well, locking this thread now....
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited