Does not see top 5 talkers for switch in NNA
-
- Posts: 28
- Joined: Tue May 07, 2019 12:17 am
Does not see top 5 talkers for switch in NNA
Hello,
I have added one linux server and cisco switch. Strange thing is linux is working fine and view all details of flow. Whereas switch shows bandwidth but does not show top five talkers and other views. I can see nfcapd.* file getting created for switch and can see data inside those file sing 'nfdump -r <file name>'.
I can see date time in nfcapd file '1970-01-01 00:00:00.000' in this format, which looks problem.
Please help to understand this issue and resolve it.
I have added one linux server and cisco switch. Strange thing is linux is working fine and view all details of flow. Whereas switch shows bandwidth but does not show top five talkers and other views. I can see nfcapd.* file getting created for switch and can see data inside those file sing 'nfdump -r <file name>'.
I can see date time in nfcapd file '1970-01-01 00:00:00.000' in this format, which looks problem.
Please help to understand this issue and resolve it.
Re: Does not see top 5 talkers for switch in NNA
Please send me a copy of the nfcapd file in a private message so I may review it.
What version of netflow is the sending device using?
What version of netflow is the sending device using?
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 28
- Joined: Tue May 07, 2019 12:17 am
Re: Does not see top 5 talkers for switch in NNA
cdienger wrote:Please send me a copy of the nfcapd file in a private message so I may review it.
What version of netflow is the sending device using?
I am using NAgios NA 2.4.1 latest version. Device is sending v5 netflow. I have sent you nfcapd file in private message. I have tried to remove and add source again but no change.
Few more info in advance.
[root@EACYNVD-NAGN1 flows]# grep "date.timezone =" /etc/php.ini
date.timezone = UTC
[root@EACYNVD-NAGN1 flows]#
[root@EACYNVD-NAGN1 flows]#
[root@EACYNVD-NAGN1 flows]# cat /etc/localtime
TZif2UTCTZif2UTC
UTC0
[root@EACYNVD-NAGN1 flows]# date
Thu Oct 15 18:15:55 UTC 2020
your help is appreciated.
-
- Posts: 28
- Joined: Tue May 07, 2019 12:17 am
Re: Does not see top 5 talkers for switch in NNA
Hello,
I am using v9 netflow instead of v5. Sorry for misinformation.
cynotempswitch#sh flow exporter
Flow Exporter Netflow-to-Nagios:
Description: User defined
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: x.x.x.x
Source IP address: x.x.x.x
Source Interface: Vlan999
Transport Protocol: UDP
Destination Port: 9911
Source Port: 60927
DSCP: 0x0
TTL: 255
Output Features: Not Used
I am using v9 netflow instead of v5. Sorry for misinformation.
cynotempswitch#sh flow exporter
Flow Exporter Netflow-to-Nagios:
Description: User defined
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: x.x.x.x
Source IP address: x.x.x.x
Source Interface: Vlan999
Transport Protocol: UDP
Destination Port: 9911
Source Port: 60927
DSCP: 0x0
TTL: 255
Output Features: Not Used
Re: Does not see top 5 talkers for switch in NNA
Are you able to switch it to use v5 as a test?
I'd also like to get a tcpdump of the traffic(both v9 and v5 if possible):
Let that run a few minutes, use CTRL+C to stop it, and PM me the output.pcap.
I'd also like to get a tcpdump of the traffic(both v9 and v5 if possible):
Code: Select all
yum -y install tcpdump -s 0 -i any
tcpdump -s 0 -i any port 9911 -w output.pcap
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 28
- Joined: Tue May 07, 2019 12:17 am
Re: Does not see top 5 talkers for switch in NNA
I have shared pcap file v5 and v9 on private message, please check. i done see any traffic after changing netflow version. Please assist.cdienger wrote:Are you able to switch it to use v5 as a test?
I'd also like to get a tcpdump of the traffic(both v9 and v5 if possible):
Let that run a few minutes, use CTRL+C to stop it, and PM me the output.pcap.Code: Select all
yum -y install tcpdump -s 0 -i any tcpdump -s 0 -i any port 9911 -w output.pcap
Re: Does not see top 5 talkers for switch in NNA
Thanks for that. The date is showing up in the data that NNA is receiving so it would appear to be an issue parsing that information out and storing it in the nfcapd files. I'd like to get a some of the raw files for a closer look.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 28
- Joined: Tue May 07, 2019 12:17 am
Re: Does not see top 5 talkers for switch in NNA
I have shared raw ncapd file on dm, please check.
Re: Does not see top 5 talkers for switch in NNA
Reviewing the tcpdumps a bit closer and comparing them from a working lab machine, it appears the flows are missing the start and end timestamps. These are used to identify the date and time and their absense would explain the 1970 date you see in the files. If you review https://assets.nagios.com/downloads/nag ... alyzer.pdf, you'll see some configuration examples where these are added. Page 4 for example:
or page 5:
Code: Select all
..
collect timestamp sys-uptime first
collect timestamp sys-uptime last
..
Code: Select all
..
collect timestamp absolute first
collect timestamp absolute last
..
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 28
- Joined: Tue May 07, 2019 12:17 am
Re: Does not see top 5 talkers for switch in NNA
cdienger wrote:Reviewing the tcpdumps a bit closer and comparing them from a working lab machine, it appears the flows are missing the start and end timestamps. These are used to identify the date and time and their absense would explain the 1970 date you see in the files. If you review https://assets.nagios.com/downloads/nag ... alyzer.pdf, you'll see some configuration examples where these are added. Page 4 for example:
or page 5:Code: Select all
.. collect timestamp sys-uptime first collect timestamp sys-uptime last ..
Code: Select all
.. collect timestamp absolute first collect timestamp absolute last ..
Hello,
It works now after adding timestamp config in network device.
Thanks for solution, really appreciated for your time and responses.