Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » tips » Troubleshooting Netflow
Trace: Step by step NSM with Trisul Network Analytics Docker image on RHEL 7.4
tips:netflow_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
tips:netflow_troubleshooting [2020/03/18 18:53] – [Troubleshooting Netflow] navaneethtips:netflow_troubleshooting [2020/03/20 10:39] navaneeth
Line 6: Line 6:
 No data on the dashboard after enabling Netflow in Trisul Network Analytics. No data on the dashboard after enabling Netflow in Trisul Network Analytics.
 ** **
 +
 +{{:tips:netflowdashboard.png?400|}}
 +
 ===== Precondition ===== ===== Precondition =====
  
Line 33: Line 36:
  
 Do you see netflow packets on the screen ? Do you see netflow packets on the screen ?
 +
 +{{:tips:tcpdump.png?600|}}
  
 **Yes**. Move to next **Yes**. Move to next
Line 47: Line 52:
 Check if all the probes and hubs are in the Started position. Check if all the probes and hubs are in the Started position.
  
-{{:tips:nodeup.png?400|}}+{{:tips:nodeup.png?600|}}
  
 **Yes**. Move to next. **Yes**. Move to next.
Line 67: Line 72:
 If any other interface.Click "Create Adapters" option and add the new interface. If any other interface.Click "Create Adapters" option and add the new interface.
  
-Please ensure that you have Restarted Trisul after this step.+{{:tips:create_adapter.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 4. Check if the NETFLOW_TAP mode is enabled==== ==== 4. Check if the NETFLOW_TAP mode is enabled====
  
Line 79: Line 86:
 **No**. Change it from TAP mode to NETFLOW_TAP mode. **No**. Change it from TAP mode to NETFLOW_TAP mode.
  
-Do not forget to restart Trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 5. Check if the Netflow ports are interpreted correctly ==== ==== 5. Check if the Netflow ports are interpreted correctly ====
 By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow. By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow.
Line 90: Line 97:
 **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard. **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard.
  
-You need to restart trisul after this step.+{{:tips:port_number.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 6. Check whether templates are visible ==== ==== 6. Check whether templates are visible ====
 Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB. Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB.
  
 Are the templates visible? Are the templates visible?
 +
 +{{:tips:templatedb.png?600|}}
  
 **Yes**. Move to next step. **Yes**. Move to next step.
Line 115: Line 126:
   - Click on Save.   - Click on Save.
  
-You need to restart trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 8. Analyse the captured flows ==== ==== 8. Analyse the captured flows ====
 You can analyse the captured flows using Wireshark tool.This can be done by, You can analyse the captured flows using Wireshark tool.This can be done by,
Line 124: Line 135:
 </code> </code>
  
 +{{:tips:wireshark.png?600|}}
  
  
tips/netflow_troubleshooting.txt · Last modified: 2020/03/20 15:29 by navaneeth