Hi, I'm trying to calculate the bandwidth usage of to/from a specific host (for example 10.1.2.3) behind a FortiGate 100D. To do so, I'm using a Netflow v9 custom sensor on a PRTG (18.3.43.2323 Core ad Probe on same host).
I've configured it with this include filter (exclude filter is empty) :
SourceIP[10.1.2.3] or DestinationIP[10.1.2.3]
It works as expected : Netflow sensor reports traffic to/from 10.1.2.3 and other hosts, except traffic between PRTG and this host.
It's really weird, because when I sniff traffic on the same interface of the FortiGate on which I've enabled Netflow, I can see a bunch of packets to/from PRTG and 10.1.2.3. Furthermore, PRTG's traffic is huge compared to traffic to/from others hosts, so the result from sensor's view is really impacted...
Is this a common behavior of Netflow (exclude traffic to/from collector) ? A misconfiguration ? An issue in PRTG ?
Hello klmj,
Thank you very much for your post.
I assume we'll require some kind of further log files to fully understand what's going on here. This being said, please contact us directly via email to support@paessler.com.
In this contact, please also provide us with a non-cropped or resized screenshot of the sensor's 'Overview', 'Logs' und 'Settings' tab.
Also the result of the sniffer can be helpful to understand the whole situation.
Thank you very much in advance.
Sebastian
Oct, 2018 - Permalink