Nagios Support Forum

i recently setup network analyzer to integrate with my nagios xi for netflow monitoring, i did create a source group and i can see the data coming in but no talkers, any help with what am missing? see screenshot attached. am running the latest version of network analyzer NA 2.4.0

Hello @rnjie,

This usually caused by time sync issues. You'll want to check and see if the time of the NNA server in in sync with the device that is sending the FLOW data. If they are out of sync, that will cause the issue you are seeing.

You can check the server time and php time settings by running the following commands:

thank you but they are in sync, same time zone

Hi @rnjie,

Let's check the Apache logs for errors. Can you run the following tail command: Next, re-load the page and post the output of any errors.

Thanks.

I'm pretty sure I've helped someone in the past with this error and the fix was to change the following in the /etc/php.ini Then restart httpd

this is the output of below command before and after reloading the webpage

==> /var/log/httpd/access_log <==
10.3.99.152 - - [03/May/2019:14:10:05 -0500] "POST /nagiosna/api/system/source_status HTTP/1.1" 200 169 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:05 -0500] "POST /nagiosna/api/views/get_views HTTP/1.1" 200 2 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:15 -0500] "POST /nagiosna/api/queries/read HTTP/1.1" 200 624 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:19 -0500] "POST /nagiosna/api/queries/read HTTP/1.1" 200 257 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:19 -0500] "POST /nagiosna/api/queries/execute HTTP/1.1" 200 106 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:19 -0500] "POST /nagiosna/queries/queryviz HTTP/1.1" 200 6870 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:19 -0500] "GET /nagiosna/api/graphs/queryviz?sid=2&qid=2&agg1=dstip&agg2=srcip&sortby=bytes HTTP/1.1" 200 65 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:31 -0500] "POST /nagiosna/queries/queryviz HTTP/1.1" 200 6870 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:31 -0500] "POST /nagiosna/api/queries/execute HTTP/1.1" 200 106 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:10:31 -0500] "GET /nagiosna/api/graphs/queryviz?sid=2&qid=2&agg1=dstip&agg2=srcip&sortby=bytes HTTP/1.1" 200 65 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:22:43 -0500] "POST /nagiosna/index.php/api/system/cpu_status HTTP/1.1" 200 15 "http://10.2.102.83/nagiosxi/config/moni ... wizard=nna" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:22:43 -0500] "POST /nagiosna/index.php/api/sources/read HTTP/1.1" 200 175 "http://10.2.102.83/nagiosxi/config/moni ... wizard=nna" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:22:43 -0500] "POST /nagiosna/index.php/api/views/get_views HTTP/1.1" 200 2 "http://10.2.102.83/nagiosxi/config/moni ... wizard=nna" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:22:52 -0500] "POST /nagiosna/index.php/api/graphs/execute HTTP/1.1" 200 5716 "http://10.2.102.83/nagiosxi/config/monitoringwizard.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:23:13 -0500] "POST /nagiosna/index.php/api/system/cpu_status HTTP/1.1" 200 17 "http://10.2.102.83/nagiosxi/config/monitoringwizard.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:23:13 -0500] "POST /nagiosna/index.php/api/sources/read HTTP/1.1" 200 175 "http://10.2.102.83/nagiosxi/config/monitoringwizard.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:23:13 -0500] "POST /nagiosna/index.php/api/views/get_views HTTP/1.1" 200 2 "http://10.2.102.83/nagiosxi/config/monitoringwizard.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:05 -0500] "GET /nagiosna/sources/queries/2 HTTP/1.1" 200 44764 "http://10.2.102.87/nagiosna/sources/percentile/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:05 -0500] "GET /nagiosna/media/favicon.ico HTTP/1.1" 200 822 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:05 -0500] "POST /nagiosna/api/system/source_status HTTP/1.1" 200 169 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:05 -0500] "POST /nagiosna/api/views/get_views HTTP/1.1" 200 2 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:06 -0500] "GET /nagiosna/sources/queries/2 HTTP/1.1" 200 44764 "http://10.2.102.87/nagiosna/sources/percentile/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:07 -0500] "GET /nagiosna/media/favicon.ico HTTP/1.1" 200 822 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:07 -0500] "POST /nagiosna/api/system/source_status HTTP/1.1" 200 169 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:07 -0500] "POST /nagiosna/api/views/get_views HTTP/1.1" 200 2 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:13 -0500] "GET /nagiosna/sources/queries/2 HTTP/1.1" 200 44764 "http://10.2.102.87/nagiosna/sources/percentile/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:13 -0500] "GET /nagiosna/media/favicon.ico HTTP/1.1" 200 822 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:13 -0500] "POST /nagiosna/api/system/source_status HTTP/1.1" 200 169 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:13 -0500] "POST /nagiosna/api/views/get_views HTTP/1.1" 200 2 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:16 -0500] "GET /nagiosna/sources/queries/2 HTTP/1.1" 200 44764 "http://10.2.102.87/nagiosna/sources/percentile/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:16 -0500] "GET /nagiosna/media/favicon.ico HTTP/1.1" 200 822 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:16 -0500] "POST /nagiosna/api/system/source_status HTTP/1.1" 200 169 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"
10.3.99.152 - - [03/May/2019:14:26:16 -0500] "POST /nagiosna/api/views/get_views HTTP/1.1" 200 2 "http://10.2.102.87/nagiosna/sources/queries/2" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36"

Did you change the max_execution_time ?

scottwilkerson wrote:I'm pretty sure I've helped someone in the past with this error and the fix was to change the following in the /etc/php.ini

Code: Select all

max_execution_time = 90

Then restart httpd

Code: Select all

service httpd restart

I'd also review the nfcapd files the data is stored in to make sure the timestamp is correct in them. This can be done by navigating to the sources directory (/usr/local/nagiosna/var/SOURCENAME/flows) and running the nfdump command on the latest nfcapd files:

nfdump -r nfcapd.TIMESTAMP

yes i did change the max execution time to 90 and restarted http and nothing changed, when i ran the nfdump command on the latest timestamp this is what i get

Summary: total flows: 4641, total bytes: 7281432, total packets: 20102, avg bps: 0, avg pps: 0, avg bpp: 0
Time window: 2019-05-06 04:00:00 - 2019-05-06 04:05:00
Total flows processed: 4641, Blocks skipped: 0, Bytes read: 371408
Sys: 0.036s flows/second: 125575.0 Wall: 0.198s flows/second: 23377.2

okay noe i just noticed that there wasnt any flow of data during the weekend, it stopped sending flows on the friday 5/3/2019, so now i do not have both the low data and talkers. the only changes i did on friday was the max execution to 90.