Ok! So, ive added netflow logging to prtg. Very cool. While looking at it, im noticing that there is a lot of "other" traffic. During my troubleshooting and searches of the PRTG knowledge base I found that I need to turn on "Log Stream Data to Disk (for debugging) and choose "Only for the 'Other' channel". This log data should appear in
C:\ProgramData\Paessler\PRTG Network Monitor\StreamLog\Streams Sensor 3677 (1).csv
Problem is, it never dumps the info there. I get an empty .csv file with just the following:
Now,FromDateTime,ToDateTime,EthernetType,Protocol,SourceIP,SourcePort,SourceMAC,DestinationIP,DestinationPort,DestinationMAC,Size,ChannelID,ToS,SenderIP,InboundInterface,OutboundInterface,SourceASI,DestinationASI,SourceMask,DestinationMask,NextHop,SourceVLAN,DestinationVLAN
Any idea whats going wrong?
Article Comments
Hi! Thank you for your reply.
1) Yes this netflow sensor is setup on the local probe and the path is local to that computer. I have 3 netflow sensors running the "other channel" debugging and all are all empty
C:\ProgramData\Paessler\PRTG Network Monitor\StreamLog\Streams Sensor 3677 (1).csv C:\ProgramData\Paessler\PRTG Network Monitor\StreamLog\Streams Sensor 3684 (1).csv C:\ProgramData\Paessler\PRTG Network Monitor\StreamLog\Streams Sensor 3687 (1).csv
2) I have already tried to log all data and all 3 sensors and they did start to log successfully. Only when I choose "other" does it not log.
3) I have tried to both pausing and unpausing the sensor and restarting the core service to see if it starts any kind of logging while the "other channel" was selected. It did not begin logging at all.
Mar, 2014 - Permalink
Any other suggestions on how to get "other" logging working? Better yet, do you guys have a bunch of channel configs that I can just add on without bothering with "other"? Are they compiled somewhere on this site?
thanks!
Mar, 2014 - Permalink
You can see the channels that are available here and here but it looks like this may be a bug. I'll let you know what I find out today from the developers.
Mar, 2014 - Permalink
Just to confirm, are you seeing traffic in the other channel in the graph and table or only in the toplists?
Mar, 2014 - Permalink
Hi, not sure why my post answering yours never popped up.... I will try again.
When I asked for a channel list, I was hoping you guys would have a nice little cheat sheet with a list of channels i can choose from that i can just cut and paste into the program to easily add channels.....
To confirm: yes, when I turn on "other" logging, the logs are empty. When I turn on "all" logging, the csv files start to fill up. Can you confirm you're seeing the same on your side? I do in fact see traffic on the other channel in the graph, the table, and the toplists. This is how i knew that the "other" traffic existed since its such a large chunk of what I'm seeing.
Apr, 2014 - Permalink
Could you please send over some screenshots to support@paessler.com. If your "Other" logging isn't working, then this will be easier to troubleshoot through the normal ticket system.
Also, please try and create a new Custom Netflow sensor without any channels and turn on the other logging and see if that works. Please let me know the result in the email with the screenshots.
Apr, 2014 - Permalink
Is this Netflow sensor set up on the local probe whose logs you are looking at or a remote probe? You would have to look in the log files on whichever probe you have this sensor set up.
Also, you may want to try and log all data and not just the other to see if that works.
Lastly, you may want to try pausing and un-pausing the sensor or restarting the core service to see if it starts writing to the logs then.
Mar, 2014 - Permalink