Hi,
I have been trialling scrutinizer because we want to see the packets coming in from 3750's and these are not supported
under netflow. You can put span ports and plug a laptop into it and the Nprobe software will convert the original packets into
netflow format. This is then sent to the Scrutinizer module on the server and you can see the application traffic etc.
Solarwinds said that this should working using the Netflow module but I either get an error message saying that netflow traffic is seen on an unmanaged interface on the laptop (but i am monitoring all the interfaces) or it does not see any traffic.
If the laptop is pushing netflow traffic to the netflow module I would think that it should see this and it should work.
Anyone any knowledge on this?
Thanks
Sam
Thanks David,
I will see what I can do. :)
I apologise for not providing more details, it was late and I was getting frustrated. The thing that I am not sure about is whether or not this method will replace the need for a netflow-able router altogether. Will one instance of nprobe, properly configured, provide the flows for all the interfaces being monitored? Or will I need to run nprobe on every device being monitored?
Regards
[EDIT]
I have since installed fprobe on one of the Linux interfaces and confirm that it is working correctly so far, I may recant this when I have had a chance to collect enough data.
I now understand that nprobe must be installed on each individual device, and that the collector is working. Now all I need is to figure out the correct nprobe flags... :s hopefully this won't be too hard :)
[EDIT2]
"NetFlow Receiver Service [PC3] is receiving a NetFlow data stream from an unmanaged interface on 10.0.0.133. The NetFlow data stream will be discarded. Please use the Orion System Manager to add Interface #8 in order to process this NetFlow data stream."
So close! PC03 is infact 10.0.0.133, which is where Orion is installed and it is also the collector. I have added this interface again with the System Manager but it changed nothing. Where exactly do i advise Orion to accept the netflow stream from this interface?
Still no luck.
I am at the point of trying to discover the values for -i, -u & -Q.
I have tried omitting -u & Q, so that it can be allocated dynamically, but neither "-i 1" nor "-i 0" makes any change.
I have deleted the node and re-discovered it a nubmer of times, ensuring that I have selected the interface when doing so, but the results are not changing.
The 'Interface Details' page says that the index is 2. I tried using this for -u & -Q, but again there was no change. I now have 21 big yellow warning boxes, and am out of combinations to try.
I don't suppose anyone has a method for determining these numbers other than trial and error?
It would be greatly appreciated :)
Hello again,.
I am still having trouble here.
I have the full nProbe binary for win32, which I have installd as a service on the same machine as the collector with the following args:
c:/Prog.../nProbe.exe -/i -n localhost:2055
I use fprobe on my linux machine, which 'seems' to work, so I assume the collector is working. Can anyone suggest a working configuration for the nProbe service?
=^_^=
did you try nprobe /c -h?
At the end you get the available interfaces with the index
Thanks :)
It looks like it is working:
C:\Program Files\nProbe-Win32>nprobe /c -hRunning nProbe for Win32.~Available interfaces: [index=0] 'Adapter for generic dialup and VPN capture' [index=1] 'Attansic AtcL001 Gigabit Ethernet Controller'...C:\Program Files\nProbe-Win32>nprobe /c -i 1 -n 10.0.0.133:2055Running nProbe for Win32.01/Sep/2008 08:45:14 [dbPlugin.c:65] Initializing DB plugin01/Sep/2008 08:45:14 [nprobe.c:3858] Capturing packets from interface \Device\NPF_{14CE400A-4AB7-47C4-AAD7-5440FB2E6DA6}
However when I point the Netflow Realtime application at this IP, it captures the traffic speed, but when I select 'Start Flow Capture' I receive the warning 'NetFlow is not detected on the selected interface (see attached image)
It looks like nProbe is running, but not generating any captures. Are they stored locally anywhere that I can confirm it is recording somethgin at all?
Thanks for your help :)
Try to add the u and Q switch (so that the input device and output device are not assigned dynamically) that worked for me (you do have to wait a little while before the interface captures netflow).
C:\Program Files\nProbe-Win32>nprobe /c -i 1 -n 10.0.0.133:2055 -u 1 -Q 1
Hope this helps!
You are a gentleman and a scholar
I do wish there was an easier way to figure out the -i, -u, & -Q values but I can live with trial an error :)
thanks again
