NetFlow Analyzer FAQ

Product Information

General Product Information

  1. What is NetFlow Analyzer?
  2. What is an interface?
  3. What is NetFlow?
  4. What are the different versions of NetFlow available?
  5. How is NetFlow different from traffic analyzers like MRTG?
  6. Is Cisco the only vendor supporting NetFlow?

License Information

  1. What is the difference between the Free Edition and Essential Edition?
  2. Is a trial version of NetFlow Analyzer available for evaluation?
  3. Does the trial version have any restrictions?
  4. Do I have to reinstall NetFlow Analyzer when moving to the Essential Edition?
  5. How many users can access NetFlow Analyzer simultaneously?

Installation

  1. When I try to access the web interface, another web server comes up. How does this happen?
  2. How can I change the MySQL port in NetFlow Analyzer from 13310 to another port?
  3. Can I install and run NetFlow Analyzer as a root user?
  4. Is a database backup necessary, or does NetFlow Analyzer take care of this?
  5. How do I update patch in Linux ?

Router Configuration

  1. Why can't I add a router to NetFlow Analyzer?
  2. My router has been set up to export NetFlow data, but I still don't see it on the Dashboard.
  3. I've deleted a router and all its interfaces through the License Management page but it still comes up on the Dashboard.
  4. What's the difference between unmanaging and deleting an interface?
  5. How to Configure SNMP community in router?
  6. How do I set the router time in SYNC with the NFA server?

Reporting

  1. The graphs are empty. Why?
  2. What is Aggregate data and Raw data ? How to set Raw data storage period?
  3. Some of the applications are labeled as "TCP_App" or something similar. What is that?
  4. Why are only the top 5 or 10 values shown in the reports? What if I want more detail?
  5. The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?
  6. Why are some interfaces labeled as IfIndex2,IfIndex3, etc.?
  7. The total bandwidth usage seems to decrease depending on the granularity of the report. Why is that?( or )why is there a discrepancy between the values seen in the graph and the Max / Min values ?

NBAR

  1. Which features are not supported by NBAR?
  2. Any restrictions on where we can configure NBAR?
  3. What Does NBAR Performance Depend On?
  4. Is performance dependent on the number of interfaces that NBAR is enabled on? Does the link speed of the interface(s) that NBAR is enabled?
  5. I am able to issue the command "ip nbar protocol-discovery" on the router and see the results. But NFA says my router does not support NBAR, Why?
  6. How do I verify whether my router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB?

V9

  1. What is NetFlow Version 9?
  2. What is the memory impact on the router?
  3. "Receiving non V5/V7/V9 packets from the following devices: Click here for further details.." What does this mean?
  4. Is version 9 backward compatible ?
  5. What is the performance impact of V9?
  6. What are the restrictions for V9?
  7. How do I configure NetFlow Version 9?

Technical Information

  1. How is traffic information stored in the NetFlow Analyzer database?
  2. How are ports assigned as applications in NetFlow Analyzer?
  3. Do I have to reinstall NetFlow Analyzer when moving to the fully paid version?
  4. How many users can access the application simultaneously?
  5. NetFlow Analyzer logs out after a period of inactivity. How do I avoid that?
  6. How to create DBInfo log file ?
  7. What are the advantages of configuring multiple NetFlow Listener Ports ?
  8. What information do I need to send to NFA support for assistance?
  9. How to safely migrate NFA installation to different machine ?
  10. What do I do if my NFA server becomes slow ? (or) How do I improve my NFA system performance ?
  11. Why NFA says router time not is SYNC and stops collecting data ?
  12. How do I buy NetFlow Analyzer?

Back

Enterprise Edition

  1. Why should I use NetFlow Analyzer Enterprise Edition?/a>
  2. What is the difference between the Essential Edition (EE) and Enterprise Edition (EE) ?
  3. What is a Central Server?
  4. What is a Collector?
  5. How many interfaces / flow rate can a single collector handle?
  6. How many collectors can a single Central Server handle?
  7. How does collector contact Central Server?
  8. Where to configure the SNMP parameters ?
  9. What happens if the network connection between the Collector and Central Server is down temporarily?
  10. How frequently does the collector contact Central Server?
  11. How secure is my data?
  12. Why am I getting "The collector is incompatible with the Central Server" message?
  13. What is the bandwidth usage between collector & Central Server?
  14. What is shown in Collector Dashboard view? How can I customize it?
  15. How to move Server from one machine to another machine?
  16. How to move a collector from one machine to another machine?
  17. What should I do if Collector/Central Server is behind a proxy?
  18. Is migration from Enterprise Edition supported?
  19. What is the licensing based on?

Back

General Product Information

  1. What is NetFlow Analyzer?

    NetFlow Analyzer is a web-based bandwidth monitoring and traffic analysis tool that uses Cisco NetFlow®, sFlow®, cflowd®, jFlow®, IPFIX®, NetStream® and Cisco NBAR® to provide detailed reports on network traffic. NetFlow Analyzer helps IT administrator answer the who, what, when, where, and how of bandwidth usage.

  2. What is an interface?

    Interface refers to both Layer 3 physical and logical ports on your switching or routing devices.

  3. What is NetFlow?

    Cisco® NetFlow technology is an embedded feature within Cisco IOS devices. NetFlow data records consist of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. NetFlow Analyzer uses this information to generate graphs and reports on traffic patterns and bandwidth utilization.

  4. What are the different versions of NetFlow available?

    So far 5 versions of NetFlow have been released. Version 1 is the original version, while version 5 is the standard and most common NetFlow version deployed. Version 7 was released specifically for Catalyst 6500 and 7600 Series switches. It is similar to version 5, but does not include information on AS, interface, TCP flag, and TOS. NetFlow version 8 was introduced to reduce resource usage, and includes a choice of eleven aggregation schemes. Version 9, the most recent version, is a flexible, extensible format with support for MPLS, Multicast, and more.

    NetFlow Analyzer currently supports NetFlow versions 5, 7 and 9.

  5. How is NetFlow different from traffic analyzers like MRTG™?

    MRTG and other such equivalent tools provide information that is limited to interface statistics. Such tools cannot give application-level details such as hosts, protocols, and conversations, which are an inherent part of IP traffic. NetFlow traffic statistics are much more detailed, offering in-depth and fine-grained bandwidth analysis.

  6. Is Cisco the only vendor supporting NetFlow?
  7. NetFlow technology was invented by Cisco, and Cisco IOS devices offer NetFlow compatibility. There may be other vendors offering NetFlow support on their devices. However, NetFlow Analyzer has been tested to support NetFlow-enabled Cisco devices only.

Back

License Information

  1. What is the difference between the Free Edition and Essential Edition?

    The Free Edition of NetFlow Analyzer can report on NetFlow data from a maximum of 2 routing interfaces, whereas the Essential Edition can report on NetFlow data from a maximum of n interfaces (where n is the number of interfaces you have purchased). There is no other difference between the two editions with respect to features or functionality.

  2. Is a trial version of NetFlow Analyzer available for evaluation?

    Yes. A 30-day free trial version of NetFlow Analyzer can be downloaded here.

  3. Does the trial version have any restrictions?

    The trial version is a fully functional version of NetFlow Analyzer, with no functional limitations. The trial version is available for download here.

  4. Do I have to reinstall NetFlow Analyzer when moving to the Essential Edition?

    No. You do not have to reinstall or shut down the server. You just need to enter the new license file in the Upgrade License box in the top pane of the NetFlow Analyzer web client.

  5. How many users can access NetFlow Analyzer simultaneously?

    This depends only on the capacity of the server on which NetFlow Analyzer is installed. The NetFlow Analyzer license does not limit the number of users accessing the application at any time.

  6. Back

    Installation

    1. When I try to access the web interface, another web server comes up. How does this happen?

      During installation, NetFlow Analyzer checks if the selected port is in use by another application. If at that time, the other web server was down, it will not get detected. Either disable the other web server, change its server port, or change the NetFlow Analyzer web server port.

    2. How can I change the MySQL port in NetFlow Analyzer from 13310 to another port?

      Edit the mysql-ds.xml file in the /server/default/deploy directory. Change the port number in the line jdbc:mysql://localhost:13310/netflow to the desired port number, save the file, and restart the server.

    3. Can I install and run NetFlow Analyzer as a root user?

      NetFlow Analyzer can be installed and started as a root user, but all file permissions will be modified and later you cannot start the server as any other user.

    4. Is a database backup necessary, or does NetFlow Analyzer take care of this?(or)How to back-up data in NetFlow Analyzer ?

      NetFlow Analyzer includes a database backup utility that you can use to make a backup of the database. There are 2 ways of backup :

      1. You can execute the script "backupdb.bat" / "backupdb.sh" which can be found under /adventnet/me/netflow/troubleshooting. This will created a back up of the database in a zip format. When you want to restore. You have to extract the zip to the /adventnet/me/netflow directory. This is a slow process.

      2. Stop NetFlow Analyzer service and copy both the Mysql and data folders under $NETFLOW_HOME/ folder.

        In both the above process the version of NFA should be the same.

       

    5. How do I update patch in Linux ?

      Please use the command "sh UpdateManager.sh -c" and follow the instructions to upgrade NetFlow Analyzer.

    Back

    Router Configuration

    1. Why can't I add a router to NetFlow Analyzer?

      NetFlow Analyzer does not choose which routers or interfaces to monitor. Devices are auto-discovered. All you need to do is set up your interfaces to send NetFlow data to the specified port on NetFlow Analyzer. Once NetFlow Analyzer starts receiving NetFlow data, you can see the device and its interfaces listed on the Interface View.

    2. Back

    3. My router has been set up to export NetFlow data, but I still don't see it on the Dashboard.

      There are a number of things you can check here:

      • Check if NetFlow is enabled on the device, and that it has started sending flows.
      • Check if your router is exporting NetFlow data to the port on which NetFlow Analyzer is listening.
      • Check if the router is exporting NetFlow version 5/ 7/ 9 data.
      Back
    4. I've deleted a router and all its interfaces through the License Management page but it still comes up on the Dashboard.

      This happens because NetFlow packets are still being received from that router. Unless you configure the router itself to stop exporting NetFlow data to NetFlow Analyzer it will reappear on the Dashboard
    5. Back

    6. What's the difference between unmanaging and deleting an interface? (or) When do I unmanage a device and when do I delete it from the License Management page?

      If you need to temporarily stop monitoring a router/interface, unmanage it from License Management. In this case, the router/interface is still shown under License Management.

      If you need to permanently stop monitoring a router/interface, disable NetFlow exports from the interface/router and then delete it from License Management. In this case, the router/interface is not displayed on any of the client screens unless new flows are sent from it.

    7. Back

    8. How to Configure SNMP community in router?
    9. For configuring SNMP, follow the steps below

      1. Logon on to the router.
      2. Enter into the global configuration mode
      3. Type the command snmp-server community public RO ( to set public as Read-Only community )
      4. Press ctrl and Z
      5. Type the command write mem

      Back

    10. How do I set the router time in SYNC with the NFA server?

      Whenever the time difference between the NetFlow Analyzer Server and the router is above 10 minutes a warning icon will appear in the home page. When this happens, NetFlow Analyzer will stamp the flows based on the system time of the NetFlow Analyzer server. In case you see this, please ensure the following on the router:

      1. Check if the time zone and the offset (in Hours and Minutes) for the time zone is set properly (E.g. PST -8 00 for PST or EST -5 00 for EST). You can check this by logging into the router, going into the configure terminal and typing show running-config. You can set the clock time zone and offset using the command clock timezone zone hours [minutes] (E.g. clock timezone PST -8 00)

      2. After checking the time zone, check if the correct time is set on your router. You can check this by logging into the router and typing show clock. You can set the clock time using the command clock set hh:mm:ss month date year There is no queuing mechanism is done on heavy periods.
    Back

    Reporting

    1. The graphs are empty. Why?

      Graphs will be empty if there is no data available. If you have just installed NetFlow Analyzer, wait for at least ten minutes to start seeing graphs. If you still see an empty graph, it means no data has been received by NetFlow Analyzer. Check your router settings in that case.

    2. Back

    3. What is Aggregate data and Raw data ? How to set Raw data storage period?

      As far as aggregated data is concerned, NetFlow Analyzer maintains the top 'n' flows for every ten minutes slot. The record count determines this 'n' values. By default it is set to 100. You may set your own criteria for this purpose. you can change this from the Settings option.

      Apart from this NetFlow Analyzer allows you to store raw data (all flows -not just the top n) for upto one month.

      1. Aggregated data is stored in 5 levels of tables - 10 Min, Hourly, 6 Hour, 24 Hour and Weekly tables and reports for different periods need to access the corresponding table. For example, very recent reports need to access the 10 Min table and old reports need to access the Weekly table. You can access the table MetaTable to determine the table which contains data for the required time period

      2. Raw data is stored in dynamically created tables and data pertaining to different devices (routers) reside in different table for different periods of time. You can access the table RawMetaTable to determine the table which contains data for the required report.

      Back

    4. Some of the applications are labeled as "TCP_App" or something similar. What is that?

      If an application is labeled as "TCP_App" or something similar, it means that NetFlow Analyzer has not recognized this application (i.e.) the combination of port and protocol is not mapped as any application. Once you add these applications under Application Mapping they will be recognized.
    5. Back

    6. Why are only the top 5 or 10 values shown in the reports? What if I want more detail?

      NetFlow Analyzer shows the top 50 results in all reports by default. You can see up to 100 results in each report by changing the Record Count value in the Settings page.
    7. Back

    8. The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?

      Check if you have enabled NetFlow on all interfaces through which traffic flows. Since NetFlow traffic accounting is ingress by default, only IN traffic across an interface is accounted for. To see both IN and OUT traffic graphs for an interface, you need to enable NetFlow on all the interfaces through which traffic flows.
    9. Back

    10. Why are some interfaces labeled as IfIndex2,IfIndex3, etc.?

      This happens if the device/interface has not responded to the SNMP requests sent by NetFlow Analyzer. Check the SNMP settings of the interface or manually edit the interface name from the Dashboard. NetFlow Analyzer uses port 161, and the public community string as default SNMP values. If the SNMP settings of your device are different, change the values in the Dashboard Interface View. If you need to change this globally, enter the new values in the same fields under Settings.

    11. Back

    12. The total bandwidth usage seems to decrease depending on the granularity of the report. Why is that? (or) Why is there a discrepancy between the values seen in the graph and the Max / Min values ?

      NetFlow Analyzer aggregates older data in less granular format and due to this reason some of the spikes may not show in older reports. While reports pertaining to last day is generated from tables with 10 minute granularity, reports pertaining to last week is generated from tables with 1 hour granularity

      For example, data in 10 minute table pertaining to 10:00, 10:10, 10:20, 10:30, 10:40 and 10:50 would all be aggregated and moved into hourly data tables for one data point pertaining to 10:00.

      While the total data volumes is correct, the traffic rates will be averaged over this period. So:

      10:00 -> volume transferred 100MBytes, ten minute average rate 1,333Kbits/s
      10:10 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
      10:20 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
      10:30 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
      10:40 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
      10:50 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s

      When aggregated into the one hour table, we get:

      10:00 -> volume transferred 105MBytes, one hour average rate 233Kbits/s

      The spike up to 1,333Kbits/s has been lost by this averaging process; as the data get aggregated into longer and longer time periods, so this average value will decrease further.

      This is the reason for the reduction in the reporting of bandwidth usage over time.

    13. Back

      NBAR

      1. Which features are not supported by NBAR ?

        The following features are not supported by NBAR:
        • More than 24 concurrent URLs, HOSTs or MIME type matches
        • Matching beyond the first 400 bytes in a URL
        • Non-IP traffic
        • Multicast and other non-CEF switching modes
        • Fragmented packets
        • Pipelined persistent HTTP requests
        • URL/HOST/MIME/ classification with secure HTTP
        • Asymmetric flows with stateful protocols
        • Packets originating from or destined to the router running NBAR
      2. Back

      3. Any restrictions on where we can configure NBAR?

        You can't configure NBAR on the following logical interfaces:
        • Fast EtherChannel
        • Interfaces that use tunneling or encryption
        • VLANs
        • Dialer interfaces
        • Multilink PPP

        Note: NBAR is configurable on VLANs as of Cisco IOS Release 12.1(13)E, but supported in the software switching path only.

      4. Back

      5. What Does NBAR Performance Depend On?

        Several factors can impact NBAR performance in software-based execution.

        A. Router Configuration
        1. Number of protocols being matched against it
        2. Number of regular expressions being used
        3. The complexity of packet inspection logic required

        B. Traffic Profile (Packet Protocol Sequence)
        1. The number of flows
        2. Long duration flows are less expensive than shorter duration flows
        3. Stateful protocol matches are more performance impacting than static port applications

      6. Back

      7. Is performance dependent on the number of interfaces that NBAR is enabled on? Does the link speed of the interface(s) that NBAR is enabled on affect performance ?

        No. NBAR performance is not dependent on the number of interfaces that NBAR is enabled on or the link speed of those interfaces. Performance is dependent on the number of packets that the NBAR engine has to inspect, how deep into the packet it has to look to perform regular inspection.

      8. Back

      9. I am able to issue the command "ip nbar protocol-discovery" on the router and see the results. But NFA says my router does not support NBAR, Why?

        Earlier version of IOS supports NBAR discovery only on router. So you can very well execute the command "ip nbar protocol-discovery" on the router and see the results. But NBAR Protocol Discovery MIB(CISCO-NBAR-PROTOCOL-DISCOVERY-MIB) support came only on later releases. This is needed for collecting data via SNMP. Please verify that whether your router IOS supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB.

      10. Back

      11. How do I verify whether my router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB?

        a) You can check CISCO-NBAR-PROTOCOL-DISCOVERY-MIB supported platforms and IOS using the follwoing link. http://tools.cisco.com/ITDIT/MIBS/AdvancedSearch?MibSel=250073

        b) Alternately , you can execute "show snmp mib | include cnpd " command at router to know the implemeted mib objects in the router. If the router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB, then the above command gives the following objects.

        cnpdStatusEntry.1
        cnpdStatusEntry.2
        cnpdAllStatsEntry.2
        cnpdAllStatsEntry.3
        cnpdAllStatsEntry.4
        cnpdAllStatsEntry.5
        cnpdAllStatsEntry.6
        cnpdAllStatsEntry.7
        cnpdAllStatsEntry.8
        cnpdAllStatsEntry.9
        cnpdAllStatsEntry.10
        cnpdAllStatsEntry.11
        cnpdAllStatsEntry.12
        cnpdTopNConfigEntry.2
        cnpdTopNConfigEntry.3
        cnpdTopNConfigEntry.4
        cnpdTopNConfigEntry.5
        cnpdTopNConfigEntry.6
        cnpdTopNConfigEntry.7
        cnpdTopNConfigEntry.8
        cnpdTopNStatsEntry.2
        cnpdTopNStatsEntry.3
        cnpdTopNStatsEntry.4
        cnpdThresholdConfigEntry.2
        cnpdThresholdConfigEntry.3
        cnpdThresholdConfigEntry.4
        cnpdThresholdConfigEntry.5
        cnpdThresholdConfigEntry.6
        cnpdThresholdConfigEntry.7
        cnpdThresholdConfigEntry.8
        cnpdThresholdConfigEntry.9
        cnpdThresholdConfigEntry.10
        cnpdThresholdConfigEntry.12
        cnpdThresholdHistoryEntry.2
        cnpdThresholdHistoryEntry.3
        cnpdThresholdHistoryEntry.4
        cnpdThresholdHistoryEntry.5
        cnpdThresholdHistoryEntry.6
        cnpdThresholdHistoryEntry.7
        cnpdNotificationsConfig.1
        cnpdSupportedProtocolsEntry.2
      Back

      V9

      1. What is NetFlow Version 9?

        This format is flexible and extensible , which provides the versatility needed to support new fields and record types. This format accommodates new NetFlow-supported technologies such as NAT, MPLS,BGP next hop and Multicast.The main feature of Version 9 Export format is that it is template based.
      2. Back

      3. What is the memory impact on the router due to V9?

        The memory used depends upon the data structures used to maintain template flowsets. As the implementation does not access the NetFlow cache directly the memory used is not very high.
      4. Back

      5. "Receiving non V5/V7/V9 packets from the following devices: Click here for further details.." What does this mean?

        If you get this message on the user interface, it means that NetFlow packets with versions other than version 5/7/9, are being received by NetFlow Analyzer. Check your router settings to make sure that only version 5/7/9 NetFlow exports are being sent to NetFlow Analyzer. This is because NetFlow Analyzer supports only NetFlow version 5/7/9 exports.
      6. Back

      7. Is version 9 backward compatible ?

        Version 9 is not backward-compatible with Version 5 or Version 8. If you need Version 5 or Version 8, then you must configure Version 5 or Version 8.
      8. Back

      9. What is the performance impact of V9?

        Version 9 slightly decreases overall performance, because generating and maintaining valid template flowsets requires additional processing.
      10. Back

      11. What are the restrictions for V9?

        Version 9 allows for interleaving of various technologies. This means that you should configure Version 9 if you need data to be exported from various technologies (such as Multicast, DoS, IPv6, BGP next hop, and so on).
      12. Back

      13. How do I configure NetFlow Version 9?

        Please refer the following document for configuring netflow version 9 http://www.cisco.com/en/US/docs/ios/12_3/feature/gde/nfv9expf.html#wp1069837

      Back

      Technical Information

      1. How is traffic information stored in the NetFlow Analyzer database?

        For each report, NetFlow Analyzer stores traffic information in a different manner. The following tables describe the data storage pattern for the various reports generated by NetFlow Analyzer. storage
      2. Back

      3. How are ports assigned as applications in NetFlow Analyzer?

        A NetFlow export contains information on the protocol, source port, and destination port. When a flow is received, NetFlow Analyzer tries to match the port and protocol in the flow, to an application in the following order:
        • The smaller of the source and destination port numbers, to the list of ports configured to each application in the Application Mapping list
        • The larger of the source and destination port numbers, to the list of ports configured to each application in the Application Mapping list
        • The smaller of the source and destination port numbers, to the port ranges configured to each application in the Application Mapping list
        • The larger of the source and destination port numbers, to the port ranges configured to each application in the Application Mapping list

        If a matching application is still not found, then depending on the protocol received in the flow, the application is listed as <protocol>_App. (eg.) TCP_App if a flow is received with TCP protocol, and unmatched source and destination ports. If the protocol received in the flow is also not recognized by NetFlow Analyzer, the application is listed as Unknown_App.

        A single flow can be categorized as a single application only. In case of a conflict, applications with an exact match for the port number will be accounted for.


      4. Back

      5. Do I have to reinstall NetFlow Analyzer when moving to the fully paid version?

        No, you do not have to reinstall or shut down the NetFlow Analyzer server. You just need to enter the new license file in the Upgrade License box.
      6. Back

      7. How many users can access the application simultaneously?

        This depends only on the capacity of the server on which NetFlow Analyzer is installed. The NetFlow Analyzer license does not limit the number of users accessing the application at any time.
      8. Back

      9. NetFlow Analyzer logs out after a period of inactivity. How do I avoid that?

        You can change the time-out value to a higher value than the default ( 30 minutes ) by increasing the parameter session-timeout.

        <session-config>
        <session-timeout>30</session-timeout>
        </session-config>

        under <NFA_Home>/AdventNet/ME/NetFlow/server/default/conf/web.xml

        Change the value 30 to your desired time-range - say, 600. You will have to restart NFA server for this to take effect.

      10. Back

      11. How to create DBInfo log file ?
      12. 1. Please ensure that NFA is running.
        2. Navigate to /Trou

        Back

        bleshooting directory and execute the file DBInfo.sh / DBInfo.bat
        3. It creates a "Info.log" file in the same folder. This contains DB related information. Please send us the "info.log" file to netflowanalyzer-support@manageengine.com for us to analyze and help you better.

      13. What are the advantages of configuring multiple NetFlow Listener Ports ?
      14. Configuring multiple NetFlow Listener ports can significantly enhance the flow handling rates. You can configure upto 5 listener ports, each seperated by a comma. This can be configured from the Settings -> NetFlow Settings page in the user interface

        Back

      15. What information do I need to send to NFA support for assistance?

        1. Please run your logziputil.bat / logziputil.sh (under the troubleshooting folder). This will create a zip file under the support folder please send us the zip file.
        2. Send us the .err file under the Mysql\data folder.
        3. Also send your Machine configuration.

        Back

      16. How to safely migrate NFA installation to different machine ?

         NetFlow Analyzer can be migrated to a new server with older data and configurations with certain conditions. Given below are the steps to migrate the installation and database to a different server.

        Note:
        > The build number of the NetFlow Analyzer should be the same on both the servers. (You can find the Build number by clicking on the 'About' link on the top right corner of the user interface)
        > Cross platform migration is not supported (eg. From Windows to Linux and vice versa)

        1. Shutdown the NetFlow Analyzer service.
        2. Copy the MySql and Data folder under the <NetFlow_Home> to a safe backup location. These two folders contain all the collected data and configurations of NetFlow Analyzer.
        3. Install the NetFlow Analyzer on the new server and run the NetFlow Analyzer service once.
        4. Then shutdown the NetFlow Analyzer service.
        5. Copy the MySql and Data folders which were backed up from the original installation to the new installation under <NetFlow_Home> directory.

        Additionally, if you do not have a copy of the product license, please copy the AdventnetLicense.xml file from <NetFlow_Home>\lib directory to a safe location. Once the migration is complete, you can apply the license from License Management page under Admin Operations in the product UI.

        Back

      17. What do I do if my NFA server becomes slow ? (or) How do I improve my NFA system performance ?


      18. Please refer this link for a brief note on database tuning :http://forums.manageengine.com/NetFlow-Analyzer
        Back

      19. Why NFA says router time not is SYNC and stops collecting data ?


      20. Please follow these steps to fix this issue:

        1. In case you see this, please ensure the following on the router:Check if the correct time is set on your router.
          You can check this by logging into the router and typing show clock. You can set the clock time using the command clock set hh:mm:ss month date year. Check if the time zone and the offset (in Hours and Minutes) for the time zone is set properly (E.g. PST -8 00 for PST or EST -5 00 for EST). You can check this by logging into the router, going into the configure terminal and typing show running-config. You can set the clock time zone and offset using the command clock timezone zone hours [minutes] (E.g. clock timezone PST -8 00)
        2. The time sync issue may be related to high CPU load and reducing the IP group can help. Each address / range / network will be checked seperately. So, 4 addresses of 10.10.10.1, 10.10.10.2, 10.10.10.3 and 10.10.10.4 will add more overload than creating the same as a single IP range of 10.10.10.1 to 10.10.10.4. While associating interfaces you are better off selecting "All interfaces" wherever appropriate since in that case no check will be done with the interface in the flow. In your case, since you had 180 interfaces associated, the code had to check for these 180 interfaces in each flow received.
        Back

      21. How do I buy NetFlow Analyzer?

        You can buy NetFlow Analyzer directly from the Manageengine Online Store, or from a reseller near your location. Please see the website at http://www.netflowanalyzer.com/ for more information on purchasing options
      22. Back

Enterprises Edition

  1. Why should I use the NetFlow Analyzer Enterprise Edition?
    • Handles excess of 10000 interfaces & several million flows per minute.
    • Targeted for large enterprises with distributed networks
    • Scalable architecture - Seamless collector addition allowed to cater to growing network.
    • Secure & reliable data transfer via Https
  2. Back
  3. What is the difference between the Essential Edition (EE) and Enterprise Edition (EE) ?

    Please check out the comparison document.

  4. Back
  5. What is a Central Server?

    The Central Reporting Server does the following

    • provides a centralized web console
    • manages the collectors
    • receives and stores the data
  6. Back
  7. What is a collector?

    The collector

    • should be deployed near the routers
    • collects and processes the NetFlow data from routers
    • compresses the received data and sends to Central Server
  8. Back
  9. How many interfaces / flow rate can a single collector handle?

    Based on the hardware configuration of the system, a collector can handle around 2000 interfaces. It can handle a flow rate of up to 8000 flows / second. Refer sizing guide for hardware configuration

  10. Back
  11. How many collectors can a single Central Server handle?

    Central Server can handle any number of collectors. Refer sizing guide for hardware configuration. New collectors can be added seamlessly at anytime.

  12. Back
  13. How does the collector contact the Central Server?

    The communication between Central Server & collector is one way communication, i.e. only collector can communicate with the Central Server. Collector communicates through the https port of Central Server.

  14. Back
  15. Where to configure the SNMP parameters?

    SNMP parameters like read community, port can be configured while installing the collector. If you want to change after installing the collector, you can do so from a collector web client. Click on the Settings page under the Admin Operations and then click the NetFlow settings tab and then give the necessary SNMP parameters. You can also change the individual router SNMP parameters by clicking the "Set SNMP parameters" icon which is placed next to the Router's Name in both the Central Server/ Collector Web-client.

  16. Back
  17. What happens if the network connection between the collector and Central Server is down temporarily?

    Collector will hold the data and sends them once connection is re-established. Thus collector ensures reliable data transfer.

  18. Back
  19. How frequently does the collector contact Central Server?

    Collector contacts Central Server for two purposes. One is to send the collected NetFlow data and another is to get any new configurations like IP Group, Alert Profile, etc created by the user at the Central Server. The frequency to send NetFlow data is 10 minutes and the frequency to get the configuration is one minute.

  20. Back
  21. How secure is my data?

    Collector sends the data through secure https connection. We have bundled SSL certificates generated using Java's keytool. If you like to change the certificates, you can use the sslgen.bat ( sslgen.sh in case of linux) script bundled under the [Product Home]/bin directory.

  22. Back
  23. Why am I getting "The collector is incompatible with the Central Server" message?

    The following could be the possible reasons.

    1. The Central Server is new / reinitialized whereas the collector is old. In this case, please reinitialize the collector and restart it.
    2. The Collector has been deleted in the "Collector Details" page in the Central Server's web client. In this case, collector needs to be enabled in Collector Details page and it has to be restarted
  24. Back
  25. What is the bandwidth usage between collector & Central Server?

    You can view the actual bandwidth used for data transfer from the "Collector Details" page in the Central Server's web client. You can find the link to this page under Admin Operations.

  26. Back
  27. What is shown in Collector Dashboard view? How can I customize it?

    The Collector Dashboard view shows the top 10 interfaces in each collector by default. You can also customize it to show either the "Top 10/20/30 Interfaces" or "Selected List of Interfaces". To customize it, please use the "Customize" link beside the Dashboard link.

  28. Back
  29. How to move the Central Server from one machine to another machine?

    On Central Server side:

    • Stop Central Reporting Server.
    • Execute the file [Product Home]/troubleshooting/BackupDB.bat/sh.
    • It creates a zip file containing the backup of Database and configuration information under [Product Home]
    • Install Central Reporting Server in the new location
    • Make sure the new machine has the same time zone & time as the old one
    • Unzip the backup zip file under [Product Home]

    Once the Central Server is moved make the following changes on collector side

    • Navigate to the Settings page of Collector and change the Central Server Hostname/IP
    • Restart NetFlow Collector
  30. Back
  31. How to move the collector from one machine to another machine?
    • Stop the collector
    • Copy the [Product Home]/conf/NetFlow/collectorFile.txt to the new machine under [Product Home]/conf/NetFlow/ directory.
    • Make sure you specified the correct Central Server name or IP address & https port.
    • Start the collector.
    • While the collector is starting, it will prompt for "Do you want to start it as same collector? ". Please type "y" in order to start as the same collector.
  32. Back
  33. What should I do if Collector/CentralServer is behind a proxy ?

    If the collector is behind a proxy, then enter the proxy settings either in Collector's Installation screen or in the Settings page in web client. If the Central Server is behind the proxy, please NAT the name & https port and provide the NATed values in Collector's Installation screen.

  34. Back
  35. Is migration from Enterprise Edition supported?

    No.It is not possible to migrate your data from Professional/Essential Edition to Enterprise Edition or vice versa.

  36. Back
  37. What is the licensing based on?

    The licensing is based on the flow rate. When the flow rate exceeds 10,000 flows/second, an additional collector needs to be added.

Back