Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » tips » Troubleshooting Netflow
Trace: Articles Troubleshooting Netflow CIDR Flows Tagger
tips:netflow_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tips:netflow_troubleshooting [2020/03/18 18:41] navaneethtips:netflow_troubleshooting [2020/03/20 15:29] (current) – [8. Analyse the captured flows] navaneeth
Line 3: Line 3:
 This article explains how you can troubleshoot the following problem. This article explains how you can troubleshoot the following problem.
  
 +**
 +No data on the dashboard after enabling Netflow in Trisul Network Analytics.
 +**
  
-<note warning> +{{:tips:netflowdashboard.png?400|}}
-No data on the dashboard after enabling Netflow in Trisul Network Analytics. +
-</note>+
  
 ===== Precondition ===== ===== Precondition =====
Line 35: Line 36:
  
 Do you see netflow packets on the screen ? Do you see netflow packets on the screen ?
 +
 +{{:tips:tcpdump.png?600|}}
  
 **Yes**. Move to next **Yes**. Move to next
Line 44: Line 47:
  
 ==== 2. Check if the Nodes are turned up ==== ==== 2. Check if the Nodes are turned up ====
-Check if the nodes are up by selecting Context: Default —> Start/Stop Tasks+Check if the nodes are up by selecting Context:// Default —> Start/Stop Tasks//
  
 Are the nodes turned on? Are the nodes turned on?
 +Check if all the probes and hubs are in the Started position.
 +
 +{{:tips:nodeup.png?600|}}
  
 **Yes**. Move to next. **Yes**. Move to next.
  
-**No**. Start it manually or run the command +**No**. Start it by clicking on the Start button or run the following command from the CLI <code>
-<code>+
 trisulctl_probe start context <context name> trisulctl_probe start context <context name>
 </code> </code>
  
 ==== 3. Check if the Network Interface is correct.==== ==== 3. Check if the Network Interface is correct.====
-You can view the network interface by using Admin>profile0>Netflow Wizard>Select Network Interface.+You can view the network interface by using //Admin>profile0>Netflow Wizard>Select Network Interface//.
  
-Say suppose you have a network interface eth0.+Say you have a network interface eth0.
  
 Is it Enabled? Is it Enabled?
Line 67: Line 72:
 If any other interface.Click "Create Adapters" option and add the new interface. If any other interface.Click "Create Adapters" option and add the new interface.
  
-Please ensure that u have Restarted Trisul after this step.+{{:tips:create_adapter.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 4. Check if the NETFLOW_TAP mode is enabled==== ==== 4. Check if the NETFLOW_TAP mode is enabled====
  
Line 79: Line 86:
 **No**. Change it from TAP mode to NETFLOW_TAP mode. **No**. Change it from TAP mode to NETFLOW_TAP mode.
  
-Do not forget to restart Trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 5. Check if the Netflow ports are interpreted correctly ==== ==== 5. Check if the Netflow ports are interpreted correctly ====
 By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow. By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow.
Line 90: Line 97:
 **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard. **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard.
  
-You need to restart trisul after this step.+{{:tips:port_number.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 6. Check whether templates are visible ==== ==== 6. Check whether templates are visible ====
 Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB. Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB.
  
 Are the templates visible? Are the templates visible?
 +
 +{{:tips:templatedb.png?600|}}
  
 **Yes**. Move to next step. **Yes**. Move to next step.
Line 115: Line 126:
   - Click on Save.   - Click on Save.
  
-You need to restart trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 8. Analyse the captured flows ==== ==== 8. Analyse the captured flows ====
 You can analyse the captured flows using Wireshark tool.This can be done by, You can analyse the captured flows using Wireshark tool.This can be done by,
Line 124: Line 135:
 </code> </code>
  
 +{{:tips:wireshark.png?600|}}
 +
 +  - Check if you have mentioned the port number correctly.
 +  - If not,then choose 'decode as' option by right-clicking on any one of the listed entries in wireshark.
 +  - Change the port number(for eg.5111) and set to CFLOW.
 +
 +{{:tips:wireshark1.png?600|}}
  
  
tips/netflow_troubleshooting.1584537093.txt.gz · Last modified: 2020/03/18 18:41 by navaneeth