產(chǎn)品答疑
- 什么是NetFlow Analyzer?
- 什么是接口?
- 什么是NetFlow?
- 不同 NetFlow版本的區(qū)別?
- How is NetFlow與其它流量分析軟件有什么不同�,如MRTG?
- NetFlow只支持思科設備嗎?
許可信息
- 免費版于專業(yè)版有什么不同?
- NetFlow Analyzer有沒有免費評估版本?
- 試用版有什么限制嗎?
- 升級到專業(yè)版之后需要重新安裝NetFlow Analyzer嗎�����?
- 多少個用戶可以同時訪問NetFlow Analyzer�����?
安裝
- 當我訪問web接口時��,另一個web服務器正在占用該端口���,我該怎么辦����?
- 如何將NetFlow Analyzer的MySQL端口由13310改為其它端口?
- 我可以使用root用戶安裝并運行NetFlow Analyzer嗎�����?
- 是否需要備份數(shù)據(jù)庫��,NetFlow Analyzer具有備份數(shù)據(jù)庫功能嗎��?(或者)如何在NetFlow Analyzer中進行數(shù)據(jù)備份�?
- 如何在Linux中升級NetFlow Analyzer?
配置路由器
- 為什么不能將路由器添加到NetFlow Analyzer?
- 我已經(jīng)在路由器上配置了導出NetFlow數(shù)據(jù)���,但是仍然不能在畫面上看到。
- 我已經(jīng)在許可管理頁面刪除了路由器和全部接口��,但是仍然在畫面中存在���。
- 許可界面中的取消管理和刪除有什么區(qū)別�?(或者) 在許可管理界面�,什么時候該取消管理設備,什么時候該刪除設備���?
- 如何在路由器中配置SNMP團體字符串
- 如何在路由器上設置與NFA服務器的時間同步����?
報表
- 為什么圖表沒有數(shù)據(jù)?
- W什么是聚合數(shù)據(jù)和原始數(shù)據(jù)�?如何設置原始數(shù)據(jù)存儲周期?
- 為什么有的應用程序被標記為"TCP_App"或其它類型內(nèi)容�?
- Why are only the top 5 or 10 values shown in the reports? What if I want more detail?
- The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?
- Why are some interfaces labeled as IfIndex2,IfIndex3, etc.?
- The total bandwidth usage seems to decrease depending on the granularity of the report. Why is that?( or )why is there a discrepancy between the values seen in the graph and the Max / Min values ?
NBAR
- Which features are not supported by NBAR?
- Any restrictions on where we can configure NBAR?
- What Does NBAR Performance Depend On?
- Is performance dependent on the number of interfaces that NBAR is enabled on? Does the link speed of the interface(s) that NBAR is enabled?
- I am able to issue the command "ip nbar protocol-discovery" on the router and see the results. But NFA says my router does not support NBAR, Why?
- How do I verify whether my router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB?
V9
- What is NetFlow Version 9?
- What is the memory impact on the router?
- "Receiving non V5/V7/V9 packets from the following devices: Click here for further details.." What does this mean?
- Is version 9 backward compatible ?
- What is the performance impact of V9?
- What are the restrictions for V9?
- How do I configure NetFlow Version 9?
Technical Information
- How is traffic information stored in the NetFlow Analyzer database?
- How are ports assigned as applications in NetFlow Analyzer?
- Do I have to reinstall NetFlow Analyzer when moving to the fully paid version?
- How many users can access the application simultaneously?
- NetFlow Analyzer logs out after a period of inactivity. How do I avoid that?
- How to create DBInfo log file ?
- What are the advantages of configuring multiple NetFlow Listener Ports ?
- What information do I need to send to NFA support for assistance?
- How to safely migrate NFA installation to different machine ?
- What do I do if my NFA server becomes slow ? (or) How do I improve my NFA system performance ?
- Why NFA says router time not is SYNC and stops collecting data ?
- How do I buy NetFlow Analyzer?
Back
General Product Information
-
What is NetFlow Analyzer?
NetFlow Analyzer是基于網(wǎng)絡的帶寬監(jiān)控工具和流量分析工具,提供 Cisco NetFlow?, sFlow?, cflowd?, jFlow?, IPFIX?, NetStream?和Cisco NBAR?的網(wǎng)絡流量明細報表��。 NetFlow Analyzer幫助IT管理員解答誰在何時何地做了什么�,以及帶寬使用情況。
- 什么是接口?
接口指網(wǎng)關或路由器設備上的3層物理和邏輯端口����。
- 什么是NetFlow?
Cisco® NetFlow技術是Cisco IOS設備的嵌入功能。NetFlow數(shù)據(jù)記錄包括源和目標地址信息����,以及端到端的會話使用的協(xié)議和端口。NetFlow Analyzer使用這些信息生成流量模式和帶寬利用率圖表和報表�。
- NetFlow各個版本有什么不同?
當前NetFlow已經(jīng)發(fā)布了5個版本�����。版本1是原始版本,版本5是標準版����,是最常見的版本。版本7主要應用于Catalyst 6500和7600Series交換機��。除了不包括AS���,接口��,TCP flag�,和TOS之外�����,與版本5是一樣的�。NetFlow版本8介紹了如何減少資源利用率�,包括11個集合計劃。版本9是最新版本����,此版本靈活的支持可擴展格式的MPLS, Multicast等。
NetFlow Analyzer目前支持NetFlow 5���,7和9版本����。
-
NetFlow和其它流量分析軟件如MRTG有什么不同?
MRTG和其它類似工具僅限于接口統(tǒng)計���。這類工具不能為您提供應用程序級別明細�,如主機���,協(xié)議和會話和固有的一部分IP流量��。NetFlow流量分析 traffic statistics可以提供更多信息��,更深入更好的帶寬分析��。
- 只有Cisco廠商支持NetFlow嗎����?
NetFlow技術由Cisco發(fā)明�����,Cisco IOS設備提供NetFlow兼容性����,其它廠商的設備也可能支持NetFlow���。
后退
許可信息
-
NetFlow Analyzer免費版和專業(yè)版有什么不同?
NetFlow Analyzer免費版可以生成最大2個路由接口的NetFlow數(shù)據(jù)報表����,而專業(yè)版可以生成最大n個接口的NetFlow數(shù)據(jù)報表(接口數(shù)目n就是您購買的接口數(shù)目。)除此之外�����,兩個版本之間沒有其它特性和功能的不同���。
-
可以對NetFlow Analyzer進行免費評估嗎���?
是的。您可以點擊這里進行下載NetFlow Analyzer����,并進行30天的免費評估���。
-
NetFlow Analyzer使用版有什么限制嗎����?
NetFlow Analyzer試用版是全功能版本,點這里您可以下載試用版��。
-
升級到專業(yè)版必須要重新安裝NetFlow Analyzer嗎���?
不���。您不必重新安裝或停止服務器。您只需要在位于NetFlow Analyzer web客戶端的升級許可框中提供新的許可文件 ���。
- 多少個用戶可以同時訪問NetFlow Analyzer�����?
這取決于安裝NetFlow Analyzer的服務器性能�����。NetFlow Analyzer許可沒有對用戶訪問進行限制��。
后退
安裝
-
當我訪問web接口時���,另一個web服務器正在占用該端口���,我該怎么辦?
在安裝過程中��,NetFlow Analyzer會檢查所用的端口是否被其它應用程序占用�����。如果這時���,使用該端口的應用程序沒有運行���,則NetFlow Analyzer不會檢測到。 您可以關閉該web服務器���,改變它的服務器端口����,也可以改變NetFlow Analyzer的web服務器端口�。
-
如何將NetFlow Analyzer的MySQL端口由13310改為其它端口?
您可以打開/server/default/deploy 目錄中的mysql-ds.xml文件��,改變jdbc:mysql://localhost:13310/netflow這一行的端口號為所需端口號,保存文件并重啟服務器�。
-
我可以使用root用戶安裝并運行NetFlow Analyzer嗎���?
您可以使用root用戶安裝并啟動NetFlow Analyzer�����,但是所有文件權限將被編輯���,之后您就不能使用其它用戶啟動服務了。
-
是否需要備份數(shù)據(jù)庫����,NetFlow Analyzer具有備份數(shù)據(jù)庫功能嗎?(或者)如何在NetFlow Analyzer中進行數(shù)據(jù)備份��?
NetFlow Analyzer具有數(shù)據(jù)庫備份功能��,您可以使用此功能進行數(shù)據(jù)庫備份�����。有2種備份方式:
- 您可以執(zhí)行腳本"backupdb.bat" / "backupdb.sh"進行備份���,該腳本位于/adventnet/me/netflow/troubleshooting目錄��。這樣就會創(chuàng)建一個zip格式的數(shù)據(jù)庫備份文件�。 當您需要進行恢復時,您必須要將zip文件解壓到/adventnet/me/netflow目錄���。這一過程需要花費一些時間�����。
- 停止NetFlow Analyzer服務��,并到$NETFLOW_HOME/目錄拷貝Mysql和data文件夾�。
上面兩種方法適用于所有版本的NFA�。
- 如何在Linux中升級NetFlow Analyzer?
您可以使用"sh UpdateManager.sh -c"命令��,并按照提示進行升級���。
后退
配置路由器
-
為什么不能將路由器添加到NetFlow Analyzer?
NetFlow Analyzer不會選擇路由器或接口進行監(jiān)視�����。設備會自動進行發(fā)現(xiàn)�。您所要做的只是配置您發(fā)送NetFlow數(shù)據(jù)的接口,設備會通過此接口將數(shù)據(jù)發(fā)送到NetFlow Analyzer����。您可以在設備視圖中查看設備以及它的接口列表。 一旦NetFlow Analyzer開始接收NetFlow數(shù)據(jù)��,您就可以在接口視圖中看到設備以及列出的接口����。
-
我已經(jīng)在路由器上配置了導出NetFlow數(shù)據(jù)�,但是仍然不能在畫面上看到。
請做如下檢查:
- 在設備上檢查是否NetFlow已啟用�,并且已經(jīng)啟動了發(fā)送flow。
- 檢查是否您的路由器正在將NetFlow數(shù)據(jù)導出到NetFlow Analyzer的監(jiān)聽端口��。
- 檢查是否您的路由器正在輸出NetFlow版本 5/ 7/ 9數(shù)據(jù)��。
- 我已經(jīng)在許可管理頁面刪除了路由器和全部接口�����,但是仍然在畫面中存在�����。
這是由于NetFlow Analyzer正在從那臺路由器接受NetFlow包。您需要在路由器上配置停止向NetFlow Analyzer輸出NetFlow數(shù)據(jù)���。
- 許可界面中的取消管理和刪除有什么區(qū)別���? (或者) 在許可管理界面,什么時候該取消管理設備��,什么時候該刪除設備�?
如果您需要臨時停止監(jiān)視路由器或接口,可以在許可管理界面取消管理�。這樣,路由器或接口就仍然會顯示在許可管理界面����。
如果您需要永久停止監(jiān)視路由器或接口,請從接口或路由器上禁用NetFlow輸出��,然后從許可管理界面刪除���。這樣路由器/接口就不會出現(xiàn)在任何客戶端界面上了�����,除非該設備孩子發(fā)送新的flow����。
- 如何在路由器中配置SNMP團體字符串?
請按照如下步驟配置SNMP:
1. 登錄路由器�。
2. 進入全局配置模式
3. 輸入命令snmp-server community public RO ( to set public as Read-Only community )
4. 按住ctrl和Z
5. 輸入命令write mem
- 如何在路由器上設置與NFA服務器的時間同步?
Whenever the time difference between the NetFlow Analyzer Server and the router is above 10 minutes a warning icon will appear in the home page. When this happens, NetFlow Analyzer will stamp the flows based on the system time of the NetFlow Analyzer server. In case you see this, please ensure the following on the router:
1. Check if the time zone and the offset (in Hours and Minutes) for the time zone is set properly (E.g. PST -8 00 for PST or EST -5 00 for EST). You can check this by logging into the router, going into the configure terminal and typing show running-config. You can set the clock time zone and offset using the command clock timezone zone hours [minutes] (E.g. clock timezone PST -8 00)
2. After checking the time zone, check if the correct time is set on your router. You can check this by logging into the router and typing show clock. You can set the clock time using the command clock set hh:mm:ss month date year There is no queuing mechanism is done on heavy periods.
報表
-
為什么圖表沒有數(shù)據(jù)�����?
如果沒有可用數(shù)據(jù)��,圖表為空���。如果您剛剛安裝了NetFlow Analyzer,請等待至少10分鐘后����,在啟動產(chǎn)品查看圖表。如果圖表中仍然沒有數(shù)據(jù)�,則說明NetFlow Analyzer沒有接收到數(shù)據(jù)。您需要檢查路由器設置�����。
- 什么是聚合數(shù)據(jù)和原始數(shù)據(jù)�?如何設置原始數(shù)據(jù)存儲周期�?
As far as aggregated data is concerned, NetFlow Analyzer maintains the top 'n' flows for every ten minutes slot. The record count determines this 'n' values. By default it is set to 100. You may set your own criteria for this purpose. you can change this from the Settings option.
Apart from this NetFlow Analyzer allows you to store raw data (all flows -not just the top n) for upto one month.
1. Aggregated data is stored in 5 levels of tables - 10 Min, Hourly, 6 Hour, 24 Hour and Weekly tables and reports for different periods need to access the corresponding table. For example, very recent reports need to access the 10 Min table and old reports need to access the Weekly table. You can access the table MetaTable to determine the table which contains data for the required time period
2. Raw data is stored in dynamically created tables and data pertaining to different devices (routers) reside in different table for different periods of time. You can access the table RawMetaTable to determine the table which contains data for the required report.
- Some of the applications are labeled as "TCP_App" or something similar. What is that?
If an application is labeled as "TCP_App" or something similar, it means that NetFlow Analyzer has not recognized this application (i.e.) the combination of port and protocol is not mapped as any application. Once you add these applications under Application Mapping they will be recognized.
- Why are only the top 5 or 10 values shown in the reports? What if I want more detail?
NetFlow Analyzer shows the top 50 results in all reports by default. You can see up to 100 results in each report by changing the Record Count value in the Settings page.
- The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?
Check if you have enabled NetFlow on all interfaces through which traffic flows. Since NetFlow traffic accounting is ingress by default, only IN traffic across an interface is accounted for. To see both IN and OUT traffic graphs for an interface, you need to enable NetFlow on all the interfaces through which traffic flows.
- Why are some interfaces labeled as IfIndex2,IfIndex3, etc.?
This happens if the device/interface has not responded to the SNMP requests sent by NetFlow Analyzer. Check the SNMP settings of the interface or manually edit the interface name from the Dashboard. NetFlow Analyzer uses port 161, and the public community string as default SNMP values. If the SNMP settings of your device are different, change the values in the Dashboard Interface View. If you need to change this globally, enter the new values in the same fields under Settings.
- The total bandwidth usage seems to decrease depending on the granularity of the report. Why is that? (or) Why is there a discrepancy between the values seen in the graph and the Max / Min values ?
NetFlow Analyzer aggregates older data in less granular format and due to this reason some of the spikes may not show in older reports. While reports pertaining to last day is generated from tables with 10 minute granularity, reports pertaining to last week is generated from tables with 1 hour granularity
For example, data in 10 minute table pertaining to 10:00, 10:10, 10:20, 10:30, 10:40 and 10:50 would all be aggregated and moved into hourly data tables for one data point pertaining to 10:00.
While the total data volumes is correct, the traffic rates will be averaged over this period. So:
10:00 -> volume transferred 100MBytes, ten minute average rate 1,333Kbits/s
10:10 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:20 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:30 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:40 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:50 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
When aggregated into the one hour table, we get:
10:00 -> volume transferred 105MBytes, one hour average rate 233Kbits/s
The spike up to 1,333Kbits/s has been lost by this averaging process; as the data get aggregated into longer and longer time periods, so this average value will decrease further.
This is the reason for the reduction in the reporting of bandwidth usage over time.
NBAR
- Which features are not supported by NBAR ?
The following features are not supported by NBAR:
- More than 24 concurrent URLs, HOSTs or MIME type matches
- Matching beyond the first 400 bytes in a URL
- Non-IP traffic
- Multicast and other non-CEF switching modes
- Fragmented packets
- Pipelined persistent HTTP requests
- URL/HOST/MIME/ classification with secure HTTP
- Asymmetric flows with stateful protocols
- Packets originating from or destined to the router running NBAR
- Any restrictions on where we can configure NBAR?
You can't configure NBAR on the following logical interfaces:
- Fast EtherChannel
- Interfaces that use tunneling or encryption
- VLANs
- Dialer interfaces
- Multilink PPP
Note: NBAR is configurable on VLANs as of Cisco IOS Release 12.1(13)E, but supported in the software switching path only.
- What Does NBAR Performance Depend On?
Several factors can impact NBAR performance in software-based execution.
A. Router Configuration
1. Number of protocols being matched against it
2. Number of regular expressions being used
3. The complexity of packet inspection logic required
B. Traffic Profile (Packet Protocol Sequence)
1. The number of flows
2. Long duration flows are less expensive than shorter duration flows
3. Stateful protocol matches are more performance impacting than static port applications
- Is performance dependent on the number of interfaces that NBAR is enabled on? Does the link speed of the interface(s) that NBAR is enabled on affect performance ?
No. NBAR performance is not dependent on the number of interfaces that NBAR is enabled on or the link speed of those interfaces. Performance is dependent on the number of packets that the NBAR engine has to inspect, how deep into the packet it has to look to perform regular inspection.
- I am able to issue the command "ip nbar protocol-discovery" on the router and see the results. But NFA says my router does not support NBAR, Why?
Earlier version of IOS supports NBAR discovery only on router. So you can very well execute the command "ip nbar protocol-discovery" on the router and see the results. But NBAR Protocol Discovery MIB(CISCO-NBAR-PROTOCOL-DISCOVERY-MIB) support came only on later releases. This is needed for collecting data via SNMP. Please verify that whether your router IOS supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB.
- How do I verify whether my router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB?
a) You can check CISCO-NBAR-PROTOCOL-DISCOVERY-MIB supported platforms and IOS using the follwoing link. http://tools.cisco.com/ITDIT/MIBS/AdvancedSearch?MibSel=250073
b) Alternately , you can execute "show snmp mib | include cnpd " command at router to know the implemeted mib objects in the router. If the router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB, then the above command gives the following objects.
cnpdStatusEntry.1
cnpdStatusEntry.2
cnpdAllStatsEntry.2
cnpdAllStatsEntry.3
cnpdAllStatsEntry.4
cnpdAllStatsEntry.5
cnpdAllStatsEntry.6
cnpdAllStatsEntry.7
cnpdAllStatsEntry.8
cnpdAllStatsEntry.9
cnpdAllStatsEntry.10
cnpdAllStatsEntry.11
cnpdAllStatsEntry.12
cnpdTopNConfigEntry.2
cnpdTopNConfigEntry.3
cnpdTopNConfigEntry.4
cnpdTopNConfigEntry.5
cnpdTopNConfigEntry.6
cnpdTopNConfigEntry.7
cnpdTopNConfigEntry.8
cnpdTopNStatsEntry.2
cnpdTopNStatsEntry.3
cnpdTopNStatsEntry.4
cnpdThresholdConfigEntry.2
cnpdThresholdConfigEntry.3
cnpdThresholdConfigEntry.4
cnpdThresholdConfigEntry.5
cnpdThresholdConfigEntry.6
cnpdThresholdConfigEntry.7
cnpdThresholdConfigEntry.8
cnpdThresholdConfigEntry.9
cnpdThresholdConfigEntry.10
cnpdThresholdConfigEntry.12
cnpdThresholdHistoryEntry.2
cnpdThresholdHistoryEntry.3
cnpdThresholdHistoryEntry.4
cnpdThresholdHistoryEntry.5
cnpdThresholdHistoryEntry.6
cnpdThresholdHistoryEntry.7
cnpdNotificationsConfig.1
cnpdSupportedProtocolsEntry.2
V9
- What is NetFlow Version 9?
This format is flexible and extensible , which provides the versatility needed to support new fields and record types. This format accommodates new NetFlow-supported technologies such as NAT, MPLS,BGP next hop and Multicast.The main feature of Version 9 Export format is that it is template based.
- What is the memory impact on the router due to V9?
The memory used depends upon the data structures used to maintain template flowsets. As the implementation does not access the NetFlow cache directly the memory used is not very high.
- "Receiving non V5/V7/V9 packets from the following devices: Click here for further details.." What does this mean?
If you get this message on the user interface, it means that NetFlow packets with versions other than version 5/7/9, are being received by NetFlow Analyzer. Check your router settings to make sure that only version 5/7/9 NetFlow exports are being sent to NetFlow Analyzer. This is because NetFlow Analyzer supports only NetFlow version 5/7/9 exports.
- Is version 9 backward compatible ?
Version 9 is not backward-compatible with Version 5 or Version 8. If you need Version 5 or Version 8, then you must configure Version 5 or Version 8.
- What is the performance impact of V9?
Version 9 slightly decreases overall performance, because generating and maintaining valid template flowsets requires additional processing.
- What are the restrictions for V9?
Version 9 allows for interleaving of various technologies. This means that you should configure Version 9 if you need data to be exported from various technologies (such as Multicast, DoS, IPv6, BGP next hop, and so on).
- How do I configure NetFlow Version 9?
Please refer the following document for configuring netflow version 9 http://www.cisco.com/en/US/docs/ios/12_3/feature/gde/nfv9expf.html#wp1069837
Technical Information
- How is traffic information stored in the NetFlow Analyzer database?
For each report, NetFlow Analyzer stores traffic information in a different manner. The following tables describe the data storage pattern for the various reports generated by NetFlow Analyzer. 
- How are ports assigned as applications in NetFlow Analyzer?
A NetFlow export contains information on the protocol, source port, and destination port. When a flow is received, NetFlow Analyzer tries to match the port and protocol in the flow, to an application in the following order:
- The smaller of the source and destination port numbers, to the list of ports configured to each application in the Application Mapping list
- The larger of the source and destination port numbers, to the list of ports configured to each application in the Application Mapping list
- The smaller of the source and destination port numbers, to the port ranges configured to each application in the Application Mapping list
- The larger of the source and destination port numbers, to the port ranges configured to each application in the Application Mapping list
If a matching application is still not found, then depending on the protocol received in the flow, the application is listed as <protocol>_App. (eg.) TCP_App if a flow is received with TCP protocol, and unmatched source and destination ports. If the protocol received in the flow is also not recognized by NetFlow Analyzer, the application is listed as Unknown_App.
 |
A single flow can be categorized as a single application only. In case of a conflict, applications with an exact match for the port number will be accounted for.
|
- Do I have to reinstall NetFlow Analyzer when moving to the fully paid version?
No, you do not have to reinstall or shut down the NetFlow Analyzer server. You just need to enter the new license file in the Upgrade License box.
- How many users can access the application simultaneously?
This depends only on the capacity of the server on which NetFlow Analyzer is installed. The NetFlow Analyzer license does not limit the number of users accessing the application at any time.
- NetFlow Analyzer logs out after a period of inactivity. How do I avoid that?
You can change the time-out value to a higher value than the default ( 30 minutes ) by increasing the parameter session-timeout.
<session-config>
<session-timeout>30</session-timeout>
</session-config>
under <NFA_Home>/AdventNet/ME/NetFlow/server/default/conf/web.xml
Change the value 30 to your desired time-range - say, 600. You will have to restart NFA server for this to take effect.
- How to create DBInfo log file ?
1. Please ensure that NFA is running.
2. Navigate to /Trou
bleshooting directory and execute the file DBInfo.sh / DBInfo.bat
3. It creates a "Info.log" file in the same folder. This contains DB related information. Please send us the "info.log" file to netflowanalyzer-support@manageengine.com for us to analyze and help you better.
- What are the advantages of configuring multiple NetFlow Listener Ports ?
Configuring multiple NetFlow Listener ports can significantly enhance the flow handling rates. You can configure upto 5 listener ports, each seperated by a comma. This can be configured from the Settings -> NetFlow Settings page in the user interface
- What information do I need to send to NFA support for assistance?
1. Please run your logziputil.bat / logziputil.sh (under the troubleshooting folder). This will create a zip file under the support folder please send us the zip file.
2. Send us the .err file under the Mysql\data folder.
3. Also send your Machine configuration.
- How to safely migrate NFA installation to different machine ?
NetFlow Analyzer can be migrated to a new server with older data and configurations with certain conditions. Given below are the steps to migrate the installation and database to a different server.
Note:
> The build number of the NetFlow Analyzer should be the same on both the servers. (You can find the Build number by clicking on the 'About' link on the top right corner of the user interface)
> Cross platform migration is not supported (eg. From Windows to Linux and vice versa)
1. Shutdown the NetFlow Analyzer service.
2. Copy the MySql and Data folder under the <NetFlow_Home> to a safe backup location. These two folders contain all the collected data and configurations of NetFlow Analyzer.
3. Install the NetFlow Analyzer on the new server and run the NetFlow Analyzer service once.
4. Then shutdown the NetFlow Analyzer service.
5. Copy the MySql and Data folders which were backed up from the original installation to the new installation under <NetFlow_Home> directory.
Additionally, if you do not have a copy of the product license, please copy the AdventnetLicense.xml file from <NetFlow_Home>\lib directory to a safe location. Once the migration is complete, you can apply the license from License Management page under Admin Operations in the product UI.
- What do I do if my NFA server becomes slow ? (or) How do I improve my NFA system performance ?
Please refer this link for a brief note on database tuning :http://forums.manageengine.com/NetFlow-Analyzer
- Why NFA says router time not is SYNC and stops collecting data ?
Please follow these steps to fix this issue:
- In case you see this, please ensure the following on the router:Check if the correct time is set on your router.
You can check this by logging into the router and typing show clock. You can set the clock time using the command clock set hh:mm:ss month date year. Check if the time zone and the offset (in Hours and Minutes) for the time zone is set properly (E.g. PST -8 00 for PST or EST -5 00 for EST). You can check this by logging into the router, going into the configure terminal and typing show running-config. You can set the clock time zone and offset using the command clock timezone zone hours [minutes] (E.g. clock timezone PST -8 00)
- The time sync issue may be related to high CPU load and reducing the IP group can help. Each address / range / network will be checked seperately. So, 4 addresses of 10.10.10.1, 10.10.10.2, 10.10.10.3 and 10.10.10.4 will add more overload than creating the same as a single IP range of 10.10.10.1 to 10.10.10.4. While associating interfaces you are better off selecting "All interfaces" wherever appropriate since in that case no check will be done with the interface in the flow. In your case, since you had 180 interfaces associated, the code had to check for these 180 interfaces in each flow received.
- How do I buy NetFlow Analyzer?
You can buy NetFlow Analyzer directly from the Manageengine Online Store, or from a reseller near your location. Please see the website at http://www.netflowanalyzer.com/ for more information on purchasing options
|
400-660-8680
