Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2236
Views
0
Helpful
5
Replies

Scrutinizer monitoring issue

gajanangavli
Level 1
Level 1

‎01-29-2010 04:57 AM

Hi,

i have installed scuritinizer ver 7.3 , but i am facing issue for monitoring the links.

1) Routers showing green and red

2) Traffic monitered is different than shown in sh ip accouting

Can some body help me.

Labels:
0 Helpful
5 Replies 5

Jan Nejman
Level 3
Level 3

‎01-29-2010 05:48 AM

Hello,

  I think that better will be use a Scutinezer's conference or support forum.

I suppose that a "red" or "green" light means, that there is going a huge traffic

through the router. Probably scrutinizer badly determine interface speeds.

I think that you can change it manually.

Regarding to "ip accounting": This is something else. NetFlow is usually

more detailed, if it is correctly configured. On which device did you

configure the netflow? 7600? If you configure it on 6500/7600 line, did

you configure mls nde ?

Best regards,

Jan Nejman

Caligare, Co. - NetFlow Monitoring for Experts

http://www.caligare.com/

0 Helpful

Raul_Duran
Level 1
Level 1

‎02-01-2010 09:28 AM

Hello gajanangavli,

First, Thanks for installing Scrutinizer.

When Scrutinizer detects a flow coming from a new router a few things happen.  The new router will show up in the device list and the color will be green, letting you know that flows are being recieved.  If flows are no longer being recieved, the icon turns red so that you instantly know if there is a problem.

One possible scenerio:

Example:  You enabled netflow on your router using interface 1 - IP 192.168.1.1 as the source. You then change the source interface ( the interface from which the netflow summary of all interfaces is being sent to Scrutinizer from ) in the global commands to interface 2 - IP 192.168.1.2, the flows from that router will now be sent from 192.168.1.2, which will then show up as a new (green) router.  Because flows stopped coming from 192.168.1.1, this will appear to Scrutinizer that this router is down.

Also make sure that Scrutinizer is configured to listen on the port you are using to export the flows.

What we don't want you to do is struggle with configuration issues.  Give our support a call at 207-324-8805 whether your an existing customer or not, and we'll help you configure Netflow and get you up and running quickly.  We also have Online Chat available for anyone who would like to use it.  You can email support if you prefer to contact us via email.  http://www.plixer.com/support/index.php

Our technical blogs have a ton of content on advanced NetFlow Implementations - http://www.plixer.com/blog/

I hope this helps!

Raul Duran

0 Helpful

gajanangavli
Level 1
Level 1
In response to Raul_Duran

‎02-01-2010 09:26 PM

Hi ,

Thanks for your help.I have already opened ticket with scrutinizer.Configuration is done as suggested by them.No drop showing in sh ip flow-export,

But devices are becoming red due to which traffic on link shows to 0%.Is it reqired to do QOS for netflow IP ?

Regards

0 Helpful

Jan Nejman
Level 3
Level 3
In response to gajanangavli

‎02-02-2010 01:18 AM

Hello,

  I doubting about it. I suppose that QoS is not really  required by Scrutinizer.

I didn't too much Scrutinizer tests, but I  think that the problem solution can be

as wrote Raul.

Try run wireshark or something else to test if you are receiving netflow

packets on your machine. You can also check the source IP address...

and if it is corresponding with the device IP address in the Scrutinizer.


Jan Nejman

Caligare, Co.

http://www.caligare.com/

0 Helpful

Raul_Duran
Level 1
Level 1
In response to gajanangavli

‎02-02-2010 06:40 AM

Hello gajanangavli,

Is this a router that is heavily used? or one that does not have much traffic? 

The fact that the show ip flow export says that it's sending flows, and none are being dropped, says to me that the router thinks everything is ok and is exporting flows with no problem.

The next step is to make sure you don't have an ACL or firewall issue preventing communication from the router to the Scrutinizer server on the port that you have specified in your netflow configs.

We just released a the newest version of Flowalzyer – v2.0. It has a Netflow Listener, so that way you can confirm whether or not the flows are actually getting to Scrutinizer.

It also has a realtime SNMP trender that you can use to confirm how much data is truly being transferred on that interface. It’s free download, so it’s a nice little tool to have.

http://www.plixer.com/blog/webnm/free-snmp-graphing-tool-available-in-flowalyzer-v2-0/

If you still can't find the source of the problem, feel free to call me directly at 207-324-8805 ext. 242  or send me an email - rauld@plixer.com

Thanks,
Raul

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents