No NetFlow traffic captured

To determine the cause and solution please do the following:

General steps:

Go to System tab in the application

1. 1. check the Packets chart (netflow packets that the application collected)
      
      1. f there are no UDP packets received go to steps 1 to 2.
      2. if there are dropped packets restart Tomcat service for temporary quick fix and go to step 1c to resolve the core problem
   2. check Flows chart:
      1. if there are no flows this means that no netflow data is received by the application, go to steps 1 to 2.
      2. if all flows are unlicensed, your license is invalid or expired - contact us for resolving this
      3. if all flows are filtered, go to  > Settings > NetFlow Settings > Aggregation filtering and remove the filter rejecting all flow
      4. if all flows are dropped, try restarting the tomcat service and contact us if the problem persists
   3. check Performance chart:
      1. if Heap utilisation is high try adding more RAM to Tomcat and PostgreSQL services (consult Post installation steps)
      2. if DB write time is high try adding more CPU cores to the server
      3. if you are not sure what to do contact us at support@netvizura.com

Linux:

1. Check if NetFlow data is received by the server
   1. in command shell on the server execute tcpdump port 2055 command - you should see steady stream of packets received by the server (2055 is the default NetFlow port)
      1. if there is no netflow packets check your firewalls, access lists to enable packets to be received by NetVizura server;
   2. in command shell on the server execute watch -n1 "ls -l /var/lib/netvizura/flow/temp" - after several seconds you should see that tmp.bin file size is increasing
      1. if tmp.bin file size is not increasing, but tcpdump shows that netflow packets are reaching the server check your local firewall configuration (usually iptables) or NetVizura NetFlow Collection port (see below).
2. Check if Collection port on the server is open and that NetVizura is listening on that port
   1. Check that firewall is allowing packets on NetFlow port (the default is 2055)
      1. Execute command service iptables status to view firewall configuration. There has to be a line present which is allowing traffic on NetFlow port (2055)
   2. Check that NetVizura is listening on NetFlow port

      1. Execute command netstat -noap | grep 2055 and verify that there is a line present similar to following:

         udp        0      0 :::2055                     :::*                                    28004/java     off (0.00/0/0)

         It is important that java process is the one that occupied NetFlow port - not some other process. If some other process already occupied NetFlow port you need to reconfigure that other process to use a different port.

   3. Check that Collection port is accessible outside the NetVizura server

      1. on a remote host execute command nmap netvizura_ip_address -sU -p 2055 where netvizura_ip_address is the address of NetVizura server. In the output of the command you should see that the port is open.

3. Check netflow exporter configuration
   1. Check if netflow device is configured to send netflows to the NetVizura server IP address and collection port
      1. Collection port in NetVizura application can be set in  > Settings > NetFlow Settings > Configuration
      2. Default Collection port is 2055
   2. Try installing a netflow generator and set it to export data to the NetVizura server
      1. if there is traffic on the chart then netflow exporter configuration is not good
      2. if there is no traffic on the chart, check if the traffic is being blocked (access lists, firewalls)

Windows:

1. Check if NetFlow data is received by the server
   a. You should determine if server receives steady stream of packets at 2055 port (2055 is the default NetFlow port) with some packet analyzer for windows (wireshark, windump, etc)
   1. 1. if there is no netflow packets check your firewalls, access lists to enable packets to be received by NetVizura server;
   b. In C:\Program Files\NetVizura\flow\temp after several seconds you should see that tmp.bin file size is increasing (This is default location for NetVizura NetFlow installation)
   
   1. 1. if tmp.bin file size is not increasing, but packet analyzer shows that netflow packets are reaching the server, check your local firewall configuration or NetVizura NetFlow Collection port (see below).
2. Check if Collection port on the server is open and that NetVizura is listening on that port (the default is 2055)
   a. Check that firewall is allowing packets on NetFlow port (the default is 2055)
   b. Check that NetVizura is listening on NetFlow port
   i. In Windows Command Prompt or PowerShell execute the following command: netstat -noab and verify that Tomcat process is the one that occupied NetFlow port 2055. If some other process already occupied NetFlow port you need to reconfigure that other process to use a different port.
   c. Check that Collection port is accessible outside the NetVizura server
   1. 1. on a remote host execute command nmap -sU netvizura_ip_address -p 2055 where netvizura_ip_address is the address of NetVizura server. In the output of the command you should see that the port is open.
3. Check netflow exporter configuration
   1. Check if netflow device is configured to send netflows to the NetVizura server IP address and collection port
      1. Collection port in NetVizura application can be set in  > Settings > NetFlow Settings > Configuration
      2. Default Collection port is 2055
   2. Try installing a netflow generator and set it to export data to the NetVizura server
      1. if there is traffic on the chart then netflow exporter configuration is not good
      2. if there is no traffic on the chart, check if the traffic is being blocked (access lists, firewalls)