Nagios Support Forum

Hey Everyone, I believe I am having an issue interpreting, correlating data from Network Analyzer, or possibly a bug?

I am having NetFlow sent to my NNA virtual machine, from a cluster of Fortigate 800C's. The data is getting to NNA efficiently as well. I'll just list some questions:

1) When I look at the summary screen of my Firewall, I see the bandwidth graph, picture below (Bandwidth graph). What exactly am I looking at? Per the image, if I highlight a part of the graph is shows me a date/timestamp with Bytes: 1713.1 GB. Is this saying, at this exact time that much data has went over my interface?

2) In a similar sense, if I look at my sources screen it shows the small bar graph to visualize traffic, picture below (Sources). If I highlight the graph it says Traffic 15 Minutes Ago: 6.36 TB; again what is this saying, 15 minutes ago from that time I had 6 Terabytes of data across an interface?

3) In another picture (Apple TV), I did a simple query to see traffic going to one of my Apple TV's in my office. As you can see in the picture is says for a period of less than 24 hours the Apple TV has used almost 6 1/2 TB's of data, then to the bottom left in it says "Total Bytes" is almost 13 TB's. coincidentally this "total" number is exactly double the Bytes resulting in the query. In this same picture it says showing the last 24 hours, however it isn't...Am I reading this incorrectly or is NNA having a problem with Bytes and Bits?

I appreciate any help,


By all means if someone can direct me to another post please do. I have watched many many videos and webinars etc, with no real luck of explaining this to me.

1. The bandwidth graph is updated every 5 minutes so what ever point you are on the graph is the amount of data that was transferred in the last 5 minutes.
2. What that graph is saying, that the 5 minute block, 15 minutes ago, 6.35TB were transferred. It shows 5 minute blocks of transfers for the last 30 minutes for reference.
3. The Time Frame of the last 24 hours from the pull down menu, is the time period the query will run to generate the data. That is that that means. The Bytes (6387.99G) in the top section is telling you the bytes for your Query. The Total Bytes looks like it could be a math error at it is exactly twice the Bytes field. We'll have to look in to that one.

Ok thank you for the reply, most of that makes sense. However, I am going to insist that NNA is confusing Bytes and Bits, or something of the sort... Per the screenshot attached, NNA says there is 7.82GB/sec of data being replicated over my internet pipe to my DR site. I know my pipe is not that large. That would cost like a million bucks lol.

That also says I have thrown 22 TB's over my 100MB pipe in 6 hours....

The top line in your output doesn't look right at all and it could be bits and not bytes. I'll have to see if I can recreate that issue.

tgriep wrote:The top line in your output doesn't look right at all and it could be bits and not bytes. I'll have to see if I can recreate that issue.

I appreciate your help. Please let me know if you need anything from me that might be of assistance.

I did some testing and it does look like it it could be Bits per Second and not Bytes per Second.
I'll have to file a bug fix for this.

Are we only talking about the data speed, or are we talking about the overall amount. Using my previous picture as reference, where the 22069.49G, is that populated from the Bytes/Sec, or is that a separate item? I am only saying that because obviously that amount appears to be in bits and not bytes as well..

That top line on your screen capture could be from an invalid setting in your query causing a false output.
In the test that I ran, it looks like the overall data amounts and the other fields look good except for the Bytes/Sec field, that one looks to be bits/sec.

Ok, if I run the most simple report, *Top 5 Talkers By Source IP* last it still shows 47998.57 GB for the last 24 hours...I know this number to be very incorrect. Aside from my dedicated pipe not being able to pass that much data, I do not even have that much data to throw over the pipe.

All of that being said, 47998.57 Gigabits = 5999.82 Gigabytes, which is, at the very least, more likely, although still not very plausable.

With the numbers being way off, it could be a configuration setting on the device that needs to be changed or that you have multiple devices sending the Flow data to the same source on the NNA server and that is aggregating the data into a much larger value.
Can you post the configuration settings for your devices so we can view it?
Do you have multiple devices sending to the same source on the NNA server?

If so, that is the reason the amount of data is off. The reports and queries in NNA cannot differentiate between the devices and it adds it all together.
The system should be setup for one device - one source and that should get you more accurate data totals.

In my testing, the Bytes field is showing Bytes and not Bits. It is only the Bytes/Sec field in the Query that is wrong, it should be labelled as Bits/Sec.