Netflow is collecting data but Netflow bandwidth page is blank?

+2 votes
asked Feb 20 in EventSentry by joshua.tilson (150 points)
We have set up Netflow to send data to EvenSentry, and it is getting some data, however when I look at the page for Netflow -> bandwidth the page is blank and says "select a computer" but there are no computers to select.

 

How can I view bandwidth utilization, top talkers etc in Event Sentry?

2 Answers

0 votes
answered Feb 20 by Ingmar (5,900 points)
Hi Joshua,

You can enable bandwidth monitoring in the management console under "Network Services -> NetFlow -> Calculate Bandwidth", please save the configuration after you make the change. If you don't see bandwidth data within 5-10 minutes then please restart the service under "Network Services".

Top talkers should already be displayed under the main NetFlow page, under Network -> NetFlow -> History. Every section (e.g. hostnames) will show the top items. You can select a host to see which other hosts it is communicating with. Is that what you are looking for?
commented Feb 20 by joshua.tilson (150 points)
We have set the calculate bandwidth, and yes under history we can see talkers, which is why we know we are collecting. However even after a  restart the Choose A Computer Drop down is still blank.  
also a similar issue on the dashboard for the netflow badwidth widget. I think the issues are related? Please see the screenshots here:
https://imgur.com/a/x2HSE
commented Feb 20 by Ingmar (5,900 points)
The bandwidth widget on the dashboard accesses the same data as the bandwidth page, so until we see data on the bandwidth page the widget won't work either unfortunately. The issue is most likely that the NetFlow service cannot determine the interface speed(s) of the device which is exporting NetFlow data.

There are a couple of things you can do to resolve this:

1. Add the NetFlow exporter to a group and assign the required SNMP credentials to the host. We have a video that shows how to do this here: https://youtu.be/lZ3IyR8Ye24?t=2m27s. You can stop watching the video at 5:05. You'll definitely want to restart the "Network Services" service after making that change.

2. If you cannot access the host via SNMP, or the active bandwidth is not representative of the real bandwidth (e.g. a 1Gb interface but only 100MBit uplink) then you can also use a variable to set the interface speed manually. This is documented here: https://www.eventsentry.com/documentation/help/html/networkservices_netflow.htm

It's important to check the event log after the network services service starts, to see if the service was able to determine the correct interface speed. I hope this helps, please let us know.
commented Feb 20 by joshua.tilson (150 points)
edited Feb 20 by joshua.tilson
Ingmar, thank you I think we are very close! we have done all of this, our problem must be because of the bandwidth. I have tried to set a variable but I am unsure of how to find my port name. In the switch is is called GigabitEthernet1/1/1 but i cannot put slashes in the variable name. How would i properly identify this port in the variable menu so that i can tell Event Sentry that the 1gb port is really a 10Mbps port?

Also having a hard time finding anything in the event log about port speeds, is there a specific id we should look for?
commented Feb 20 by Ingmar (5,900 points)
OK great, are you able to get some bandwidth data now (even if incorrect because of the wrong interface speed)?

The events you'll want to look for are 1005, 1006, 1007 and 1008 from the "EventSentry Network Services" event source.

I'll look into the issue with the variable name and respond back.
commented Feb 20 by joshua.tilson (150 points)
No this is incorrect, I am getting no bandwidth in either locations referenced in the previous screenshots. I even set the generic SFSPEED variable to 10 to tell it that the entire switch was 10mbps.

only able to find one event log in the suggested range: https://i.imgur.com/u1HrhbU.png
commented Feb 21 by Ingmar (5,900 points)
Thanks for the update and sorry for the slight delay. The event you sent is not logged by EventSentry and doesn't pertain to bandwidth monitoring. If our NetFlow receiver is enabled for bandwidth monitoring and is receiving NetFlow data, then you should see one of the above events from the "EventSentry Network Services" source, so we have to dig a little deeper.

When you added the host to the management console, did you add it with a host name or with an IP address? If you added as a host name, does that host name reverse lookup to the same IP address that it sending the NetFlow data?

This issue may be better suited for support since we may have to look at the debug log files in order to determine why the bandwidth monitoring isn't working for this device. If the above suggestion doesn't help, could you please change the logging level to TRACE under "Network Services" in the management console, save the config and restart the "Network Services" service?

Then, please open a ticket (https://www.eventsentry.com/support/request) and just send a link to this forum post and request to continue work on this issue.

Thank you!
commented Feb 23 by joshua.tilson (150 points)
Thank you Ingmar, I have opened a case it has been a couple of days with no response, can you assist further in this matter?
commented Feb 23 by Ingmar (5,900 points)
I just checked with support and located your ticket. It looks like our support team responded 4 min after you opened the ticket. Can you check if our response got stuck in your spam filter maybe? Our emails come from support [at] netikus.net. Basically they're hoping to do a short remote session (if possible) to get this resolved. If you didn't get their email, are you able to call into support?
0 votes
answered Oct 2 by Desder

Netflow -> bandwidth the page is blank and says "select a computer" but there Netflow -> bandwidth the page is blank and says "select a computer" but there

Welcome to EventSentry Q&A, where you can ask questions and receive answers from other members of the community.
...