Frequently Asked Questions

For the latest list of Frequently Asked Questions on NetFlow Analyzer, visit the FAQ on the website or the public user forums.

Installation

1. When I try to access the web interface, another web server comes up. How does this happen?

2. How can I change the MySQL port in NetFlow Analyzer from 13310 to another port?

3. Can I install and run NetFlow Analyzer as a root user?

Router Configuration

1. Why can't I add a router to NetFlow Analyzer?
2. My router has been set up to export NetFlow data, but I still don't see it on the Dashboard.
3. "Receiving non V5 packets from the following devices: Click here for further details.." What does this mean?
4. I've deleted a router and all its interfaces through the License Management page but it still comes up on the Dashboard.
5. What's the difference between unmanaging and deleting an interface?

Reporting

1. The graphs are empty.

2. Some of the applications are labelled as "TCP_App" or something similar. What is that?
3. Why are only the top 5 or 10 values shown in the reports? What if I want more detail?
4. The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?
5. Why are some interfaces labelled as IfIndex2,IfIndex3, etc.?

Installation

1. When I try to access the web interface, another web server comes up. How does this happen?

   
   During installation, NetFlow Analyzer checks if the selected port is in use by another application. If at that time, the other web server was down, it will not get detected. Either disable the other web server, change its server port, or change the NetFlow Analyzer web server port.
   

2. How can I change the MySQL port in NetFlow Analyzer from 13310 to another port?

Edit the mysql-ds.xml file in the <NetFlowAnalyzer_Home>/server/default/deploy directory. Change the port number in the line
<connection-url>jdbc:mysql://localhost:13310/netflow</connection-url>
to the desired port number, save the file, and restart the server.

3. Can I install and run NetFlow Analyzer as a root user?

NetFlow Analyzer can be installed and started as a root user, but all file permissions will be modified and later you cannot start the server as any other user.

Configuration

1. Why can't I add a router to NetFlow Analyzer?

NetFlow Analyzer does not choose which routers or interfaces to monitor. Devices are auto-discovered. All you need to do is set up your interfaces to send NetFlow data to the specified port on NetFlow Analyzer. Once NetFlow Analyzer starts receiving NetFlow data, you can see the device and its interfaces listed on the Dashboard.

2. My router has been set up to export NetFlow data, but I still don't see it on the Dashboard.

There are a number of things you can check here:

• Check if NetFlow is enabled on the device, and that it has started sending flows.
• Check if your router is exporting NetFlow data to the port on which NetFlow Analyzer is listening.
• Check if the router is exporting NetFlow version 5 data. Flows with any other version will be discarded.

3. "Receiving non V5 packets from the following devices: Click here for further details.." What does this mean?

If you get this message on the user interface, it means that NetFlow packets with versions other than version 5, are being received by NetFlow Analyzer. Check your router settings to make sure that only version 5 NetFlow exports are being sent to NetFlow Analyzer. This is because NetFlow Analyzer supports only NetFlow version 5 exports.

4. I've deleted a router and all its interfaces through the License Management page but it still comes up on the Dashboard.

This happens because NetFlow packets are still being received from that router. Unless you configure the router itself to stop exporting NetFlow data to NetFlow Analyzer it will reappear on the Dashboard.

5. What's the difference between unmanaging and deleting an interface?

If you need to temporarily stop monitoring a router/interface, unmanage it from License Management. In this case, the router/interface is still shown under License Management.

 

If you need to permanently stop monitoring a router/interface, disable NetFlow exports from the interface/router and then delete it from License Management.In this case, the router/interface is not displayed on any of the client screens unless new flows are sent from it.

 

Reporting

1. The graphs are empty.

Graphs will be empty if there is no data available. If you have just installed NetFlow Analyzer, wait for at least ten minutes to start seeing graphs. If you still see an empty graph, it means no data has been received by NetFlow Analyzer. Check your router settings in that case.

2. Some of the applications are labelled as "TCP_App" or something similar. What is that?

If an application is labelled as "TCP_App" or something similar, it means that NetFlow Analyzer has not recognized this application (i.e.) the combination of port and protocol is not mapped as any application. Once you add these applications under Application Mapping they will be recognized.

3. Why are only the top 5 or 10 values shown in the reports? What if I want more detail?

NetFlow Analyzer shows the top 10 results in all reports by default. You can see up to 100 results in each report by changing the Record Count value in the Runtime Administration page.

4. The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?

Check if you have enabled NetFlow on all interfaces through which traffic flows. Since NetFlow traffic accounting is ingress by default, only IN traffic across an interface is accounted for. To see both IN and OUT traffic graphs for an interface, you need to enable NetFlow on all the interfaces through which traffic flows.

5. Why are some interfaces labelled as IfIndex2,IfIndex3, etc.?

The interfaces may not have responded to the SNMP request sent by NetFlow Analyzer when it sent NetFlow exports for the first time. Check the SNMP settings of the interface or manually edit the interface name from the Dashboard.