What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

net flow sensor to match all ip traffic

Votes:

0

hi support .

i have cisco ASR 1002
i created a net flow config to match all the ip traffic as below :

=======

flow exporter me_nfa_analyzer
destination 66.12.64.29
transport udp 9996

flow record ALL
match transport tcp destination-port
match transport tcp source-port
match transport udp destination-port
match transport udp source-port
match ipv4 destination address
match ipv4 source address
collect counter bytes collect counter packets

================

flow monitor ALL
record ALL
exporter me_nfa_analyzer
cache timeout active 60

int port channel 2
ip flow monitor ALL input

======

from settings above i guess I'm matching all TCP & UDP .
but in reality i see thee is about 300Mbps difference when i see the result from net flow & SNMP.

snmp is more accurate and has value more than 200-300 from the value i see from the net flow .

is there something i need to check ?

is my rules above match all the ip traffic ?

thanks

on PRTG choose Version .

asr-1002 cisco netflow

Created on Feb 20, 2017 7:37:08 AM

Last change on Feb 20, 2017 11:39:12 AM by Sven Roggenhofer [Paessler Technical Support]



5 Replies

Votes:

0

Dear drvirus,

Thank you for your KB-post.

Kindly note, that we cannot support you in configuring your device nor check if the configuration of your device is correct, I´m afraid.

However, comparing the results of different monitoring protocols is always tricky. The current speed values should not be compared (especially not spikes or peaks), they can differ too much alone due to the active flow timeout.

Furthermore, please bear in mind that SNMP also accounts the Netflow packets, which Netflow itself does not, it only tells you about the actual 'payload'.

However, if you compare the volumes, for at least full hours or even full days, the volumes should be very similar between SNMP & Netflow. So could you please compare the volumes for one hour? Are they similar?

Best regards,
Sven

Created on Feb 20, 2017 11:42:56 AM by Sven Roggenhofer [Paessler Technical Support]



Votes:

0

i did compare . the result is not same in total volumes in SNMP its more than Netflow !!

Created on Feb 20, 2017 12:24:44 PM



Votes:

0

Dear drvirus,

Please open a new support ticket for this issue (using TicketID PAE828544) and forward us screenshots of the NetFlow and SNMP Sensor on which you are referring to. We need the tabs "Overview", "Log", "Settings" and "Live Data" from both sensors.

Additionally, please set the "Active Flow Timeout" in the sensor setting to be one minute larger than the one used on the device (for more information please see this article).

Best regards,
Sven

Created on Feb 20, 2017 1:15:55 PM by Sven Roggenhofer [Paessler Technical Support]



Votes:

0

ok i will check that tonight and let you know

but i have more question now

say i want to monitor for 3 subnets as below : IP[x.x.65.0/24] IP[y.y.108.0/24] IP[z.z.111.0/24]

i tried to add them line by line , but PRTG didnt accept it.

if i add 1 line as ==> IP[x.x.65.0/24] it accept it !!

but again i need to monitor like 3 subnets as above , how can i add 3 subnets in filter ?

thanks

Created on Feb 20, 2017 7:46:39 PM



Votes:

0

Dear drvirus,

Please use logical operators to combine your 3 subnets.
For instance:

  • IP[x.x.65.0/24] and IP[y.y.108.0/24] and IP[z.z.111.0/24]
  • IP[x.x.65.0/24] and (IP[y.y.108.0/24] or IP[z.z.111.0/24])
  • IP[x.x.65.0/24] or IP[y.y.108.0/24] or IP[z.z.111.0/24]

Best regards,
Sven

Created on Feb 21, 2017 1:12:06 PM by Sven Roggenhofer [Paessler Technical Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.