tips:netflow_troubleshooting
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
tips:netflow_troubleshooting [2020/03/18 16:48] – navaneeth | tips:netflow_troubleshooting [2020/03/19 18:48] – navaneeth | ||
---|---|---|---|
Line 3: | Line 3: | ||
This article explains how you can troubleshoot the following problem. | This article explains how you can troubleshoot the following problem. | ||
+ | ** | ||
+ | No data on the dashboard after enabling Netflow in Trisul Network Analytics. | ||
+ | ** | ||
- | <note warning> | + | {{: |
- | No data on the dashboard after enabling Netflow in Trisul Network Analytics. | + | |
- | </ | + | |
===== Precondition ===== | ===== Precondition ===== | ||
Line 35: | Line 36: | ||
Do you see netflow packets on the screen ? | Do you see netflow packets on the screen ? | ||
+ | |||
+ | {{: | ||
**Yes**. Move to next | **Yes**. Move to next | ||
**No**. | **No**. | ||
+ | - Check if the port number is correct. | ||
+ | - Check the Firewall. | ||
+ | - restart Trisul. | ||
+ | |||
+ | ==== 2. Check if the Nodes are turned up ==== | ||
+ | Check if the nodes are up by selecting Context:// Default —> Start/Stop Tasks// | ||
+ | |||
+ | Are the nodes turned on? | ||
+ | Check if all the probes and hubs are in the Started position. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | **Yes**. Move to next. | ||
+ | |||
+ | **No**. Start it by clicking on the Start button or run the following command from the CLI < | ||
+ | trisulctl_probe start context <context name> | ||
+ | </ | ||
+ | |||
+ | ==== 3. Check if the Network Interface is correct.==== | ||
+ | You can view the network interface by using // | ||
+ | |||
+ | Say you have a network interface eth0. | ||
+ | |||
+ | Is it Enabled? | ||
+ | |||
+ | **Yes**. Move to next. | ||
+ | |||
+ | **No**. Enable the interface eth0. | ||
+ | If any other interface.Click " | ||
+ | |||
+ | {{: | ||
+ | |||
+ | <note important> | ||
+ | </ | ||
+ | ==== 4. Check if the NETFLOW_TAP mode is enabled==== | ||
+ | |||
+ | You can switch between Packet or Netflow mode by using Context: Default —> Start/Stop Tasks. | ||
+ | |||
+ | Is NETFLOW_TAP mode enabled? | ||
+ | |||
+ | **Yes**. Move to next | ||
+ | |||
+ | **No**. Change it from TAP mode to NETFLOW_TAP mode. | ||
+ | |||
+ | <note important> | ||
+ | </ | ||
+ | ==== 5. Check if the Netflow ports are interpreted correctly ==== | ||
+ | By default, | ||
+ | |||
+ | Is the port added to netflow? | ||
+ | |||
+ | **Yes**. Move to next step. | ||
+ | |||
+ | **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | <note important> | ||
+ | </ | ||
+ | ==== 6. Check whether templates are visible ==== | ||
+ | Check whether the Netflow template is displayed. This can be done by using Context: | ||
+ | |||
+ | Are the templates visible? | ||
+ | |||
+ | {{: | ||
+ | |||
+ | **Yes**. Move to next step. | ||
+ | |||
+ | **No**. Check the Following. | ||
+ | - Check if Trisul is restarted. | ||
+ | - Check if all nodes are up. | ||
+ | |||
+ | ==== 7. Check whether the port number points to Netflow or Sflow ==== | ||
+ | Check if the port number is interpret to Netflow or Sflow. | ||
+ | |||
+ | Is the required port number mapped to Netflow? | ||
+ | |||
+ | **Yes**. Move to next. | ||
+ | |||
+ | **No**. Do the Following | ||
+ | - Go to Context: default > profile0 > Netflow Wizard > Set Netflow Ports. | ||
+ | - Enter the port number and Select " | ||
+ | - Click on Save. | ||
+ | |||
+ | <note important> | ||
+ | </ | ||
+ | ==== 8. Analyse the captured flows ==== | ||
+ | You can analyse the captured flows using Wireshark tool.This can be done by, | ||
+ | |||
+ | < | ||
+ | sudo wireshark <pcap file> | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
tips/netflow_troubleshooting.txt · Last modified: 2020/03/20 15:29 by navaneeth