cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3687
Views
0
Helpful
2
Replies

Stealthwatch SMC shows no data on traffic and flow

Support ACME
Level 1
Level 1

Hello, everyone,

are there anyone share the similar symptoms that the SMC can't correctly display traffic and flow data like the screenshots below:

  • SMC version: 7.0
  • FlowCollector version: 7.0

 

no application traffic info.PNGno application traffic info2.PNG

 

Below is the web console of the FlowCollector I used in the lab (30.100.101.21), it does show it have been collecting flows. 

 

no traffic info.PNGno traffic info2.PNG

Below is the Flow config on my 4500X (30.100.101.4):

 

C4500X-32#show flow monitor IPv4_NETFLOW statistics
Cache type: Normal
Cache size: 4096
Current entries: 22
High Watermark: 4096

Flows added: 2962016
Flows aged: 2961994
- Active timeout ( 60 secs) 93103
- Inactive timeout ( 15 secs) 2065861
- Event aged 0
- Watermark aged 293690
- Emergency aged 509340


C4500X-32#show flow exporter
Flow Exporter NETFLOW_TO_SW_FC:
Description: Export NetFlow to SW FC
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: 30.100.101.21
Source IP address: 30.100.101.4
Source Interface: Vlan3101
Transport Protocol: UDP
Destination Port: 2055
Source Port: 55232
DSCP: 0x0
TTL: 255
Output Features: Not Used

 

C4500X-32#show flow monitor
Flow Monitor IPv4_NETFLOW:
Description: User defined
Flow Record: SW_FLOW_RECORD
Flow Exporter: NETFLOW_TO_SW_FC
Cache:
Type: normal
Status: allocated
Size: 4096 entries / 311316 bytes
Inactive Timeout: 15 secs
Active Timeout: 60 secs
Update Timeout: 1800 secs
Synchronized Timeout: 600 secs

 

C4500X-32#show flow record
flow record SW_FLOW_RECORD:
Description: NetFlow record format to send to SW
No. of users: 1
Total field space: 48 bytes
Fields:
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect ipv4 dscp
collect transport tcp flags
collect interface input
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last

 

The lab has been running for few weeks and I still can't see the traffic and flow graphs. Please help.

Thanks.

1 Accepted Solution

Accepted Solutions

Yes, thanks for replying. I should have mentioned my lab setup.

The SMC is centrally managing a FlowCollector and a FlowSensor within a private network. All of them are hosting in a server using VMware. The 4500-X is sending NetFlow to the FlowCollector and I am also using SPAN in a 2960-X to send NetFlow to the FlowSensor. 

 

But I got them working now. I just tried aligning all VMware virtual adapters of VMs to use VMXNET3, and reboot. Boo, the graphs are suddenly showing something now.

 

 

 

 

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Is the flow collector registered to your SMC?

Yes, thanks for replying. I should have mentioned my lab setup.

The SMC is centrally managing a FlowCollector and a FlowSensor within a private network. All of them are hosting in a server using VMware. The 4500-X is sending NetFlow to the FlowCollector and I am also using SPAN in a 2960-X to send NetFlow to the FlowSensor. 

 

But I got them working now. I just tried aligning all VMware virtual adapters of VMs to use VMXNET3, and reboot. Boo, the graphs are suddenly showing something now.

 

 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: