How do i deal with the spiking that Netflow 9 creates?

Modified on 2025-06-10 12:06:00 +0200

from https://www.paessler.com/knowledgebase/en/topic/1423-how-to-monitor-cisco-asa-firewalls-using-netflow-9-and-prtg :

"If a connection is active for minutes or hours, the ASA sends one NetFlow packet with the total of the connection. This causes peaks in PRTG's graphs. "

I can configure the sensor channel to omit the spikes, but then wouldn't the overall measurement be wrong?

Article Comments

filtering the spikes would make no sense because you would loose data.

Its simply the nature of the ASA Netflow that makes collecting the data difficult.

Netflow on the ASA was never meant to support traffic analysis.

Nov, 2010 - Permalink

Does this apply to ASR's as well? I see the same spiking behavior so I am guessing so.

Nov, 2010 - Permalink

we do not have a ASR for testing, sorry.

such a router is way too over sized for our own network.

Nov, 2010 - Permalink

Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

How do i deal with the spiking that Netflow 9 creates?

Article Comments

Search

Attention

Related Articles