NetFlow v9 is not getting data from the source.
##### ROUTER CONFIG #######
Cisco 3945 15.0(1)M2
3945chitosb#sh ip flow export
Flow export v1 is enabled for main cache
Export source and destination details :
VRF ID : Default
Destination(1) 10.255.254.139 (9995)
Version 1 flow records
54038469 flows exported in 2251611 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
!
3945chitosb#ping 10.255.254.139
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.254.139, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
!
interface GigabitEthernet0/0
description
bandwidth 204800
ip address 192.168.101.1 255.255.255.0
ip flow ingress
ip flow egress
load-interval 30
duplex full
speed 1000
!
service-policy output QUEUE-EGRESS-20150909
!
interface GigabitEthernet0/1
description VIDEO LAN
ip address 192.168.100.1 255.255.255.0
ip pim sparse-dense-mode
ip flow ingress
ip flow egress
load-interval 30
duplex full
speed 1000
!
service-policy input TAG-INGRESS
!
interface GigabitEthernet0/2
description HOUSE LAN
ip address 10.1.1.7 255.255.255.0
ip flow ingress
ip flow egress
load-interval 30
duplex full
speed auto
ip flow-cache entries 4000
ip flow-cache timeout inactive 100
ip flow-export destination 10.255.254.139 9995
ip flow-top-talkers
top 20
sort-by bytes
##### FIREWALL CONFIG #######
ASA 5525-X ver 9.2(4)
CHI-ASA1/pri/act# ping 10.255.254.139
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.254.139, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
!
CHI-ASA1/pri/act# sh flow-export counters
destination: inside 10.255.254.139 9995
Statistics:
packets sent 6368
Errors:
block allocation failure 0
invalid interface 0
template send failure 0
no route to collector 0
failed to get lock on block 0
source port allocation failure 0
!
access-list netflow-export extended permit ip any any
!
flow-export destination inside 10.255.254.139 9995
flow-export template timeout-rate 1
flow-export delay flow-create 30
!
class-map netflow-export-class
match access-list netflow-export
!
policy-map global_policy
class netflow-export-class
flow-export event-type all destination 10.255.254.139
!
service-policy global_policy global
Article Comments
The tester throws an error similar to the error initially given in PRTG - Socket could not be bound. Address and port are already in use.
Oct, 2015 - Permalink
You'll have to pause PRTGs sensors before using the tester - sorry, should've mentioned that :)
Oct, 2015 - Permalink
In the NF9/IPFX Packets Received column I get - 10.1.1.2: 35 - inactive (ip)
Nothing in Unassigned Flows.
Templates received (ID) has about 25 numbers listed in the 2XX range.
It auto-detected Netflow 9
There is nothing in the decoded flows box.
There is IP connectivity between collector and devices sending the flows verified both ways. Also this server only has 2 devices sending flows to it.
Oct, 2015 - Permalink
Have you checked if the PRTG actually receives the flows? You can use our NetFlow Testers to do so.
Oct, 2015 - Permalink