Posted: Sat Jun 12, 2010 6:09 Post subject: Manageengine's Netflow Analyzer not working - Help requested
I’ve been having some issues trying to get Manageengine’s Netflow Analyzer (http://www.manageengine.com/products/netflow/download-free.html) working. I’m trying to get a full picture of traffic on my network. Currently we have 4 laptops, two hardwired machines and a couple of smartphones using the network, and we seem to be blowing through the monthly cap without any obvious causes such as large video downloads etc. I’m trying to monitor the traffic by local IP, destination and protocol to see who and what is using up all the bandwidth. Netflow Analyzer seemed to be the perfect tool based on its capabilities, and I have seen it recommended by some people on here, but I don’t seem to be able to get it working properly.
System is a Linksys WRT610n v2 running DD-WRT 24-sp2 (12/28/09) std-usb-ftp (SVN revision 13527), which is the recommended build. Netflow Analyzer is installed on a WinXP SP3 machine. All local units have fixed IP’s assigned and MAC addresses are assigned a user name and the appropriate IP as static leases.
When I first installed it the analyzer recognized traffic, but only on an interface of “lo” and only for incoming traffic. I couldn’t get it to recognize any other interface, and the incoming traffic was about 10-20% of the total displayed in the DD-WRT WAN traffic.
I tried changing some parameters and now I can’t get any flows registered at all, although SNMP is working because it picks up the name of the router.
I have turned on the RFlow and MacUpd options, reporting on the “LAN&WLAN” interface (tried WAN also – but no flows there either). I have SNMP , traff and Syslog turned on and logging enabled. I did try WallWatcher before the Netflow Analyzer but, although it seemed to log all the transactions it didn't properly accumulate or assign bandwidth.
I don’t know what I did to break Netflow Analyzer and why before it broke the traffic counters were so far out of whack from the traff counter. Also I don’t know why I can’t get it to read the “br0” interface when others seem to be able to do so. I read all the posts I could find on it and there were some on only the “lo” interface being available but that was over a year ago and I haven’t seen anything on it since.
Could I pick the brains of someone who has Netflow Analyzer working properly and ask for your settings? Thanks. _________________ Linksys WRT610n v2 - Firmware: DD-WRT v3.0-r33006 mega (08/03/17)
Joined: 07 Jun 2006 Posts: 1476 Location: New York, USA
Posted: Sat Jun 12, 2010 18:27 Post subject: Re: Manageengine's Netflow Analyzer not working - Help reque
ddwrt610 wrote:
I’ve been having some issues trying to get Manageengine’s Netflow Analyzer (http://www.manageengine.com/products/netflow/download-free.html) working. I’m trying to get a full picture of traffic on my network. Currently we have 4 laptops, two hardwired machines and a couple of smartphones using the network, and we seem to be blowing through the monthly cap without any obvious causes such as large video downloads etc. I’m trying to monitor the traffic by local IP, destination and protocol to see who and what is using up all the bandwidth. Netflow Analyzer seemed to be the perfect tool based on its capabilities, and I have seen it recommended by some people on here, but I don’t seem to be able to get it working properly.
System is a Linksys WRT610n v2 running DD-WRT 24-sp2 (12/28/09) std-usb-ftp (SVN revision 13527), which is the recommended build. Netflow Analyzer is installed on a WinXP SP3 machine. All local units have fixed IP’s assigned and MAC addresses are assigned a user name and the appropriate IP as static leases.
When I first installed it the analyzer recognized traffic, but only on an interface of “lo” and only for incoming traffic. I couldn’t get it to recognize any other interface, and the incoming traffic was about 10-20% of the total displayed in the DD-WRT WAN traffic.
I tried changing some parameters and now I can’t get any flows registered at all, although SNMP is working because it picks up the name of the router.
I have turned on the RFlow and MacUpd options, reporting on the “LAN&WLAN” interface (tried WAN also – but no flows there either). I have SNMP , traff and Syslog turned on and logging enabled. I did try WallWatcher before the Netflow Analyzer but, although it seemed to log all the transactions it didn't properly accumulate or assign bandwidth.
I don’t know what I did to break Netflow Analyzer and why before it broke the traffic counters were so far out of whack from the traff counter. Also I don’t know why I can’t get it to read the “br0” interface when others seem to be able to do so. I read all the posts I could find on it and there were some on only the “lo” interface being available but that was over a year ago and I haven’t seen anything on it since.
Could I pick the brains of someone who has Netflow Analyzer working properly and ask for your settings? Thanks.
The lo channel is the loopback and refelcts all traffic on the WAN. You wont see local traffic (LAN to LAN) as no flows are generated - that is switched traffic.
You have to define each IP group - be it a single IP or a range in the Managengine tool. Once that is done you will start to see decodes.
Finally be sure you open the port you are using on your PC firewall.
Note - you will find the in and out traffic is reversed from the client perspective - I have a ticket open in TRAK (1515) on this
Posted: Mon Jun 14, 2010 1:49 Post subject: Scrutinizer Vs. ManageEngine NFA
Hello,
ManageEngine makes a good product for NetFlow. Please consider Scrutinier for NetFlow Analysis as well. I is largely a free product with much better filtering and reporting.
Thanks, dellsweig. That's given me a lot to work with. I've started some of the requirements you posted and I am starting to see flows recorded. I'm not sure if it will work out perfectly first time round, the volume totals still seem to be low compared to traff and I seem to be getting some wierd addresses in some of the conversations, but I'll work my way through them and maybe come back for a little more of your expertise.
Thanks, much appreciated. _________________ Linksys WRT610n v2 - Firmware: DD-WRT v3.0-r33006 mega (08/03/17)