Nagios Support Forum

Source ip 172.20.0.212 - dest ip 172.20.39.201.

How I said, It was working in the old version. I am doing demo to bought to NOC in Brazil so I need to have sure that it works well.

Thanks


[root@localhost ~]# tcpdump -i eth0 port 2060
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:09:05.150300 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1448
18:09:05.526692 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1436
18:09:05.646348 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1448
18:09:05.742314 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1468
18:09:06.459487 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1408
18:09:07.345081 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1408
18:09:07.672239 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1472
18:09:07.776976 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1464
18:09:08.407956 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1456
18:09:08.745146 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1468
18:09:09.775096 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1436
18:09:09.817891 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1456
18:09:10.772841 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1456
18:09:10.890883 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1464
18:09:11.098574 IP fw01-tit-spo.telemont.it.27248 > 172.20.39.201.teleniumdaemon: UDP, length 1452

Well, it seems like you are receiving netflow data. Can you delete this source from the NNA, and recreate it with a slightly different name to see if this is going to fix the issue?

Hi there, I have exactly the same issue. I'm evaluating Nagios Network Analyzer appliance (I've just installed a VM with the newest appliance available 2R1.0) and currently receiving only NetFlow data from one Cisco ASA 5510. I can see the bandwidth graph but nothing else = no details. At the same time I'm sending the very same data to PRTG and Scrutinizer where I can see everything so I doubt the issue is on the ASA configuration. Here are data from the Nagios VM:
[root@ie-sv-nagios-tc ~]# date
Mon Mar 23 11:38:17 GMT 2015
[root@ie-sv-nagios-tc ~]# file /etc/localtime
/etc/localtime: symbolic link to `/usr/share/zoneinfo/Etc/Greenwich'
[root@ie-sv-nagios-tc ~]# grep "date.timezone =" /etc/php.ini
date.timezone = Etc/Greenwich
[root@ie-sv-nagios-tc ~]#

[root@ie-sv-nagios-tc ~]# cat /etc/sysconfig/clock
ZONE="Etc/Greenwich"

[root@ie-sv-nagios-tc ~]# tcpdump -i eth0 port 2055
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:39:41.444297 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1468
11:39:42.812681 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1444
11:39:44.643775 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1432
11:39:45.831100 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1460
11:39:47.885484 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1472
11:39:49.768018 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1472
11:39:52.179719 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1428
11:39:54.506359 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1436
11:39:56.710100 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1440
11:39:59.925915 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1460
11:40:01.026909 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1400
11:40:01.569166 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1428
11:40:01.718126 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1452
11:40:02.981179 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1376
11:40:03.051090 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1444
11:40:03.105565 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1472
11:40:03.153551 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1424
11:40:03.205988 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1424
11:40:03.264678 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1464
11:40:03.311614 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1424
11:40:03.365367 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1408
11:40:03.420891 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1448
11:40:03.481453 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1464
11:40:03.533090 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1392
11:40:03.577821 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1408
11:40:03.611621 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1400
11:40:03.661493 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1472
11:40:03.715784 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1456
11:40:03.766042 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1420
11:40:03.822705 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1452
11:40:03.871352 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1384
11:40:04.334063 IP 192.168.1.150.20817 > 192.168.1.122.iop: UDP, length 1400
^C
32 packets captured
32 packets received by filter
0 packets dropped by kernel

Could you go to Reports and run the Top 5 Talkers By Source report and post the screen capture of that here?

No problem at all:

In the meantime I added a second ASA to the same NagiosNA with a newer Cisco OS/ASDM (yesterday afternoon, just to see whether the issue isn't Cisco OS related). The "new" one handles just a small traffic but there is always some. Interestingly enough the new one shows some data:

Could you post the make and model number of the working ASA and the non working ASA here as well as how they are configured so we can review the settings?

The non-working one is Cisco ASA 5510, ASA 8.2(1), ASDM 6.2(1) and the working one (at least a bit better) is Cisco ASA 5512-X, ASA 9.1(2), ASDM 7.1(4). Unfortunately I won't be able to send the configuration but both are configured the same way where, as mentioned before, there are three NetFlow targets on both (we're evaluating and trying to find the right product for us) - NagiosNA, PRTG and Scrutinizer. Only NagiosNA doesn't show the data properly so I don't really believe this is a settings issue on the firewall.

Can you verify the settings for your ASA's are setup like the example in this document?

Thank you all for the effort. The decision has been made in our company, therefore there is no sense in continuing this investigation ... however the user who initially opened this thread still might suffer from the issue.