Page tree
Skip to end of metadata
Go to start of metadata

Problem

It may happen that you have configured NetFlow export on a device but there is no NetFlow traffic in the application. This is manifested by empty charts and/or presence of dropped packets in System view. Possible causes are low memory, power outage on the server, network misconfiguration and more.

Solution

NetFlow traffic may not show due to several reasons:

  • Firewall and access lists are blocking NetFlow  packets
  • Collection port is not opened
  • Collection port has already being used by a different application
  • Bad NetFlow exporter configuration
  • Aggregation filter is filtering out the traffic
  • License has expired
  • NetFlow packets are being dropped

Restarting NetVizura

Most of diagnostic information will be lost when you restart NetVizura. Use it as a last resort. Consult with support before restarting NetVizura.

If all of the following steps are inconclusive and you cannot recover NetVizura to normal operational mode, consult article How to restart the application for steps on how to restart NetVizura.

General steps

Go to System tab in the application

    1. check the Packets chart (NetFlow packets that the application collected)
      1. f there are no UDP packets received go to steps 1 to 2.
      2. if there are dropped packets restart Tomcat service for temporary quick fix and go to step 1c to resolve the core problem
    2. check Flows chart:
      1. if there are no flows this means that no NetFlow data is received by the application, go to steps 1 to 2
      2. if all flows are unlicensed, your license is invalid or expired - contact us for resolving this
      3. if all flows are filtered, go to  > Settings > NetFlow Settings > Aggregation filtering and remove the filter rejecting all flow
      4. if all flows are dropped, try restarting the tomcat service and contact us if the problem persists
    3. check Performance chart:
      1. if Heap utilisation is high try adding more RAM to Tomcat and PostgreSQL services (consult Post installation steps)
      2. if DB write time is high try adding more CPU cores to the server
      3. if you are not sure what to do, contact us

Linux

  1. Check if NetFlow data is received by the server
    1. in command shell on the server execute tcpdump port 2055 command - you should see steady stream of packets received by the server (2055 is the default NetFlow port)
      1. if there is no NetFlow packets check your firewalls, access lists to enable packets to be received by NetVizura server;
    2. in command shell on the server execute watch -n1 "ls -l /var/lib/netvizura/flow/temp" - after several seconds you should see that tmp.bin file size is increasing
      1. if tmp.bin file size is not increasing, but tcpdump shows that NetFlow packets are reaching the server check your local firewall configuration (usually iptables) or NetVizura NetFlow Collection port (see below).
  2. Check if Collection port on the server is open and that NetVizura is listening on that port
    1. Check that firewall is allowing packets on NetFlow port (the default is 2055)
      1. Execute command service iptables status or firewall-cmd --list-all to view firewall configuration. There has to be a line present which is allowing traffic on NetFlow port (2055)
    2. Check that NetVizura is listening on NetFlow port
      1. Execute command netstat -noap | grep 2055 and verify that there is a line present similar to following:

        udp        0      0 :::2055                     :::*                                    28004/java     off (0.00/0/0)

        It is important that java process is the one that occupied NetFlow port - not some other process. If some other process already occupied NetFlow port you need to reconfigure that other process to use a different port.

    3. Check that Collection port is accessible outside the NetVizura server

      1. on a remote host execute command nmap netvizura_ip_address -sU -p 2055 where netvizura_ip_address is the address of NetVizura server. In the output of the command you should see that the port is open.

  3. Check NetFlow exporter configuration
    1. Check if NetFlow device is configured to send NetFlow to the NetVizura server IP address and collection port
      1. Collection port in NetVizura application can be set in  > Settings > NetFlow Settings > Configuration
      2. Default Collection port is 2055
    2. Try installing a NetFlow generator and set it to export data to the NetVizura server
      1. if there is traffic on the chart then NetFlow exporter configuration is not good
      2. if there is no traffic on the chart, check if the traffic is being blocked (access lists, firewalls)

Windows

Using an administrator account on Windows is recommended.

  1. Check if NetFlow data is received by the server
    a. You should determine if server receives steady stream of packets at 2055 port (2055 is the default NetFlow port) with some packet analyzer for windows (wireshark, windump, etc)
      1. if there is no NetFlow packets check your firewalls, access lists to enable packets to be received by NetVizura server;
    b. In C:\Program Files\NetVizura\flow\temp after several seconds you should see that tmp.bin file size is increasing (This is default location for NetVizura NetFlow installation)
      1. if tmp.bin file size is not increasing, but packet analyzer shows that NetFlow packets are reaching the server, check your local firewall configuration or NetVizura NetFlow Collection port (see below).
  2. Check if Collection port on the server is open and that NetVizura is listening on that port (the default is 2055)
    a. Check that firewall is allowing packets on NetFlow port (the default is 2055)
    b. Check that NetVizura is listening on NetFlow port
    i. In Windows Command Prompt or PowerShell execute the following command: netstat -noab and verify that Tomcat process is the one that occupied NetFlow port 2055. If some other process already occupied NetFlow port you need to reconfigure that other process to use a different port.
    c. Check that Collection port is accessible outside the NetVizura server
      1. on a remote host execute command nmap -sU netvizura_ip_address -p 2055 where netvizura_ip_address is the address of NetVizura server. In the output of the command you should see that the port is open.
  3. Check netflow exporter configuration
    1. Check if netflow device is configured to send netflows to the NetVizura server IP address and collection port
      1. Collection port in NetVizura application can be set in  > Settings > NetFlow Settings > Configuration
      2. Default Collection port is 2055
    2. Try installing a netflow generator and set it to export data to the NetVizura server
      1. if there is traffic on the chart then netflow exporter configuration is not good
      2. if there is no traffic on the chart, check if the traffic is being blocked (access lists, firewalls)