Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » tips » Troubleshooting Netflow
Trace:
tips:netflow_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tips:netflow_troubleshooting [2020/03/18 18:48] – [2. Check if the Nodes are turned up] navaneethtips:netflow_troubleshooting [2020/03/20 15:29] (current) – [8. Analyse the captured flows] navaneeth
Line 3: Line 3:
 This article explains how you can troubleshoot the following problem. This article explains how you can troubleshoot the following problem.
  
 +**
 +No data on the dashboard after enabling Netflow in Trisul Network Analytics.
 +**
  
-<note warning> +{{:tips:netflowdashboard.png?400|}}
-No data on the dashboard after enabling Netflow in Trisul Network Analytics. +
-</note>+
  
 ===== Precondition ===== ===== Precondition =====
Line 35: Line 36:
  
 Do you see netflow packets on the screen ? Do you see netflow packets on the screen ?
 +
 +{{:tips:tcpdump.png?600|}}
  
 **Yes**. Move to next **Yes**. Move to next
Line 44: Line 47:
  
 ==== 2. Check if the Nodes are turned up ==== ==== 2. Check if the Nodes are turned up ====
-Check if the nodes are up by selecting Context: Default —> Start/Stop Tasks+Check if the nodes are up by selecting Context:// Default —> Start/Stop Tasks//
  
 Are the nodes turned on? Are the nodes turned on?
 Check if all the probes and hubs are in the Started position. Check if all the probes and hubs are in the Started position.
  
-{{:tips:nodeup.png?400|}}+{{:tips:nodeup.png?600|}}
  
 **Yes**. Move to next. **Yes**. Move to next.
  
-**No**. Start it manually or run the command +**No**. Start it by clicking on the Start button or run the following command from the CLI <code>
-<code>+
 trisulctl_probe start context <context name> trisulctl_probe start context <context name>
 </code> </code>
  
 ==== 3. Check if the Network Interface is correct.==== ==== 3. Check if the Network Interface is correct.====
-You can view the network interface by using Admin>profile0>Netflow Wizard>Select Network Interface.+You can view the network interface by using //Admin>profile0>Netflow Wizard>Select Network Interface//.
  
-Say suppose you have a network interface eth0.+Say you have a network interface eth0.
  
 Is it Enabled? Is it Enabled?
Line 70: Line 72:
 If any other interface.Click "Create Adapters" option and add the new interface. If any other interface.Click "Create Adapters" option and add the new interface.
  
-Please ensure that u have Restarted Trisul after this step.+{{:tips:create_adapter.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 4. Check if the NETFLOW_TAP mode is enabled==== ==== 4. Check if the NETFLOW_TAP mode is enabled====
  
Line 82: Line 86:
 **No**. Change it from TAP mode to NETFLOW_TAP mode. **No**. Change it from TAP mode to NETFLOW_TAP mode.
  
-Do not forget to restart Trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 5. Check if the Netflow ports are interpreted correctly ==== ==== 5. Check if the Netflow ports are interpreted correctly ====
 By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow. By default,traffic on UDP ports 2055,2056,2057,9500,9993 is interpreted as Netflow.
Line 93: Line 97:
 **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard. **No**. Add the specific port number to Netflow using Context: default → profile0 → Netflow Wizard.
  
-You need to restart trisul after this step.+{{:tips:port_number.png?600|}}
  
 +<note important>Please ensure that you have Restarted Trisul after this step.
 +</note>
 ==== 6. Check whether templates are visible ==== ==== 6. Check whether templates are visible ====
 Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB. Check whether the Netflow template is displayed. This can be done by using Context:default > Admin Tasks > Netflow Template DB.
  
 Are the templates visible? Are the templates visible?
 +
 +{{:tips:templatedb.png?600|}}
  
 **Yes**. Move to next step. **Yes**. Move to next step.
Line 118: Line 126:
   - Click on Save.   - Click on Save.
  
-You need to restart trisul after this step. +<note important>Please ensure that you have Restarted Trisul after this step. 
 +</note>
 ==== 8. Analyse the captured flows ==== ==== 8. Analyse the captured flows ====
 You can analyse the captured flows using Wireshark tool.This can be done by, You can analyse the captured flows using Wireshark tool.This can be done by,
Line 127: Line 135:
 </code> </code>
  
 +{{:tips:wireshark.png?600|}}
 +
 +  - Check if you have mentioned the port number correctly.
 +  - If not,then choose 'decode as' option by right-clicking on any one of the listed entries in wireshark.
 +  - Change the port number(for eg.5111) and set to CFLOW.
 +
 +{{:tips:wireshark1.png?600|}}
  
  
tips/netflow_troubleshooting.1584537516.txt.gz · Last modified: 2020/03/18 18:48 by navaneeth