Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
1
Helpful
2
Replies

flow collector longest export exceeded

dijix1990
VIP
VIP

‎03-25-2024 10:00 PM

What does it mean? - flow collector longest export exceeded

I have some allarms like that for my devices, maybe I need to increase intervals for monitor or exporter?

1 person had this problem
0 Helpful
2 Replies 2

rocedar
Cisco Employee
Cisco Employee

‎03-26-2024 06:18 AM

In Cisco StealthWatch (or what we now call Secure Network Analytics - SNA), the message "flow collector longest export exceeded" indicates an issue with the flow collector's ability to process and export network flow data in a timely manner. Cisco SNA uses flow collectors to aggregate, analyze, and export flow data, such as NetFlow, sFlow, or IPFIX, which is sent by network devices like routers and switches.
When the system detects that the time taken to export the aggregated flow data has exceeded a predefined threshold, this message is generated. This could be due to various reasons, such as:
1. High volume of network traffic, leading to an overwhelming amount of flow data to be processed.
2. Performance issues with the flow collector itself, possibly due to hardware limitations or other resource constraints.
3. Network latency or connectivity issues affecting the timely export of data.
4. Misconfiguration or inefficiencies in the flow export settings.
To address this issue, consider the following steps:
1. Review the current load and performance of the flow collector to ensure it's not being overloaded.
2. Check network connectivity and latency to ensure there are no bottlenecks affecting data export.
3. Assess the configuration settings for flow export intervals and adjust them if necessary to handle the volume of data more effectively.
4. Consider scaling up resources for the flow collector if it's consistently hitting performance limits.
5. If the problem persists, contact Cisco support for further assistance in troubleshooting the issue.
It is important to resolve this issue promptly, as delays in flow data export can impact the accuracy and timeliness of network monitoring and threat detection in SNA.

JesusAngel
Level 1
Level 1

‎06-23-2024 12:48 PM

Hello,

I encountered the same "flow collector longest export exceeded" alarm in Stealthwatch. Long duration exporters can potentially cause performance issues and inhibit effective network visibility.

My configuration for NetFlow monitoring appears to be correct and aligns with the recommended practices outlined in the Cisco NetFlow Configuration Guide. Here's a summary of my configuration:

 

flow monitor IPv4_NetFlow
 export exporter NetFlow_TO_SW_FC
 cache timeout active 60
 record SW_FLOW_RECORD

flow monitor IPv4_NetFlow_OUTPUT
 export exporter NetFlow_TO_SW_FC
 cache timeout active 60
 record SW_FLOW_RECORD_OUTPUT

 

 

Despite the correct configuration, I am still seeing alarms related to "flow collector longest export exceeded. The hardware is designed to support up to 120.000 Flows per Second and I have around 50.000 FPS on a daily basis.

Best regards,

Jesús Ángel.

0 Helpful
Customers Also Viewed These Support Documents