No Data Available

This support forum board is for support questions relating to Nagios Network Analyzer, our network traffic and bandwidth analysis solution.
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent

Re: No Data Available

Post by WillemDH »

Scott,

Your patch seems to now show the correct flow type, but the flow type is still not editable after it has been created, although it is no longer greyed out.

I'm still not able to display data for a Windows Server.

I have created two test sources:

srv2012test_6344 which accepts sflows on port 6344
srv2012test_6345 which accepts sflows on port 6345

On the srv2012test server I have installed https://github.com/sflow/host-sflow which sends the sflows to port 6344. I can see the flow coming in, but no data is showing in the NNA gui:

Code: Select all

tcpdump src 10.54.26.13 and port 6344                                                                                                                  [15-12-01 11:31:27]
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:45:47.161449 IP srv2012test.59245 > nnaserver.6344: UDP, length 416
11:45:52.255300 IP srv2012test.59245 > nnaserver.6344: UDP, length 416
11:45:57.146003 IP srv2012test.59245 > nnaserver.6344: UDP, length 416
I also have installed FlowTracq Exporter and configured it to send sflows to 6345. I can also see the flows coming in with tcpdump, but also no data is showing..

Code: Select all

tcpdump src 10.54.26.13 and port 6345                                                                                                                  [15-12-01 11:47:07]
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:47:15.037371 IP srv2012test.54668 > nnaserver.6345: UDP, length 1376
11:48:12.917716 IP srv2012test.54668 > nnaserver.6345: UDP, length 1324
Please advise how to continue troubleshoot this.
You do not have the required permissions to view the files attached to this post.
Nagios XI 5.8.1
https://outsideit.net
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: No Data Available

Post by ssax »

Run this command:

Code: Select all

tcpdump -ni eth0 -s0 -w /tmp/capture.pcap dst port 6344
Then PM the /tmp/capture.pcap file so that we can open it up in Wireshark and do Analyze > Decode As > sFlow to see what data is being sent.

Thank you
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent

Re: No Data Available

Post by WillemDH »

Pm'd you the file. Let me know if you need anything else. I tried decode as sflow as you suggested, but i'm not seeing any option to decode as sflow in Wireshark. Check my screenshot..
You do not have the required permissions to view the files attached to this post.
Nagios XI 5.8.1
https://outsideit.net
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: No Data Available

Post by ssax »

The host sflow is not working for me either, nprobe works with netflow, I'll have to dig into it.

Is sFlow working for you in any other source?
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent

Re: No Data Available

Post by WillemDH »

Sean,

I'll be honest with you. We haven't used the NNA. Our network team doesn't want to use it untill two of their feature requests are implemented (Scott knows about this) which we were told would be done before the end of the summer..

- Allow us to send all flows to one port (as the source ip is in the flow, this should be possible) it's a configuration nightmare to make every device send to a separate port.
- Support for VLANS

Some test switches are sending sflow to NNA default port 4343 and I do see some graphs there.

Grtz

Willem
Nagios XI 5.8.1
https://outsideit.net
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: No Data Available

Post by ssax »

Would you be able to grab me a packet capture file and PM it to me for one of the working sflow switches so that I can compare the data?

I'm not sure why you're not able to see it in wireshark, here's what mine looks like:
wireshark_decode_as.png
You do not have the required permissions to view the files attached to this post.
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent

Re: No Data Available

Post by WillemDH »

Sean,

I know why I can't decode. I'm able to decode on my home workstation where I'm using version 1.12.8. At work I downloaded the latest version which is 2.x. Apparently the latest version does not support decoding sflows. I'll see if I can give you the capture of the working sflows tomorrow.

Thanks and grtz.

Willem
Nagios XI 5.8.1
https://outsideit.net
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: No Data Available

Post by ssax »

Ah, good catch, I'll keep an eye out.
Top
User avatar
WillemDH
Posts: 2320
Joined: Wed Mar 20, 2013 5:49 am
Location: Ghent

Re: No Data Available

Post by WillemDH »

Sent you a pm with the capture of 4343.
Nagios XI 5.8.1
https://outsideit.net
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: No Data Available

Post by ssax »

Received, it looks like it's not sending valid sflow data, I think it might be an issue with the host sflow agent. Unfortunately, I'm having a hard time finding Windows sFlow agent alternatives, the nprobe agent works but that's netflow.

I'm seeing a lot of "Unknown sample format" in the packets and "Counters sample" but no "Flow sample".

I'm unable to find any real config options that I can set with the host sflow agent.
Top

Return to “Nagios Network Analyzer”