产品答疑

1. 什么是NetFlow Analyzer?
2. 什么是接口?
3. 什么是NetFlow?
4. 不同 NetFlow版本的区别?
5. How is NetFlow与其它流量分析软件有什么不同，如MRTG?
6. NetFlow只支持思科设备吗?

许可信息

1. 免费版于专业版有什么不同?
2. NetFlow Analyzer有没有免费评估版本?
3. 试用版有什么限制吗?
4. 升级到专业版之后需要重新安装NetFlow Analyzer吗？
5. 多少个用户可以同时访问NetFlow Analyzer？

安装

1. 当我访问web接口时，另一个web服务器正在占用该端口，我该怎么办？
2. 如何将NetFlow Analyzer的MySQL端口由13310改为其它端口？
3. 我可以使用root用户安装并运行NetFlow Analyzer吗？
4. 是否需要备份数据库，NetFlow Analyzer具有备份数据库功能吗？（或者）如何在NetFlow Analyzer中进行数据备份？
5. 如何在Linux中升级NetFlow Analyzer？

配置路由器

1. 为什么不能将路由器添加到NetFlow Analyzer?
2. 我已经在路由器上配置了导出NetFlow数据，但是仍然不能在画面上看到。
3. 我已经在许可管理页面删除了路由器和全部接口，但是仍然在画面中存在。
4. 许可界面中的取消管理和删除有什么区别？(或者) 在许可管理界面，什么时候该取消管理设备，什么时候该删除设备？
5. 如何在路由器中配置SNMP团体字符串
6. 如何在路由器上设置与NFA服务器的时间同步？

报表

1. 为什么图表没有数据？
2. W什么是聚合数据和原始数据？如何设置原始数据存储周期？
3. 为什么有的应用程序被标记为"TCP_App"或其它类型内容？
4. Why are only the top 5 or 10 values shown in the reports? What if I want more detail?
5. The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?
6. Why are some interfaces labeled as IfIndex2,IfIndex3, etc.?
7. The total bandwidth usage seems to decrease depending on the granularity of the report. Why is that?( or )why is there a discrepancy between the values seen in the graph and the Max / Min values ?

NBAR

1. Which features are not supported by NBAR?
2. Any restrictions on where we can configure NBAR?
3. What Does NBAR Performance Depend On?
4. Is performance dependent on the number of interfaces that NBAR is enabled on? Does the link speed of the interface(s) that NBAR is enabled?
5. I am able to issue the command "ip nbar protocol-discovery" on the router and see the results. But NFA says my router does not support NBAR, Why?
6. How do I verify whether my router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB?

V9

1. What is NetFlow Version 9?
2. What is the memory impact on the router?
3. "Receiving non V5/V7/V9 packets from the following devices: Click here for further details.." What does this mean?
4. Is version 9 backward compatible ?
5. What is the performance impact of V9?
6. What are the restrictions for V9?
7. How do I configure NetFlow Version 9?

Technical Information

1. How is traffic information stored in the NetFlow Analyzer database?
2. How are ports assigned as applications in NetFlow Analyzer?
3. Do I have to reinstall NetFlow Analyzer when moving to the fully paid version?
4. How many users can access the application simultaneously?
5. NetFlow Analyzer logs out after a period of inactivity. How do I avoid that?
6. How to create DBInfo log file ?
7. What are the advantages of configuring multiple NetFlow Listener Ports ?
8. What information do I need to send to NFA support for assistance?
9. How to safely migrate NFA installation to different machine ?
10. What do I do if my NFA server becomes slow ? (or) How do I improve my NFA system performance ?
11. Why NFA says router time not is SYNC and stops collecting data ?
12. How do I buy NetFlow Analyzer?

Back

General Product Information

1. What is NetFlow Analyzer?
   
   NetFlow Analyzer是基于网络的带宽监控工具和流量分析工具，提供 Cisco NetFlow®, sFlow®, cflowd®, jFlow®, IPFIX®, NetStream®和Cisco NBAR®的网络流量明细报表。 NetFlow Analyzer帮助IT管理员解答谁在何时何地做了什么，以及带宽使用情况。

2. 什么是接口?
   

   接口指网关或路由器设备上的3层物理和逻辑端口。

3. 什么是NetFlow?
   

   Cisco® NetFlow技术是Cisco IOS设备的嵌入功能。NetFlow数据记录包括源和目标地址信息，以及端到端的会话使用的协议和端口。NetFlow Analyzer使用这些信息生成流量模式和带宽利用率图表和报表。

4. NetFlow各个版本有什么不同？
   
   

   当前NetFlow已经发布了5个版本。版本1是原始版本，版本5是标准版，是最常见的版本。版本7主要应用于Catalyst 6500和7600Series交换机。除了不包括AS，接口，TCP flag，和TOS之外，与版本5是一样的。NetFlow版本8介绍了如何减少资源利用率，包括11个集合计划。版本9是最新版本，此版本灵活的支持可扩展格式的MPLS, Multicast等。

   NetFlow Analyzer目前支持NetFlow 5，7和9版本。

5. NetFlow和其它流量分析软件如MRTG有什么不同？
   
   MRTG和其它类似工具仅限于接口统计。这类工具不能为您提供应用程序级别明细，如主机，协议和会话和固有的一部分IP流量。NetFlow流量分析 traffic statistics可以提供更多信息，更深入更好的带宽分析。

6. 只有Cisco厂商支持NetFlow吗？

NetFlow技术由Cisco发明，Cisco IOS设备提供NetFlow兼容性，其它厂商的设备也可能支持NetFlow。

后退

许可信息

1. NetFlow Analyzer免费版和专业版有什么不同？
   
   NetFlow Analyzer免费版可以生成最大2个路由接口的NetFlow数据报表，而专业版可以生成最大n个接口的NetFlow数据报表(接口数目n就是您购买的接口数目。）除此之外，两个版本之间没有其它特性和功能的不同。

2. 可以对NetFlow Analyzer进行免费评估吗？
   
   是的。您可以点击这里进行下载NetFlow Analyzer，并进行30天的免费评估。

3. NetFlow Analyzer使用版有什么限制吗？
   
   NetFlow Analyzer试用版是全功能版本，点这里您可以下载试用版。

4. 升级到专业版必须要重新安装NetFlow Analyzer吗？
   
   不。您不必重新安装或停止服务器。您只需要在位于NetFlow Analyzer web客户端的升级许可框中提供新的许可文件 。

5. 多少个用户可以同时访问NetFlow Analyzer？

   这取决于安装NetFlow Analyzer的服务器性能。NetFlow Analyzer许可没有对用户访问进行限制。

后退

安装

1. 当我访问web接口时，另一个web服务器正在占用该端口，我该怎么办？
   
   在安装过程中，NetFlow Analyzer会检查所用的端口是否被其它应用程序占用。如果这时，使用该端口的应用程序没有运行，则NetFlow Analyzer不会检测到。 您可以关闭该web服务器，改变它的服务器端口，也可以改变NetFlow Analyzer的web服务器端口。

2. 如何将NetFlow Analyzer的MySQL端口由13310改为其它端口？
   
   您可以打开/server/default/deploy 目录中的mysql-ds.xml文件，改变jdbc:mysql://localhost:13310/netflow这一行的端口号为所需端口号，保存文件并重启服务器。

3. 我可以使用root用户安装并运行NetFlow Analyzer吗？
   
   您可以使用root用户安装并启动NetFlow Analyzer，但是所有文件权限将被编辑，之后您就不能使用其它用户启动服务了。

4. 是否需要备份数据库，NetFlow Analyzer具有备份数据库功能吗？（或者）如何在NetFlow Analyzer中进行数据备份？
   
   NetFlow Analyzer具有数据库备份功能，您可以使用此功能进行数据库备份。有2种备份方式：

   1. 您可以执行脚本"backupdb.bat" / "backupdb.sh"进行备份，该脚本位于/adventnet/me/netflow/troubleshooting目录。这样就会创建一个zip格式的数据库备份文件。 当您需要进行恢复时，您必须要将zip文件解压到/adventnet/me/netflow目录。这一过程需要花费一些时间。
   
   
   2. 停止NetFlow Analyzer服务，并到$NETFLOW_HOME/目录拷贝Mysql和data文件夹。
      
      上面两种方法适用于所有版本的NFA。

    

5. 如何在Linux中升级NetFlow Analyzer？

   您可以使用"sh UpdateManager.sh -c"命令，并按照提示进行升级。

后退

配置路由器

1. 为什么不能将路由器添加到NetFlow Analyzer?
   
   NetFlow Analyzer不会选择路由器或接口进行监视。设备会自动进行发现。您所要做的只是配置您发送NetFlow数据的接口，设备会通过此接口将数据发送到NetFlow Analyzer。您可以在设备视图中查看设备以及它的接口列表。 一旦NetFlow Analyzer开始接收NetFlow数据，您就可以在接口视图中看到设备以及列出的接口。

后退




2. 我已经在路由器上配置了导出NetFlow数据，但是仍然不能在画面上看到。
   
   请做如下检查：

   • 在设备上检查是否NetFlow已启用，并且已经启动了发送flow。
   • 检查是否您的路由器正在将NetFlow数据导出到NetFlow Analyzer的监听端口。
   • 检查是否您的路由器正在输出NetFlow版本 5/ 7/ 9数据。

   后退

3. 我已经在许可管理页面删除了路由器和全部接口，但是仍然在画面中存在。
   
   这是由于NetFlow Analyzer正在从那台路由器接受NetFlow包。您需要在路由器上配置停止向NetFlow Analyzer输出NetFlow数据。

Back



4. 许可界面中的取消管理和删除有什么区别？ (或者) 在许可管理界面，什么时候该取消管理设备，什么时候该删除设备？
   
   如果您需要临时停止监视路由器或接口，可以在许可管理界面取消管理。这样，路由器或接口就仍然会显示在许可管理界面。

   如果您需要永久停止监视路由器或接口，请从接口或路由器上禁用NetFlow输出，然后从许可管理界面删除。这样路由器/接口就不会出现在任何客户端界面上了，除非该设备孩子发送新的flow。

后退



5. 如何在路由器中配置SNMP团体字符串？

请按照如下步骤配置SNMP：

1. 登录路由器。
2. 进入全局配置模式
3. 输入命令snmp-server community public RO ( to set public as Read-Only community )
4. 按住ctrl和Z
5. 输入命令write mem


后退

6. 如何在路由器上设置与NFA服务器的时间同步？
   
   Whenever the time difference between the NetFlow Analyzer Server and the router is above 10 minutes a warning icon will appear in the home page. When this happens, NetFlow Analyzer will stamp the flows based on the system time of the NetFlow Analyzer server. In case you see this, please ensure the following on the router:
   
   1. Check if the time zone and the offset (in Hours and Minutes) for the time zone is set properly (E.g. PST -8 00 for PST or EST -5 00 for EST). You can check this by logging into the router, going into the configure terminal and typing show running-config. You can set the clock time zone and offset using the command clock timezone zone hours [minutes] (E.g. clock timezone PST -8 00)
   
   2. After checking the time zone, check if the correct time is set on your router. You can check this by logging into the router and typing show clock. You can set the clock time using the command clock set hh:mm:ss month date year There is no queuing mechanism is done on heavy periods.

后退




报表

1. 为什么图表没有数据？
   
   如果没有可用数据，图表为空。如果您刚刚安装了NetFlow Analyzer，请等待至少10分钟后，在启动产品查看图表。如果图表中仍然没有数据，则说明NetFlow Analyzer没有接收到数据。您需要检查路由器设置。

后退



2. 什么是聚合数据和原始数据？如何设置原始数据存储周期？
   

   As far as aggregated data is concerned, NetFlow Analyzer maintains the top 'n' flows for every ten minutes slot. The record count determines this 'n' values. By default it is set to 100. You may set your own criteria for this purpose. you can change this from the Settings option.
   
   Apart from this NetFlow Analyzer allows you to store raw data (all flows -not just the top n) for upto one month.
   
   1. Aggregated data is stored in 5 levels of tables - 10 Min, Hourly, 6 Hour, 24 Hour and Weekly tables and reports for different periods need to access the corresponding table. For example, very recent reports need to access the 10 Min table and old reports need to access the Weekly table. You can access the table MetaTable to determine the table which contains data for the required time period

   2. Raw data is stored in dynamically created tables and data pertaining to different devices (routers) reside in different table for different periods of time. You can access the table RawMetaTable to determine the table which contains data for the required report.
   

   Back

3. Some of the applications are labeled as "TCP_App" or something similar. What is that?
   
   If an application is labeled as "TCP_App" or something similar, it means that NetFlow Analyzer has not recognized this application (i.e.) the combination of port and protocol is not mapped as any application. Once you add these applications under Application Mapping they will be recognized.

Back



4. Why are only the top 5 or 10 values shown in the reports? What if I want more detail?
   
   NetFlow Analyzer shows the top 50 results in all reports by default. You can see up to 100 results in each report by changing the Record Count value in the Settings page.

Back



5. The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?
   
   Check if you have enabled NetFlow on all interfaces through which traffic flows. Since NetFlow traffic accounting is ingress by default, only IN traffic across an interface is accounted for. To see both IN and OUT traffic graphs for an interface, you need to enable NetFlow on all the interfaces through which traffic flows.

Back



6. Why are some interfaces labeled as IfIndex2,IfIndex3, etc.?
   

   This happens if the device/interface has not responded to the SNMP requests sent by NetFlow Analyzer. Check the SNMP settings of the interface or manually edit the interface name from the Dashboard. NetFlow Analyzer uses port 161, and the public community string as default SNMP values. If the SNMP settings of your device are different, change the values in the Dashboard Interface View. If you need to change this globally, enter the new values in the same fields under Settings.

Back



7. The total bandwidth usage seems to decrease depending on the granularity of the report. Why is that? (or) Why is there a discrepancy between the values seen in the graph and the Max / Min values ?
   

   NetFlow Analyzer aggregates older data in less granular format and due to this reason some of the spikes may not show in older reports. While reports pertaining to last day is generated from tables with 10 minute granularity, reports pertaining to last week is generated from tables with 1 hour granularity
   
   For example, data in 10 minute table pertaining to 10:00, 10:10, 10:20, 10:30, 10:40 and 10:50 would all be aggregated and moved into hourly data tables for one data point pertaining to 10:00.
   
   While the total data volumes is correct, the traffic rates will be averaged over this period. So:
   
   10:00 -> volume transferred 100MBytes, ten minute average rate 1,333Kbits/s
   10:10 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
   10:20 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
   10:30 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
   10:40 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
   10:50 -> volume transferred 1MByte, ten minute average rate 13.3Kbits/s
   
   When aggregated into the one hour table, we get:
   
   10:00 -> volume transferred 105MBytes, one hour average rate 233Kbits/s
   
   The spike up to 1,333Kbits/s has been lost by this averaging process; as the data get aggregated into longer and longer time periods, so this average value will decrease further.
   
   This is the reason for the reduction in the reporting of bandwidth usage over time.

Back




NBAR

1. Which features are not supported by NBAR ?
   
   The following features are not supported by NBAR:
   • More than 24 concurrent URLs, HOSTs or MIME type matches
   • Matching beyond the first 400 bytes in a URL
   • Non-IP traffic
   • Multicast and other non-CEF switching modes
   • Fragmented packets
   • Pipelined persistent HTTP requests
   • URL/HOST/MIME/ classification with secure HTTP
   • Asymmetric flows with stateful protocols
   • Packets originating from or destined to the router running NBAR

Back



2. Any restrictions on where we can configure NBAR?
   
   You can't configure NBAR on the following logical interfaces:
   • Fast EtherChannel
   • Interfaces that use tunneling or encryption
   • VLANs
   • Dialer interfaces
   • Multilink PPP

   Note: NBAR is configurable on VLANs as of Cisco IOS Release 12.1(13)E, but supported in the software switching path only.

Back



3. What Does NBAR Performance Depend On?
   

   Several factors can impact NBAR performance in software-based execution.
   
   A. Router Configuration
   1. Number of protocols being matched against it
   2. Number of regular expressions being used
   3. The complexity of packet inspection logic required
   
   B. Traffic Profile (Packet Protocol Sequence)
   1. The number of flows
   2. Long duration flows are less expensive than shorter duration flows
   3. Stateful protocol matches are more performance impacting than static port applications

Back



4. Is performance dependent on the number of interfaces that NBAR is enabled on? Does the link speed of the interface(s) that NBAR is enabled on affect performance ?
   
   No. NBAR performance is not dependent on the number of interfaces that NBAR is enabled on or the link speed of those interfaces. Performance is dependent on the number of packets that the NBAR engine has to inspect, how deep into the packet it has to look to perform regular inspection.



Back



5. I am able to issue the command "ip nbar protocol-discovery" on the router and see the results. But NFA says my router does not support NBAR, Why?
   
   Earlier version of IOS supports NBAR discovery only on router. So you can very well execute the command "ip nbar protocol-discovery" on the router and see the results. But NBAR Protocol Discovery MIB(CISCO-NBAR-PROTOCOL-DISCOVERY-MIB) support came only on later releases. This is needed for collecting data via SNMP. Please verify that whether your router IOS supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB.



Back



6. How do I verify whether my router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB?
   
   a) You can check CISCO-NBAR-PROTOCOL-DISCOVERY-MIB supported platforms and IOS using the follwoing link. http://tools.cisco.com/ITDIT/MIBS/AdvancedSearch?MibSel=250073
   
   b) Alternately , you can execute "show snmp mib | include cnpd " command at router to know the implemeted mib objects in the router. If the router supports CISCO-NBAR-PROTOCOL-DISCOVERY-MIB, then the above command gives the following objects.
   
   cnpdStatusEntry.1
   cnpdStatusEntry.2
   cnpdAllStatsEntry.2
   cnpdAllStatsEntry.3
   cnpdAllStatsEntry.4
   cnpdAllStatsEntry.5
   cnpdAllStatsEntry.6
   cnpdAllStatsEntry.7
   cnpdAllStatsEntry.8
   cnpdAllStatsEntry.9
   cnpdAllStatsEntry.10
   cnpdAllStatsEntry.11
   cnpdAllStatsEntry.12
   cnpdTopNConfigEntry.2
   cnpdTopNConfigEntry.3
   cnpdTopNConfigEntry.4
   cnpdTopNConfigEntry.5
   cnpdTopNConfigEntry.6
   cnpdTopNConfigEntry.7
   cnpdTopNConfigEntry.8
   cnpdTopNStatsEntry.2
   cnpdTopNStatsEntry.3
   cnpdTopNStatsEntry.4
   cnpdThresholdConfigEntry.2
   cnpdThresholdConfigEntry.3
   cnpdThresholdConfigEntry.4
   cnpdThresholdConfigEntry.5
   cnpdThresholdConfigEntry.6
   cnpdThresholdConfigEntry.7
   cnpdThresholdConfigEntry.8
   cnpdThresholdConfigEntry.9
   cnpdThresholdConfigEntry.10
   cnpdThresholdConfigEntry.12
   cnpdThresholdHistoryEntry.2
   cnpdThresholdHistoryEntry.3
   cnpdThresholdHistoryEntry.4
   cnpdThresholdHistoryEntry.5
   cnpdThresholdHistoryEntry.6
   cnpdThresholdHistoryEntry.7
   cnpdNotificationsConfig.1
   cnpdSupportedProtocolsEntry.2

Back




V9

1. What is NetFlow Version 9?
   
   This format is flexible and extensible , which provides the versatility needed to support new fields and record types. This format accommodates new NetFlow-supported technologies such as NAT, MPLS,BGP next hop and Multicast.The main feature of Version 9 Export format is that it is template based.

Back



2. What is the memory impact on the router due to V9?
   
   The memory used depends upon the data structures used to maintain template flowsets. As the implementation does not access the NetFlow cache directly the memory used is not very high.

Back



3. "Receiving non V5/V7/V9 packets from the following devices: Click here for further details.." What does this mean?
   
   If you get this message on the user interface, it means that NetFlow packets with versions other than version 5/7/9, are being received by NetFlow Analyzer. Check your router settings to make sure that only version 5/7/9 NetFlow exports are being sent to NetFlow Analyzer. This is because NetFlow Analyzer supports only NetFlow version 5/7/9 exports.

Back



4. Is version 9 backward compatible ?
   
   Version 9 is not backward-compatible with Version 5 or Version 8. If you need Version 5 or Version 8, then you must configure Version 5 or Version 8.

Back



5. What is the performance impact of V9?
   
   Version 9 slightly decreases overall performance, because generating and maintaining valid template flowsets requires additional processing.

Back



6. What are the restrictions for V9?
   
   Version 9 allows for interleaving of various technologies. This means that you should configure Version 9 if you need data to be exported from various technologies (such as Multicast, DoS, IPv6, BGP next hop, and so on).

Back



7. How do I configure NetFlow Version 9?
   
   Please refer the following document for configuring netflow version 9 http://www.cisco.com/en/US/docs/ios/12_3/feature/gde/nfv9expf.html#wp1069837



Back




Technical Information

1. How is traffic information stored in the NetFlow Analyzer database?
   
   For each report, NetFlow Analyzer stores traffic information in a different manner. The following tables describe the data storage pattern for the various reports generated by NetFlow Analyzer.

Back



2. How are ports assigned as applications in NetFlow Analyzer?
   
   A NetFlow export contains information on the protocol, source port, and destination port. When a flow is received, NetFlow Analyzer tries to match the port and protocol in the flow, to an application in the following order:
   • The smaller of the source and destination port numbers, to the list of ports configured to each application in the Application Mapping list
   • The larger of the source and destination port numbers, to the list of ports configured to each application in the Application Mapping list
   • The smaller of the source and destination port numbers, to the port ranges configured to each application in the Application Mapping list
   • The larger of the source and destination port numbers, to the port ranges configured to each application in the Application Mapping list
   
   If a matching application is still not found, then depending on the protocol received in the flow, the application is listed as <protocol>_App. (eg.) TCP_App if a flow is received with TCP protocol, and unmatched source and destination ports. If the protocol received in the flow is also not recognized by NetFlow Analyzer, the application is listed as Unknown_App.
   
   

   A single flow can be categorized as a single application only. In case of a conflict, applications with an exact match for the port number will be accounted for.




Back



3. Do I have to reinstall NetFlow Analyzer when moving to the fully paid version?
   
   No, you do not have to reinstall or shut down the NetFlow Analyzer server. You just need to enter the new license file in the Upgrade License box.

Back



4. How many users can access the application simultaneously?
   
   This depends only on the capacity of the server on which NetFlow Analyzer is installed. The NetFlow Analyzer license does not limit the number of users accessing the application at any time.

Back



5. NetFlow Analyzer logs out after a period of inactivity. How do I avoid that?
   
   

   You can change the time-out value to a higher value than the default ( 30 minutes ) by increasing the parameter session-timeout.

   <session-config>
   <session-timeout>30</session-timeout>
   </session-config>

   under <NFA_Home>/AdventNet/ME/NetFlow/server/default/conf/web.xml

   Change the value 30 to your desired time-range - say, 600. You will have to restart NFA server for this to take effect.

Back



6. How to create DBInfo log file ?

1. Please ensure that NFA is running.
2. Navigate to /Trou

Back

bleshooting directory and execute the file DBInfo.sh / DBInfo.bat
3. It creates a "Info.log" file in the same folder. This contains DB related information. Please send us the "info.log" file to netflowanalyzer-support@manageengine.com for us to analyze and help you better.

7. What are the advantages of configuring multiple NetFlow Listener Ports ?

Configuring multiple NetFlow Listener ports can significantly enhance the flow handling rates. You can configure upto 5 listener ports, each seperated by a comma. This can be configured from the Settings -> NetFlow Settings page in the user interface

Back



8. What information do I need to send to NFA support for assistance?

   1. Please run your logziputil.bat / logziputil.sh (under the troubleshooting folder). This will create a zip file under the support folder please send us the zip file.
   2. Send us the .err file under the Mysql\data folder.
   3. Also send your Machine configuration.
   

   Back

9. How to safely migrate NFA installation to different machine ?

    NetFlow Analyzer can be migrated to a new server with older data and configurations with certain conditions. Given below are the steps to migrate the installation and database to a different server.
   
   Note:
   > The build number of the NetFlow Analyzer should be the same on both the servers. (You can find the Build number by clicking on the 'About' link on the top right corner of the user interface)
   > Cross platform migration is not supported (eg. From Windows to Linux and vice versa)
   
   1. Shutdown the NetFlow Analyzer service.
   2. Copy the MySql and Data folder under the <NetFlow_Home> to a safe backup location. These two folders contain all the collected data and configurations of NetFlow Analyzer.
   3. Install the NetFlow Analyzer on the new server and run the NetFlow Analyzer service once.
   4. Then shutdown the NetFlow Analyzer service.
   5. Copy the MySql and Data folders which were backed up from the original installation to the new installation under <NetFlow_Home> directory.
   
   Additionally, if you do not have a copy of the product license, please copy the AdventnetLicense.xml file from <NetFlow_Home>\lib directory to a safe location. Once the migration is complete, you can apply the license from License Management page under Admin Operations in the product UI.
   

   Back

10. What do I do if my NFA server becomes slow ? (or) How do I improve my NFA system performance ?


Please refer this link for a brief note on database tuning :http://forums.manageengine.com/NetFlow-Analyzer

Back



11. Why NFA says router time not is SYNC and stops collecting data ?


Please follow these steps to fix this issue:


1. In case you see this, please ensure the following on the router:Check if the correct time is set on your router.
   You can check this by logging into the router and typing show clock. You can set the clock time using the command clock set hh:mm:ss month date year. Check if the time zone and the offset (in Hours and Minutes) for the time zone is set properly (E.g. PST -8 00 for PST or EST -5 00 for EST). You can check this by logging into the router, going into the configure terminal and typing show running-config. You can set the clock time zone and offset using the command clock timezone zone hours [minutes] (E.g. clock timezone PST -8 00)
2. The time sync issue may be related to high CPU load and reducing the IP group can help. Each address / range / network will be checked seperately. So, 4 addresses of 10.10.10.1, 10.10.10.2, 10.10.10.3 and 10.10.10.4 will add more overload than creating the same as a single IP range of 10.10.10.1 to 10.10.10.4. While associating interfaces you are better off selecting "All interfaces" wherever appropriate since in that case no check will be done with the interface in the flow. In your case, since you had 180 interfaces associated, the code had to check for these 180 interfaces in each flow received.

Back



12. How do I buy NetFlow Analyzer?
    
    You can buy NetFlow Analyzer directly from the Manageengine Online Store, or from a reseller near your location. Please see the website at http://www.netflowanalyzer.com/ for more information on purchasing options

Back