Error No data found

This support forum board is for support questions relating to Nagios Network Analyzer, our network traffic and bandwidth analysis solution.
mgallamore
Posts: 3
Joined: Thu Mar 12, 2015 1:34 pm

Re: Error No data found

Post by mgallamore »

Looks like we are having the same issue with a evaluation setup of NNA 2R1.0 with our ASA 5520 running ios 9.1.3, while our Cisco 6509 are working perfect.

nfdump -r

Code: Select all

2015-04-03 14:09:20.282     0.000 TCP     192.168.220.57:55550 ->   54.225.150.195:443          0     2978     1
2015-04-03 14:09:36.971     0.000 TCP     192.168.220.57:55589 ->    23.12.251.197:443          0      576     1
2015-04-03 14:09:36.971     0.000 TCP     192.168.220.57:55590 ->    23.12.251.197:443          0      576     1
1969-12-31 18:00:00.56344   -56.344 TCP     192.168.220.57:55590 ->    23.12.251.197:443          0        0     1
2015-04-03 14:09:38.971     0.000 TCP     192.168.220.57:55594 ->    216.249.24.56:443          0      576     1
2015-04-03 14:09:41.151     0.000 TCP     192.168.220.57:55598 ->    216.249.24.56:443          0      576     1
2015-04-03 14:09:32.641     0.000 TCP     192.168.220.57:55581 ->    50.97.233.185:443          0      576     1
We have our network time all in sync as that was my first thought but i've hit a roadblock on this. Issue is we are attempting to replace another monitoring solution which works fine with the ASA in question.
Top
User avatar
tgriep
Madmin
Posts: 9190
Joined: Thu Oct 30, 2014 9:02 am

Re: Error No data found

Post by tgriep »

Can you edit the settings in the Cisco ASA to match our default settings that are known to work.

Code: Select all

flow-export destination inside XXX.XXX.XXX.XXX YYYY
flow-export template timeout-rate 1
flow-export delay flow-create 60
logging flow-export-syslogs disable

access-list netflow-export extended permit any any
class-map netflow-export-class
	match access-list netflow-export
policy-map global-policy
class netflow-export-class
	flow-export event-type all destination XXX.XXX.XXX.XXX
	
Where XXX.XXX.XXX.XXX is the IP address of the NA server
Where YYYY is the port used on the NA server
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
mgallamore
Posts: 3
Joined: Thu Mar 12, 2015 1:34 pm

Re: Error No data found

Post by mgallamore »

Running into the same issue with those settings. Been playing with the setting for a couple days and cant get past that 1969 time stamp and the time window unknown on the nfdump

Setting active during my last port

Code: Select all

flow-export destination inside x.x.x.x 10000
flow-export template timeout-rate 1
flow-export delay flow-create 20

access-list global_mpc extended permit ip any4 any4 
class-map Netflow
match access-list global_mpc
policy-map global_policy
class Netflow
  flow-export event-type all destination x.x.x.x
Test setting and result

Code: Select all

flow-export destination inside x.x.x.x 10000
flow-export template timeout-rate 1
flow-export delay flow-create 60

access-list global_mpc extended permit ip any4 any4 
class-map Netflow
match access-list global_mpc
policy-map global_policy
class Netflow
  flow-export event-type all destination x.x.x.x
nfdump -r

Code: Select all

2015-04-07 07:24:56.257     0.000 ICMP   192.168.181.110:0     ->   192.168.220.50:2.0          0       32     1
2015-04-07 07:24:56.257     0.000 ICMP   192.168.181.110:0     ->   192.168.220.57:2.0          0       32     1
2015-04-07 07:24:56.257     0.000 ICMP   192.168.181.110:0     ->   192.168.220.58:2.0          0       32     1
1969-12-31 18:00:00.000     0.000 TCP    192.168.220.217:54801 ->     66.210.135.6:443          0        0     1
2015-04-07 07:24:57.427     0.000 UDP    192.168.222.131:53125 ->  192.168.190.190:53           0       42     1
2015-04-07 07:24:58.337     0.000 TCP    192.168.220.132:55361 ->     172.16.11.35:10081        0      117     1
2015-04-07 07:24:56.387     0.000 TCP    192.168.181.100:63136 ->  192.168.221.170:49152        0    4.4 M     1
2015-04-07 07:24:28.488     0.000 TCP    192.168.220.234:57970 ->    10.83.170.141:9301         0        0     1
2015-04-07 07:24:58.517     0.000 UDP     192.168.220.35:61687 ->  192.168.190.190:53           0       42     1
1969-12-31 18:00:00.000     0.000 TCP     192.168.222.54:55888 ->     66.210.135.6:443          0        0     1
2015-04-07 07:24:13.359     0.000 TCP    192.168.181.100:63112 ->  192.168.221.170:49152        0  351.6 M     1
2015-04-07 07:24:59.257     0.000 ICMP   192.168.181.110:0     ->   192.168.220.20:2.0          0       32     1
Summary: total flows: 14473, total bytes: 2695001176, total packets: 0, avg bps: 15, avg pps: 0, avg bpp: 0
Time window: Time Window unknown
Total flows processed: 14473, Blocks skipped: 0, Bytes read: 868828
Sys: 0.247s flows/second: 58367.8    Wall: 0.420s flows/second: 34378.1
Top
User avatar
tgriep
Madmin
Posts: 9190
Joined: Thu Oct 30, 2014 9:02 am

Re: Error No data found

Post by tgriep »

I am going to try and recreate the issue. It might take a while.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
sput
Posts: 2
Joined: Thu Mar 20, 2014 1:52 pm

Re: Error No data found

Post by sput »

I am having the exact same issue with two ASA's running 9.2.2(4) -- netflow works fine with PRTG but not getting any data in Nagios. Bandwidth graphs show up fine. I'm also seeing random entries in nfdump showing a date of 1969-12-31. Has anyone found a fix for this yet? Please advise!
Top
jolson
Attack Rabbit
Posts: 2560
Joined: Thu Feb 12, 2015 12:40 pm

Re: Error No data found

Post by jolson »

mgallamore, sput,

It's possible that this issue is cropping up with devices that use NSEL - Cisco's netflow variant for ASA devices. This is different than normal netflow, and can require a special option to be enabled when nfdump is compiled.

Please note that you may lose previous flow information by performing this procedure.

To enable NSEL support in nfdump:

Code: Select all

cd /tmp
wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.13/nfdump-1.6.13.tar.gz/download
tar xzf download
cd nfdump-1.6.13/
./configure --enable-sflow --enable-nsel
make
make install
You can check whether NSEL support is on with the following command:

Code: Select all

nfdump -V
We can easily revert to the previous nfdump version if the above does not work. Any test results you guys could provide could be a big help.
Twits Blog
Show me a man who lives alone and has a perpetually clean kitchen, and 8 times out of 9 I'll show you a man with detestable spiritual qualities.
Top
sput
Posts: 2
Joined: Thu Mar 20, 2014 1:52 pm

Re: Error No data found

Post by sput »

You are the BEST jolson! This fixed the issue for me :)

Thank you so much!
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: Error No data found

Post by tmcdonald »

Great to hear!

We'll leave this open for mgallamore to test and respond.
Former Nagios employee
Top
mgallamore
Posts: 3
Joined: Thu Mar 12, 2015 1:34 pm

Re: Error No data found

Post by mgallamore »

Jolson, that did the trick for us as well. got 5 ASA reporting netflow now.

Thanks for the help.
Top
tmcdonald
Posts: 9117
Joined: Mon Sep 23, 2013 8:40 am

Re: Error No data found

Post by tmcdonald »

I'll be closing this thread now, but feel free to open another if you need anything in the future!
Former Nagios employee
Top

Return to “Nagios Network Analyzer”