![]() ![]() ![]() |
When I try to access the web interface, another web
server comes up. How does this happen?
During installation, NetFlow Analyzer checks if the selected port is
in use by another application. If at that time, the other webserver was
down, it will not get detected. Either disable the other web server, change
its server port, or change the NetFlow Analyzer web server port.
How can I change the MySQL port in NetFlow Analyzer from
13310 to another port?
Edit the mysql-ds.xml file in the
Can I install and run NetFlow Analyzer as a root user?
NetFlow Analyzer can be installed and started as a root user, but all
file permissions will be modified and later you cannot start the server
as any other user.
Is a database
backup necessary, or does NetFlow Analyzer take care of this?(or)How
to back-up data in NetFlow Analyzer ?
NetFlow Analyzer includes a database backup utility that you can use
to make a backup of the database.There are 2 ways of backup :
Please use the command "sh UpdateManager.sh -c" and follow the instructions to upgrade NetFlow Analyzer.
Why can't I add a
router to NetFlow Analyzer?
NetFlow Analyzer does not choose which routers or interfaces to monitor.
Devices are auto-discovered. All you need to do is set up your interfaces
to send NetFlow data to the specified port on NetFlow
Analyzer. Once NetFlow Analyzer starts receiving NetFlow data, you can
see the device and its interfaces listed on the Dashboard.
My router has been set up to export NetFlow
data, but I still don't see it on the Dashboard.
There are a number of things you can check here:
If you need to permanently stop monitoring a router/interface, disable NetFlow exports from the interface/router and then delete it from License Management.In this case, the router/interface is not displayed on any of the client screens unless new flows are sent from it.
For configuring SNMP, follow the steps below
1. Logon on to the router.
2. Enter into the global configuration mode
3. Type the command snmp-server community public RO ( to set public
as Read-Only community )
4. Press ctrl and Z
5. Type the command write mem
The graphs are empty
Graphs will be empty if there is no data available. If you have just
installed NetFlow Analyzer, wait for at least ten minutes to start seeing
graphs. If you still see an empty graph, it means no data has been received
by NetFlow Analyzer. Check your router settings in
that case.
As far as aggregated data is concerned, NetFlow Analyzer maintains
the top 'n' flows for every ten minutes slot. The record count determines
this 'n' values. By default it is set to 50. You may set your own criteria
for this purpose. you can change this from the Settings option.
Apart from this NetFlow Analyzer allows you to store raw data (all
flows -not just the top n) for upto one month.
1. Aggregated data is stored in 5 levels of tables - 10 Min, Hourly,
6 Hour, 24 Hour and Weekly tables and reports for different periods need
to access the corresponding table. For example, very recent reports need
to access the 10 Min table and old reports need to access the Weekly table.
You can access the table MetaTable to determine the table which contains
data for the required time period
2. Raw data is stored in dynamically created tables and data pertaining
to different devices (routers) reside in different table for different
periods of time. You can access the table RawMetaTable to determine the
table which contains data for the required report.
This happens if the device/interface has not responded to the SNMP
requests sent by NetFlow Analyzer. Check the SNMP settings
of the interface or manually edit the interface name from the Dashboard. NetFlow Analyzer uses port
161, and the public community string as default SNMP values.
If the SNMP settings of your device are different, click the icon next to the device/interface in the Dashboard
Interface View to change the values. If you need to change this globally,
enter the new values in the same fields under Settings.
NetFlow Analyzer aggregates older data in less granular format and
due to this reason some of the spikes may not show in older reports. While
reports pertaining to last day is generated from tables with 10 minute
granularity, reports pertaining to last week is generated from tables
with 1 hour granularity
For example, data in 10 minute table pertaining to 10:00, 10:10, 10:20,
10:30, 10:40 and 10:50 would all be aggregated and moved into hourly data
tables for one data point pertaining to 10:00.
While the total data volumes is correct, the traffic rates will be
averaged over this period. So:
10:00 -> volume transferred 100MBytes, ten minute average rate 1,333Kbits/s
10:10 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:20 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:30 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:40 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
10:50 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
When aggregated into the one hour table, we get:
10:00 -> volume transferred 105MBytes, one hour average rate 233Kbits/s
The spike up to 1,333Kbits/s has been lost by this averaging process;
as the data get aggregated into longer and longer time periods, so this
average value will decrease further.
This is the reason for the reduction in the reporting of bandwidth
usage over time.
Note: NBAR is configurable on VLANs as of Cisco IOS Release 12.1(13)E, but supported in the software switching path only.
Several factors can impact NBAR performance in software-based execution.
A. Router Configuration
1. Number of protocols being matched against it
2. Number of regular expressions being used
3. The complexity of packet inspection logic required
B. Traffic Profile (Packet Protocol Sequence)
1. The number of flows
2. Long duration flows are less expensive than shorter duration flows
3. Stateful protocol matches are more performance impacting than static
port applications
Please ensure that the server is running before doing the below steps:
![]() |
A single flow can be categorized as a single application only. In case of a conflict, applications with an exact match for the port number will be accounted for. |
You can change the time-out value to a higher value than the default ( 30 minutes ) by increasing the parameter session-timeout.
<session-config>
<session-timeout>30</session-timeout>
</session-config>
under <NFA_Home>/AdventNet/ME/NetFlow/server/default/conf/web.xml
Change the value 30 to your desired time-range - say, 600. You will have to restart NFA server for this to take effect.
1. Please ensure that NFA is running.
2. Navigate to /Troubleshooting directory and execute the file DBInfo.sh
/ DBInfo.bat
3. It creates a "Info.log" file in the same folder. Please
send us the "info.log" file.
Please refer this link for a brief explanation of 100% utilization:
http://forums.manageengine.com/?ftid=49000002654747
1. Please run your logziputil.bat / logziputil.sh (under the troubleshooting
folder). This will create a zip file under the support folder please send
us the zip file.
2. Send us the .err file under the Mysql\data folder.
3. Also send your Machine configuration.
Please follow the steps below to move your installation,
1. Copy the data folder in /mysql folder of the installation that you
wish to move, to a safe location.
2. Install NetFlow Analyzer in the new location, start it once and
shut it down.
3. Replace the data folder in /mysql folder of the new installation
with the data folder of the old installation.
4. Start NetFlow Analyzer.
![]() ![]() ![]() |