This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
harsh.sharma
Absent Member.
Absent Member.
‎2014-10-17 14:58
512 views

Bytes Out not getting captured in Netflow

Hi ,

we are facing a problem in net flow/IP Flow connector,it is like we are getting the bytes in filed inside the logs but not the bytes out field. Could someone help me with this.

Labels (1)
Labels
Tags (1)
0 Likes
Reply
Report Inappropriate Content
4 Replies
yaseen1
Ensign
Ensign
‎2014-10-27 11:57

I handled this by specifying the traffic direction on the net flow device. e.g. if the source is outside, then the traffic is inbound and if the source is inside then the traffic is outbound. It worked for me. 

0 Likes
Reply
Report Inappropriate Content
seniorj@bennett
Absent Member.
Absent Member.
‎2015-02-17 19:08

I'm having a similar problem, but I'm not sure what you mean by specifying the traffic direction on the netflow device: Is this a vendor-specific configuration, or a smartconnector/esm configuration?

0 Likes
Reply
Report Inappropriate Content
LakeHealthInfoS
Admiral Admiral
Admiral
‎2015-02-19 16:47

Its in the Net Flow configuration for the Cisco / Juniper / Enterasys device you can set directionality on the ingress and egress filter for Net Flow and it will determine directionality based off its configuration.

0 Likes
Reply
Report Inappropriate Content
seniorj@bennett
Absent Member.
Absent Member.
‎2015-02-19 18:49

Thanks for your reply, Christopher. I spent a few more hours on this problem yesterday.

I'm using NSEL netflow export from some Cisco ASAs.  It looks like the smarconnector isn't properly looking at the netflow template from the ASA for bytesin/bytesout count at all.

I ran some tshark sessions against it and the device is properly including the byte count, so this is certainly an arcsight issue.

Other devices of mine that generate netflow were including byte information just fine.

I'd almost file a bug request but those seem to just go to the ether =(

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.