Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » tips » Troubleshooting Netflow
Trace:
tips:netflow_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tips:netflow_troubleshooting [2020/03/18 18:19] navaneethtips:netflow_troubleshooting [2020/03/20 15:29] (current) – [8. Analyse the captured flows] navaneeth
Line 3: Line 3:
 This article explains how you can troubleshoot the following problem. This article explains how you can troubleshoot the following problem.
  
 +**
 +No data on the dashboard after enabling Netflow in Trisul Network Analytics.
 +**
  
-<note warning> +{{:tips:netflowdashboard.png?400|}}
-No data on the dashboard after enabling Netflow in Trisul Network Analytics. +
-</note>+
  
 ===== Precondition ===== ===== Precondition =====
Line 35: Line 36:
  
 Do you see netflow packets on the screen ? Do you see netflow packets on the screen ?
 +
 +{{:tips:tcpdump.png?600|}}
  
 **Yes**. Move to next **Yes**. Move to next
Line 44: Line 47:
  
 ==== 2. Check if the Nodes are turned up ==== ==== 2. Check if the Nodes are turned up ====
-Check if the nodes are up by selecting Context: Default —> Start/Stop Tasks+Check if the nodes are up by selecting Context:// Default —> Start/Stop Tasks//
  
 Are the nodes turned on? Are the nodes turned on?
 +Check if all the probes and hubs are in the Started position.
 +
 +{{:tips:nodeup.png?600|}}
 +
 **Yes**. Move to next. **Yes**. Move to next.
  
-**No**. Start it manually or run the command +**No**. Start it by clicking on the Start button or run the following command from the CLI <code>
-<code>+
 trisulctl_probe start context <context name> trisulctl_probe start context <context name>
 </code> </code>
  
 ==== 3. Check if the Network Interface is correct.==== ==== 3. Check if the Network Interface is correct.====
-You can view the network interface by using Admin>profile0>Netflow Wizard>Select Network Interface.+You can view the network interface by using //Admin>profile0>Netflow Wizard>Select Network Interface//.
  
-Say suppose you have a network interface eth0.+Say you have a network interface eth0.
  
 Is it Enabled? Is it Enabled?
 +
 **Yes**. Move to next. **Yes**. Move to next.
  
Line 65: Line 72:
 If any other interface.Click "Create Adapters" option and add the new interface. If any other interface.Click "Create Adapters" option and add the new interface.
  
-Please ensure that u have Restarted Trisul after this step.+{{:tips:create_adapter.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 4. Check if the NETFLOW_TAP mode is enabled==== ==== 4. Check if the NETFLOW_TAP mode is enabled====
  
Line 72: Line 81:
  
 Is NETFLOW_TAP mode enabled? Is NETFLOW_TAP mode enabled?
 +
 **Yes**. Move to next **Yes**. Move to next
  
 **No**. Change it from TAP mode to NETFLOW_TAP mode. **No**. Change it from TAP mode to NETFLOW_TAP mode.
  
-Do not forget to restart Trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 5. Check if the Netflow ports are interpreted correctly ==== ==== 5. Check if the Netflow ports are interpreted correctly ====
 By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow. By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow.
  
 Is the port added to netflow? Is the port added to netflow?
 +
 **Yes**. Move to next step. **Yes**. Move to next step.
  
 **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard. **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard.
  
-You need to restart trisul after this step.+{{:tips:port_number.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 6. Check whether templates are visible ==== ==== 6. Check whether templates are visible ====
 Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB. Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB.
  
 Are the templates visible? Are the templates visible?
 +
 +{{:tips:templatedb.png?600|}}
 +
 **Yes**. Move to next step. **Yes**. Move to next step.
  
Line 99: Line 115:
  
 ==== 7. Check whether the port number points to Netflow or Sflow ==== ==== 7. Check whether the port number points to Netflow or Sflow ====
-Check if the port number is interpret to Netflow or Sflow. This can be done using Context: default → profile0 → Netflow Wizard.+Check if the port number is interpret to Netflow or Sflow.
  
 Is the required port number mapped to Netflow? Is the required port number mapped to Netflow?
 +
 **Yes**. Move to next. **Yes**. Move to next.
  
 **No**. Do the Following **No**. Do the Following
-  - Go to "Set Netflow Ports".+  - Go to Context: default > profile0 > Netflow Wizard > Set Netflow Ports.
   - Enter the port number and Select "Netflow".   - Enter the port number and Select "Netflow".
   - Click on Save.   - Click on Save.
  
-You need to restart trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 8. Analyse the captured flows ==== ==== 8. Analyse the captured flows ====
 You can analyse the captured flows using Wireshark tool.This can be done by, You can analyse the captured flows using Wireshark tool.This can be done by,
Line 118: Line 135:
 </code> </code>
  
 +{{:tips:wireshark.png?600|}}
 +
 +  - Check if you have mentioned the port number correctly.
 +  - If not,then choose 'decode as' option by right-clicking on any one of the listed entries in wireshark.
 +  - Change the port number(for eg.5111) and set to CFLOW.
 +
 +{{:tips:wireshark1.png?600|}}
  
  
tips/netflow_troubleshooting.1584535777.txt.gz · Last modified: 2020/03/18 18:19 by navaneeth