Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA shows "Never" or a date in the past in Netflow Sources "Last Received Netflow"

NTA shows "Never" or a date in the past in Netflow Sources "Last Received Netflow"

Overview

The Last Received NetFlow time stamp is not updating and shows a date in the past. NTA stops receiving NetFlow.

Environment

  • Any version of NTA
  • MS Windows Server 2012

Resolution

  1. Open Windows Performance Monitor in Start > Windows Administrative Tools > Performance Monitor.
  2. Add SolarWinds NetFlow Counters.
  3. Check Flows Received per Second.
  4. Validate your progress with Wireshark.
    1. Download and install Wireshark on your Orion Application Server.
    2. Select Capture in Wireshark.
    3. Select Options.
    4. Under Capture Filter for selected device and application port number, select host <IP Address> and udp port 2055 (default).
    5. Use the following filter when you want to filter out data in the Wireshark application:

      ip.addr == <Netflow Source Polling IP> && udp.port == <Netflow Collector Port>

      For more information, see the Wireshark User's Guide (©1989, 1991 Free Software Foundation, Inc., available at https://www.wireshark.org, obtained on October 27, 2015.).

    6. Validate that NetFlow data is reaching the Collector on port 2055 (default port).

      You should see packets labeled CFLOW and sFlow in Wireshark under Protocol.

    7. For sFlow, you will need to decode traffic by right-clicking on a packet and selecting decode as.

      Settings are as follows:

      Verify the port number by checking the Collector configuration under Settings > NTA Settings > NetFlow Collector Services. Validate the route the device takes to the SolarWinds server. Firewalls must be checked as some can have Access Lists that are not setup to allow UDP packets or are set up incorrectly for TCP when NetFlow is UDP.

  5. If you do not see any NetFlow data, check example configurations to see if something is missing.
  6. Run Tracert from the server to see if any other routes are in place that are blocking traffic on port 2055 (for example, Firewall Checkpoint).
  7. If all devices stopped at the same time and services are running, verify the IP address of the SolarWinds Server did not change.
  8. Change the NetFlow version from 5 to 9. 

 

Last modified

Tags

Classifications

Public