Manageengine's Netflow Analyzer not working - Help requested

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
ddwrt610
DD-WRT Novice


Joined: 01 Jun 2010
Posts: 15

PostPosted: Sat Jun 12, 2010 6:09    Post subject: Manageengine's Netflow Analyzer not working - Help requested Reply with quote
I’ve been having some issues trying to get Manageengine’s Netflow Analyzer (http://www.manageengine.com/products/netflow/download-free.html) working. I’m trying to get a full picture of traffic on my network. Currently we have 4 laptops, two hardwired machines and a couple of smartphones using the network, and we seem to be blowing through the monthly cap without any obvious causes such as large video downloads etc. I’m trying to monitor the traffic by local IP, destination and protocol to see who and what is using up all the bandwidth. Netflow Analyzer seemed to be the perfect tool based on its capabilities, and I have seen it recommended by some people on here, but I don’t seem to be able to get it working properly.

System is a Linksys WRT610n v2 running DD-WRT 24-sp2 (12/28/09) std-usb-ftp (SVN revision 13527), which is the recommended build. Netflow Analyzer is installed on a WinXP SP3 machine. All local units have fixed IP’s assigned and MAC addresses are assigned a user name and the appropriate IP as static leases.

When I first installed it the analyzer recognized traffic, but only on an interface of “lo” and only for incoming traffic. I couldn’t get it to recognize any other interface, and the incoming traffic was about 10-20% of the total displayed in the DD-WRT WAN traffic.

I tried changing some parameters and now I can’t get any flows registered at all, although SNMP is working because it picks up the name of the router.

I have turned on the RFlow and MacUpd options, reporting on the “LAN&WLAN” interface (tried WAN also – but no flows there either). I have SNMP , traff and Syslog turned on and logging enabled. I did try WallWatcher before the Netflow Analyzer but, although it seemed to log all the transactions it didn't properly accumulate or assign bandwidth.

I don’t know what I did to break Netflow Analyzer and why before it broke the traffic counters were so far out of whack from the traff counter. Also I don’t know why I can’t get it to read the “br0” interface when others seem to be able to do so. I read all the posts I could find on it and there were some on only the “lo” interface being available but that was over a year ago and I haven’t seen anything on it since.

Could I pick the brains of someone who has Netflow Analyzer working properly and ask for your settings? Thanks.

_________________
Linksys WRT610n v2 - Firmware: DD-WRT v3.0-r33006 mega (08/03/17)
Sponsor
dellsweig
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1476
Location: New York, USA

PostPosted: Sat Jun 12, 2010 18:27    Post subject: Re: Manageengine's Netflow Analyzer not working - Help reque Reply with quote
ddwrt610 wrote:
I’ve been having some issues trying to get Manageengine’s Netflow Analyzer (http://www.manageengine.com/products/netflow/download-free.html) working. I’m trying to get a full picture of traffic on my network. Currently we have 4 laptops, two hardwired machines and a couple of smartphones using the network, and we seem to be blowing through the monthly cap without any obvious causes such as large video downloads etc. I’m trying to monitor the traffic by local IP, destination and protocol to see who and what is using up all the bandwidth. Netflow Analyzer seemed to be the perfect tool based on its capabilities, and I have seen it recommended by some people on here, but I don’t seem to be able to get it working properly.

System is a Linksys WRT610n v2 running DD-WRT 24-sp2 (12/28/09) std-usb-ftp (SVN revision 13527), which is the recommended build. Netflow Analyzer is installed on a WinXP SP3 machine. All local units have fixed IP’s assigned and MAC addresses are assigned a user name and the appropriate IP as static leases.

When I first installed it the analyzer recognized traffic, but only on an interface of “lo” and only for incoming traffic. I couldn’t get it to recognize any other interface, and the incoming traffic was about 10-20% of the total displayed in the DD-WRT WAN traffic.

I tried changing some parameters and now I can’t get any flows registered at all, although SNMP is working because it picks up the name of the router.

I have turned on the RFlow and MacUpd options, reporting on the “LAN&WLAN” interface (tried WAN also – but no flows there either). I have SNMP , traff and Syslog turned on and logging enabled. I did try WallWatcher before the Netflow Analyzer but, although it seemed to log all the transactions it didn't properly accumulate or assign bandwidth.

I don’t know what I did to break Netflow Analyzer and why before it broke the traffic counters were so far out of whack from the traff counter. Also I don’t know why I can’t get it to read the “br0” interface when others seem to be able to do so. I read all the posts I could find on it and there were some on only the “lo” interface being available but that was over a year ago and I haven’t seen anything on it since.

Could I pick the brains of someone who has Netflow Analyzer working properly and ask for your settings? Thanks.


The lo channel is the loopback and refelcts all traffic on the WAN. You wont see local traffic (LAN to LAN) as no flows are generated - that is switched traffic.

You have to define each IP group - be it a single IP or a range in the Managengine tool. Once that is done you will start to see decodes.

Finally be sure you open the port you are using on your PC firewall.

Note - you will find the in and out traffic is reversed from the client perspective - I have a ticket open in TRAK (1515) on this



ScreenHunter_01 Jun. 12 14.24.jpg
 Description:
 Filesize:  87.52 KB
 Viewed:  12037 Time(s)

ScreenHunter_01 Jun. 12 14.24.jpg



ScreenHunter_01 Jun. 12 14.25.jpg
 Description:
 Filesize:  141.2 KB
 Viewed:  12033 Time(s)

ScreenHunter_01 Jun. 12 14.25.jpg


jakewilson
DD-WRT Novice


Joined: 14 Jun 2010
Posts: 1

PostPosted: Mon Jun 14, 2010 1:49    Post subject: Scrutinizer Vs. ManageEngine NFA Reply with quote
Hello,

ManageEngine makes a good product for NetFlow. Please consider Scrutinier for NetFlow Analysis as well. I is largely a free product with much better filtering and reporting.

Thanks,
ddwrt610
DD-WRT Novice


Joined: 01 Jun 2010
Posts: 15

PostPosted: Mon Jun 14, 2010 2:02    Post subject: Reply with quote
Thanks, dellsweig. That's given me a lot to work with. I've started some of the requirements you posted and I am starting to see flows recorded. I'm not sure if it will work out perfectly first time round, the volume totals still seem to be low compared to traff and I seem to be getting some wierd addresses in some of the conversations, but I'll work my way through them and maybe come back for a little more of your expertise.

Thanks, much appreciated.

_________________
Linksys WRT610n v2 - Firmware: DD-WRT v3.0-r33006 mega (08/03/17)
eric512
DD-WRT Novice


Joined: 19 Jun 2010
Posts: 16

PostPosted: Fri Jul 02, 2010 22:33    Post subject: Reply with quote
I'm also struggling to get ManageEngine working. I have the IP group defined, but not seeing any traffic.

I think the problem is my main overview screen says "No Router assigned."[img][/img]



Capture.JPG
 Description:
 Filesize:  69.13 KB
 Viewed:  11838 Time(s)

Capture.JPG


eric512
DD-WRT Novice


Joined: 19 Jun 2010
Posts: 16

PostPosted: Fri Jul 02, 2010 22:34    Post subject: Reply with quote
And no flow either. But Rflow Collector does see it.


Capture2.JPG
 Description:
 Filesize:  47.02 KB
 Viewed:  11836 Time(s)

Capture2.JPG


Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum