Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Netflow Randomly Stopped Working

Posted on 2013-07-01
2
Medium Priority
?
1,026 Views
Last Modified: 2013-07-26
I have a Cisco ASA 5515 and a 2921 ISR that I have configured to receive netflow data from.  Both devices have been working perfectly for several months.  All of a sudden, both devices stopped sending netflow packets at about the same time.  I performed an #clear ip flow stats on the 2921, and it appears to be working again.  I can find no such command for the ASA.  I rebuilt the configuration for netflow on the ASA with no success.  Does netflow fill up the cache after a while and stop sending flows?  Is there any way to configure some kind of circular logging for such data?  Is there any way to clear the cache on the ASA appliance?
0
Comment
Question by:marrj
  • 2
2 Comments
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39297140
flow-export destination inside <IP> <port>
flow-export delay flow-create 30
flow-export template timeout-rate 1

Then policy-map/class map your choice with ACL.

Please remember ASA will support only version 9. (in your collector check for version mismatch)

Most of the times it will be collector issue. Every collector won't work great with ASA. You might need to contact your collector vendor. But try using solarwinds  Orion NTA 3.5 SP2 demo for testing, if it's collecting data then problem is in the software.

Best,
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 1500 total points
ID: 39297162
Plixer also seem to support it. Test any one (solarwinds or plixer) to see if netflow data is actually coming or not. If not coming, asa is the issue, if coming- your collector is the issue.

http://www.plixer.com/blog/netflow/netflow-security-event-logging-with-the-cisco-asa/

Best,
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Considering cloud tradeoffs and determining the right mix for your organization.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question