Differences

This shows you the differences between two versions of the page.

--- tips:netflow_troubleshooting [2020/03/18 16:48] – navaneeth
+++ tips:netflow_troubleshooting [2020/03/20 15:29] (current) – [8. Analyse the captured flows] navaneeth
@@ Line 3: / Line 3: @@
 This article explains how you can troubleshoot the following problem.
+**
+No data on the dashboard after enabling Netflow in Trisul Network Analytics.
+**
-<note warning>
+{{:tips:netflowdashboard.png?400|}}
-No data on the dashboard after enabling Netflow in Trisul Network Analytics.
-</note>
 ===== Precondition =====
@@ Line 35: / Line 36: @@
 Do you see netflow packets on the screen ?
+{{:tips:tcpdump.png?600|}}
 **Yes**. Move to next
 **No**.  Check the following.
+  - Check if the port number is correct.
+  - Check the Firewall.
+  - restart Trisul.
+==== 2. Check if the Nodes are turned up ====
+Check if the nodes are up by selecting Context:// Default —> Start/Stop Tasks//
+Are the nodes turned on?
+Check if all the probes and hubs are in the Started position.
+{{:tips:nodeup.png?600|}}
+**Yes**. Move to next.
+**No**. Start it by clicking on the Start button or run the following command from the CLI <code>
+trisulctl_probe start context <context name>
+</code>
+==== 3. Check if the Network Interface is correct.====
+You can view the network interface by using //Admin>profile0>Netflow Wizard>Select Network Interface//.
+Say you have a network interface eth0.
+Is it Enabled?
+**Yes**. Move to next.
+**No**. Enable the interface eth0.
+If any other interface.Click "Create Adapters" option and add the new interface.
+{{:tips:create_adapter.png?600|}}
+<note important>Please ensure that you have Restarted Trisul after this step.
+</note>
+==== 4. Check if the NETFLOW_TAP mode is enabled====
+You can switch between Packet or Netflow mode by using Context: Default —> Start/Stop Tasks.
+Is NETFLOW_TAP mode enabled?
+**Yes**. Move to next
+**No**. Change it from TAP mode to NETFLOW_TAP mode.
+<note important>Please ensure that you have Restarted Trisul after this step.
+</note>
+==== 5. Check if the Netflow ports are interpreted correctly ====
+By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow.
+Is the port added to netflow?
+**Yes**. Move to next step.
+**No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard.
+{{:tips:port_number.png?600|}}
+<note important>Please ensure that you have Restarted Trisul after this step.
+</note>
+==== 6. Check whether templates are visible ====
+Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB.
+Are the templates visible?
+{{:tips:templatedb.png?600|}}
+**Yes**. Move to next step.
+**No**. Check the Following.
+  - Check if Trisul is restarted.
+  - Check if all nodes are up.
+==== 7. Check whether the port number points to Netflow or Sflow ====
+Check if the port number is interpret to Netflow or Sflow.
+Is the required port number mapped to Netflow?
+**Yes**. Move to next.
+**No**. Do the Following
+  - Go to Context: default > profile0 > Netflow Wizard > Set Netflow Ports.
+  - Enter the port number and Select "Netflow".
+  - Click on Save.
+<note important>Please ensure that you have Restarted Trisul after this step.
+</note>
+==== 8. Analyse the captured flows ====
+You can analyse the captured flows using Wireshark tool.This can be done by,
+<code>
+sudo wireshark <pcap file>
+</code>
+{{:tips:wireshark.png?600|}}
+  - Check if you have mentioned the port number correctly.
+  - If not,then choose 'decode as' option by right-clicking on any one of the listed entries in wireshark.
+  - Change the port number(for eg.5111) and set to CFLOW.
+{{:tips:wireshark1.png?600|}}