cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7797
Views
4
Helpful
9
Replies

Netflow and PRTG

ivicav007
Level 1
Level 1

Hi,

I have CISCO ISR 2911 and I am trying to setup netflow monitor but right now I have no luck.

Here is config I am using:

interface GigabitEthernet0/0
 ip flow monitor PRTGmonitor input
interface GigabitEthernet0/0.1
 ip flow monitor PRTGmonitor input
interface GigabitEthernet0/0.2
 ip flow monitor PRTGmonitor input
interface GigabitEthernet0/0.3
 ip flow monitor PRTGmonitor input
interface GigabitEthernet0/0.4
 ip flow monitor PRTGmonitor input
interface GigabitEthernet0/1
 ip flow monitor PRTGmonitor input
interface GigabitEthernet0/2
 ip flow monitor PRTGmonitor input
interface FastEthernet0/0/0
 ip flow monitor PRTGmonitor input
!
!
flow exporter PRTGexport
 destination 172.28.42.15
 source GigabitEthernet0/0
 export-protocol netflow-v9
 output-features
 transport udp 9996
 template data timeout 60
!
!
flow monitor PRTGmonitor
 record netflow ipv4 original-input
 exporter PRTGexport
 cache timeout active 60

I even tried with record template but also no luck:

flow record PRTGrecord
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 collect interface output
 collect counter bytes
 collect counter packets
 
flow monitor PRTGmonitor
 exporter PRTGexport
 cache timeout active 60
 record PRTGrecord

PRTG settings:

What did I do wrong?

9 Replies 9

david_nyring
Level 1
Level 1

hey

i can't 100% say were it its wrong my best gues is that you collect is not taken some information with it and send it...

her is or config that we know is working

interface Vlan900
ip flow monitor netflow input

"ip flow monitor netflow input"
on all the interface you like to get from

flow exporter ethan
destination "ip on prtg probe" vrf "vrf to use to send the data"
source "source interface to send the data"
transport udp 9996

flow record nbar-mon
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last

flow monitor netflow
exporter ethan
cache timeout active 60
record nbar-mon

if it help plz mark it is solved :)

Unfortunately this is not helping. I have no idea why it is not working.

My guess is that there is some problem connected with VLAN but still cannot figure out why.

Hi, ivicav007.

Can you check if device is sending netflow data by "show flow exporter stat"? If it do, then it better to check if traffic is blocked somewhere.

Best Regards.

rasmus.elmholt
Level 7
Level 7

Hi.

Please make sure you have allowed netflow in the PRTG servers firewall, and that the router is able to ping the server.

Otherwise start wireshark on the server and see if the netflow packets are arriving at the server.

Firewall on server is off so it is not issue. But I still do not get any netflow packet from router. I checked netflow if it is sending data and from show flow exporter stat I get this:

Flow Exporter PRTGexport:
    Packet send statistics (last cleared 1w0d ago):
    Successfully sent:         0                     (0 bytes)
    No FIB:                          2                     (228 bytes)

  Client send statistics:
      Client: Flow Monitor PRTGmonitor
      Records added:           0
      Bytes added:               0

I assume there is some problem with flow but I don't understand where.

Hi, ivicav007.

Maybe I'm little late but here is my 2 suggestions:

1. No FIB mean that router don't know where to send packets to destination address of exporter. Could you check routing table for this point?

2. Some time ago I had the same problem when I used a cache at the configuration of flow monitor. So can you check how it will go when you delete "cache timeout active 60" from your flow monitor configuration?

Best Regards.

No it is not late since I still didn't solve issue. Well I initially thought that routing is problem but it is not. Routing table seems fine.

I'll try with removing cache timeout. Meanwhile we ordered some WC3750 so I plan to move VLANs to them and also inter-VLAN routing on L3 switch so I will have somewhat clearer solution here on router itself.  I'll see how it behaves then.

Hi, ivicav007.

Then there is high possibility that it's a problem with cache commands.

And about the swith: search for restrictions. Switches can't generate same types of felexible NetFlow data.

Best Regards.

maestromasada
Level 1
Level 1

I have a similar problem with our 2960X switches, and documented the procedure we followed to get data from them into PRTG by using netflow in this article:

 

https://www.nazaudy.com/index.php/12-technology/cisco/34-enable-netflow-v9-in-cisco-switches-with-prtg

 

Hope it helps!

Thank you