Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
0
Replies

Stealthwatch - Subject/Peer MAC address issue

LevanB
Level 1
Level 1

‎04-06-2021 05:42 AM - edited ‎04-06-2021 05:44 AM

Hello

I have such kind of problem with stealthwatch.

I Configured flexible netflow on Cisco cisco WS-C3850  Version 16.3.8 

I added 2 lines in flow record config

 

#match datalink mac source address input

#match datalink mac destination address input

 

Cisco output:

#show flow monitor TEST_IN cache

        DATALINK MAC SOURCE ADDRESS INPUT:    ****.**3F.405E
        DATALINK MAC DESTINATION ADDRESS INPUT:    ****.**06.99D8

 

Everything is ok I see Subject and Peer MAC addresses on a L3 Switch netflow cache.

Also I run packet capture on Stealthwatch Collector and everything fine information about MAC addresses comes to StealthWatch collector.

stealthwatch packet capture.JPG

but Stealthwatch Cannot display any MAC addresses when I filter flows, not in web and not in management console

stealthwatch.JPG

 

(FlexNetflow is activated on Vlan interface)

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents