Solved

Netflow Randomly Stopped Working

Posted on 2013-07-01
2
1,004 Views
Last Modified: 2013-07-26
I have a Cisco ASA 5515 and a 2921 ISR that I have configured to receive netflow data from.  Both devices have been working perfectly for several months.  All of a sudden, both devices stopped sending netflow packets at about the same time.  I performed an #clear ip flow stats on the 2921, and it appears to be working again.  I can find no such command for the ASA.  I rebuilt the configuration for netflow on the ASA with no success.  Does netflow fill up the cache after a while and stop sending flows?  Is there any way to configure some kind of circular logging for such data?  Is there any way to clear the cache on the ASA appliance?
0
Comment
Question by:marrj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39297140
flow-export destination inside <IP> <port>
flow-export delay flow-create 30
flow-export template timeout-rate 1

Then policy-map/class map your choice with ACL.

Please remember ASA will support only version 9. (in your collector check for version mismatch)

Most of the times it will be collector issue. Every collector won't work great with ASA. You might need to contact your collector vendor. But try using solarwinds  Orion NTA 3.5 SP2 demo for testing, if it's collecting data then problem is in the software.

Best,
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 500 total points
ID: 39297162
Plixer also seem to support it. Test any one (solarwinds or plixer) to see if netflow data is actually coming or not. If not coming, asa is the issue, if coming- your collector is the issue.

http://www.plixer.com/blog/netflow/netflow-security-event-logging-with-the-cisco-asa/

Best,
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month11 days, 15 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question