Netflow not showing data

Hello,

please check with our Netlfow Tester if there are really Netflow Packets arriving on the PRTG machine? Please also (for a test) completely disable the firewall.

best Regards.

I have a similar problem. How should the NetFlow Tester output be interpreted?

With PRTG running, NetFlow Tester cannot bind. When I pause the PRTG NetFlow sensor, the Tester correctly binds and collects data. (This should prove there is no A/V or firewall issue.)

The Tester shows NF9 packets received from the correct IP. I get 4 "unassigned flows" in the 2nd window (ID 263, 256, 260, 261) with ever-increasing counts. Nothing in the "Templates" window, and nothing in the "Decoded Flows" region.

Clearly, the NF9 packets are being received by the local host. But ever since we rebooted the router 2 nights ago, PRTG has claimed to see "no data".

What next?

Dear Bill, it seems in your case the Netflow9 templates are not sent or sent frequently enough. These are necessary to decode the Netflow9 packages, and if there are no templates received by the tester (or PRTG) it can't decodes the packages to any proper traffic information. Please check the template-"frequency" on the Netflow-exporting device.

Hi, I am facing a similar issue. I am seeing the correct exporter IP, with a single template, 256, and decoded flows in the Netflow tester. But the PRTG monitor says no data since startup. I am able to successfully see netflow data from my cisco router. But IPFIX from my Nortel ERS 8600, on port 9995 is not displaying correctly. Appreciate any help. Thanks.

What are the results in the Netflow Tester for the Netflow Data from the Nortel device? It may very well be, that it does not fully comply with the Netflow Standard expected by PRTG.

Hi, Sorry for the late reply, but the Netflow Tester shows

Port 9995     Local IP: 10.0.0.43
NF9/IPFIX Src IP:                          Unassigned Flows:                  Decoded Flows 
10.0.0.XXX:377870 (changing)              blank                               ID: 256 - (lot of data, continuously streaming in)

Love the product. Would be great if I could get it to work with our Nortel equipment. Thanks.

Please share a screenshot showing a snapshot the incoming data in the Netflow Tester.

Hello Mathew,
thank you for the screenshots.

Please confirm, which exact version number of PRTG are you currently running? We recently had an issue with Netflow sensors, in this case please make sure that your version number is 16.1.22.265X. You can update using the Auto-Update feature.

Please also check what Active Flow Timeout was defined on your exporting device, try setting it higher in PRTG (5, 10 minutes) and wait (at least the duration of the active flow timeout) to check whenever your sensor begins to display any data.

Best Regards,

Hi, My currently installed version is 15.4.21.5481 . I am running the auto update now.

Hi, I've updated the version to 16.1.22.1931. But the issue still persists. I have set the active flow timeout on the switch to 5 and on the PRTG monitor to 10. The netflow tester still gives the same results as the screenshot in the previous post.

Hi,
I assume you are using filter rules? Unfortunately the bug fix mentioned above has been delayed to version 16.x.23 so it should work again with this release. In the meantime you only can remove any filter rules from the sensor. Does it work then?

hi, I don't think I am using an filter rules, how can I confirm this, and where can I find these rules? I am using the free version, which can monitor 100 sensors. Thanks again.

Hi,
Filter Rules can be found on tab Settings of the sensor. Under FILTER RULES you can find to fields Include and Exclude Filters. Please make sure those are empty.

Hi, Yes, that is empty.

Hi,
please forward us the probe state files to [email protected]. Please refer to this thread when doing so.
Best regards

Hi, As per your suggestion, I've changed the sensor to netflow v9, instead of IPFIX, and I can now see the data and graph. Thank you for the excellent support. Appreciate the time and help. Thank you very much.

Hi, I am facing the same issue, I am using the netflow 9 sensor, with PRTG 16.3.25.5488.

I have no filters enabled, and I tried very different Active Flow Timeouts, even 60.

I have tried the NF9Test and it shows data:

ID:256 - 10.51.16.73:51306->10.51.20.5:161 P:17 IF/OF:0/0 7:36:18 AM 0
ID:256 - 10.51.16.73:51374->10.51.20.5:161 P:17 IF/OF:0/0 7:36:18 AM 0
ID:256 - 10.51.16.73:51442->10.51.20.5:161 P:17 IF/OF:0/0 7:36:28 AM 0
ID:256 - 10.51.16.73:51522->10.51.20.5:161 P:17 IF/OF:0/0 7:36:28 AM 0
ID:256 - 10.51.16.73:51673->10.51.20.5:161 P:17 IF/OF:0/0 7:36:38 AM 0
ID:256 - 10.51.16.73:51596->10.51.20.5:161 P:17 IF/OF:0/0 7:36:38 AM 0
ID:256 - 10.51.16.73:51765->10.51.20.5:161 P:17 IF/OF:0/0 7:36:48 AM 0
ID:256 - 10.51.16.73:51837->10.51.20.5:161 P:17 IF/OF:0/0 7:36:48 AM 0
ID:256 - 10.51.16.73:51920->10.51.20.5:161 P:17 IF/OF:0/0 7:36:58 AM 0
ID:256 - 10.51.16.73:51998->10.51.20.5:161 P:17 IF/OF:0/0 7:36:58 AM 0
ID:256 - 10.51.16.73:52066->10.51.20.5:161 P:17 IF/OF:0/0 7:37:08 AM 0
ID:256 - 10.51.16.73:52132->10.51.20.5:161 P:17 IF/OF:0/0 7:37:08 AM 0
ID:256 - 10.51.16.73:0->10.51.20.5:0 P:1 IF/OF:0/0 7:37:08 AM 0

But the sensor is no showing any data yet.

I would appreciate any help, thank you very much!

Hi marcoscasado,

Please save the templates and the decoded flows in the tester and us those. Furthermore a screenshot from the sensor's "Settings" and "Overview" tab and if possible the Netflow configuration of the sending device.

Send to:

• [email protected]
• Use PAE748985 in the email's subject so it stays connected so it gets to me directly.

Thank you & kind regards.

Hi, I met the same problem. I have a CISCO ASA which is configured to sent net-flow v9 to a remote Probe ( using UDP port 9996). On the remote Probe, I use Netflow 9 Tester and received the data from the cisco ASA: NF9/IPFIX Packets Received: 10.x.x.x-active, Templates received (ID): 256,257,258........,268. But on the Sensor, the graphic can not be displayed, it show: No data yet. Please help me to fix this problem?

Hi doquocuy285,

Please save the templates and the decoded flows in the tester and send us those. Furthermore a screenshot from the sensor's "Settings" and "Overview" tab and if possible the Netflow configuration of the sending device.

Send to:

• [email protected]
• Put Case PAE774902 in the email's subject so it gets to me directly.

Kind regards,

Erhard

Hi, I’m trying to get data out a Cisco 890 ISR configured for zone-based firewall. I got the latest RPTG (18.2.39.1661) and no rule configured on the Netflow V9 sensor.

Netflow tester can decode flow from the template ID 261 while the sensor is desperately reporting no data so, any help would be appreciated.

JC, thank you for the KB-Post. Please share screenshots showing the full Settings of the Netflow Sensor in PRTG, and also a screenshot showing the results in the Netflow Tester. Thank you!

Torsten Lindner, where shall I put them? Regards.

Torsten Lindner, the router is in bridge mode so it might be a dead end.

You can either upload the screenshot to any image share service and then link them here, or send them via email to [email protected] with a reference to this KB thread.

Screenshots have been sent. I made some tests and get rid of the bridge mode with no more luck. I also tried flexible netflow that was working fine, but can’t be used in bridge mode. I surely missed something…

Hi Passler support .

im joining the issue same as the other complains . running IPFIX from MX-80 Router , under Netflow 9 / IPFIX Tester i see the Packet recived from my Router Unassing flows are counting and Tamplate ID is 256 but on the PRTG under IPFIX or Netflow v9 sensors i donot recived nothing .

will appriciate your assitent .

Hello, please send us some screenshots showing the "Settings" and the "Log"-tab of the Sensor in PRTG, and also a screenshot showing the results of the Netflow Tester, so we can take a closer look. Please send the files to [email protected] with a reference to this KB thread. Thank you!