Question:
We have Nexus
7000s configured WS-C3560X-24T-S for sampled netflow. We have tools that should reconstruct the
sampled flow records for management displays. Most tools require the flow
record, option and template to be sent in order to reconstruct the sampled flow
record. We have captured some of this traffic and noticed that the template
contains "SamplerMode": Unknown (1) [See Nexus 1-1.png]. Is this
usual or have we not include commands required for proper operation?
fearure netflow
flow timeout
active 60
flow timeout
inactive 15 (default)
flow session
flow timeout
agreesive threshold 80
flow exporter
flow_exporter
destination
x.x.x.x use-vrf management
transport udp
9996
version 9
template data timeout 30
option exporter-stats timeout 30
option sampler-table timeout 60
flow record
flow_record
match ipv4
source address
! {many
statments}
sampler
netflow_sampler-2
mode 1 out-of 100
flow monitor
flow_monitor
record flow_record
exporter flow_exporter
interface VLAN
150
ip flow monitor
flow_monitor output sampler netflow_sampler-2
Answer:
You are correct
regarding "Most tools require the flow record, option and template"
and they also require the definitions of all elements used in the export.
We maintain
constant communication with Cisco for their latest element IDs and definitions
(I.e. description, type, length, etc.).
It looks like your collector may need the definitions. Once updated, the front end will then need to
be updated to make use of the new element(s) if you want to make use of it.
If you send a
packet capture of the flows to Plixer the will give you a more complete
diagnosis. Make WS-C3560X-48T-L Price sure you include the templates.
没有评论:
发表评论