Netflow trafic not showing
247 views
Skip to first unread message
crist...@gmail.com
Nov 19, 2013, 11:28:00 AM11/19/13
to nxfil...@googlegroups.com
Hello,
I have a liitle problem with the netflow, all the configuration seems ok but despite of this I don't see any data in history->netflow.
Here is my configuration, its a Cisco router:
intergace g0/1
ip flow ingress
ip flow-export version 5
ip flow-export destination 1x.xxx.xxx.xxx 2033
ip flow-export version 5
ip flow-export destination 1x.xxx.xxx.xxx 2033
Nxfilter version is 1.7.1 and it seems to receive the packets:
INFO [11-19 18:20:00] - Still writing, history_cnt = 48, signal_cnt = 0, flow_cnt = 0, recv_flow = 2520
INFO [11-19 18:23:00] - Still writing, history_cnt = 40, signal_cnt = 0, flow_cnt = 0, recv_flow = 1890
INFO [11-19 18:24:00] - Still writing, history_cnt = 1, signal_cnt = 0, flow_cnt = 0, recv_flow = 1650.
INFO [11-19 18:25:00] - Still writing, history_cnt = 1, signal_cnt = 0, flow_cnt = 0, recv_flow = 2010.
INFO [11-19 18:25:00] - Still writing, history_cnt = 1, signal_cnt = 0, flow_cnt = 0, recv_flow = 2010.
Only one computer is using NXFILTER as dns server and I have done traffic on that pc.
What can be the problem ??
Thank you
Cristian
Jinhee
Nov 19, 2013, 10:19:59 PM11/19/13
to nxfil...@googlegroups.com
Hi Cristian,
Your NxFilter drops the netflow data coz it doesn't need it.
Firstly you'd need to enable authentication otherwise there's no bandwidth control.
No user, no bandwidth control needed.
And it ignores if it's internal traffic data.
You don't want to include the internal traffic into your bandwidth control normally.
Read this carefully again.
http://nxfilter.org/tutorial.php#bandwidth
Jinhee
Your NxFilter drops the netflow data coz it doesn't need it.
Firstly you'd need to enable authentication otherwise there's no bandwidth control.
No user, no bandwidth control needed.
And it ignores if it's internal traffic data.
You don't want to include the internal traffic into your bandwidth control normally.
Read this carefully again.
http://nxfilter.org/tutorial.php#bandwidth
Jinhee
crist...@gmail.com
Nov 20, 2013, 4:04:52 AM11/20/13
to nxfil...@googlegroups.com
Hi Jinhee,
You where right, I had no users defined, now is working ok.
Thank you for the help.
Cristian
crist...@gmail.com
Nov 20, 2013, 4:29:25 AM11/20/13
to nxfil...@googlegroups.com
I have one more question of you don't mind:
Why the netflow data appears like this and not like a single flow, the flows below are part of a single file download that has 883MB, the file was downloaded using internet explorer :
| 11/20 11:19 | 2B | 172.18.8.2 | 132,236,790 | 218.100.43.30 | 80 | 172.18.8.2 | 47469 | TCP | |
| 11/20 11:18 | 2B | 172.18.8.2 | 173,281,500 | 218.100.43.30 | 80 | 172.18.8.2 | 47469 | TCP | |
| 11/20 11:17 | 2B | 172.18.8.2 | 176,023,500 | 218.100.43.30 | 80 | 172.18.8.2 | 47469 | TCP | |
| 11/20 11:16 | 2B | 172.18.8.2 | 159,198,000 | 218.100.43.30 | 80 | 172.18.8.2 | 47469 | TCP | |
| 11/20 11:15 | 2B | 172.18.8.2 | 190,903,500 | 218.100.43.30 | 80 | 172.18.8.2 | 47469 | TCP | |
| 11/20 11:14 | 2B | 172.18.8.2 | 134,215,672 | 218.100.43.30 | 80 | 172.18.8.2 | 47469 | TCP | |
Jinhee
Nov 20, 2013, 5:23:22 AM11/20/13
to nxfil...@googlegroups.com
You mean that you want to see it as one data?
But it's broken into pieces.
Actually NxFilter gets netflow data from your router as a lot of pieces.
More than it appears on the screen.
NxFilter keeps the data in-memory and flushes it once a minute.
So if it is as it is you would spend a lot of disk space and I made the summarized data out of the original data.
Regarding why it's broken into pieces.
I don't know.
It is just from your router.
Jinhee
But it's broken into pieces.
Actually NxFilter gets netflow data from your router as a lot of pieces.
More than it appears on the screen.
NxFilter keeps the data in-memory and flushes it once a minute.
So if it is as it is you would spend a lot of disk space and I made the summarized data out of the original data.
Regarding why it's broken into pieces.
I don't know.
It is just from your router.
Jinhee
crist...@gmail.com
Nov 20, 2013, 12:12:11 PM11/20/13
to nxfil...@googlegroups.com
Hi,
Yes, I think that is normal to see the data flows above as one data(one flow), because al of the pieces above are from the same file download, they have the same port and ip.
But if this is the way the router send the netflow data, I think that is ok.
Also would be great to see the total amount of data traffic that one user has made, in one hour or day etc.
Thank you,
Cristian
Jinhee
Nov 20, 2013, 7:58:08 PM11/20/13
to nxfil...@googlegroups.com
Hi Cristian,
Yes. That might be better for some people to see it as one data.
But if you want to know who's doing what in real-time way it would be better as it is.
I will think about that 'total amount of data traffic' thing in future.
Jinhee
Yes. That might be better for some people to see it as one data.
But if you want to know who's doing what in real-time way it would be better as it is.
I will think about that 'total amount of data traffic' thing in future.
Jinhee
crist...@gmail.com
Nov 22, 2013, 9:46:41 AM11/22/13
to nxfil...@googlegroups.com
Hi Jinhee,
Yes, all in all I think that is ok how nxfilter is showing the netflow data.
The "total amount of traffic" a user makes in one day for example I think is useful, because you cannot tell in this moment the amount of traffic a user is doing, at least not so easy, personally this feature will help me much to identify users that are downloading large amount of data more easily.
Thank you.
Cristian
Reply all
Reply to author
Forward
0 new messages