Managing devices and interfaces

You can make changes to the device and interface settings from the Admin > Definitions > Manage Exporters page. it includes the following information and configuration options as viewed from left to right on the screen:

  • Action / Down Arrow: Use this menu to make several changes to how the flow exporter is represented in the system.

  • Edit Additional Notes: Add a few comments about the device that can be seen in the Status and Maps tabs.

  • Edit Name: Give the device a name if it doesn’t resolve to an IP address. If it resolved to a host name, this will over write it.

  • Edit Protocol Exclusions: Used to tell the collector to drop flows on certain ports. This was build because some vendors like Cisco export the same flows twice when VPNs or tunnels have been configured.

  • Edit SNMP Credential: Define the community string to use when querying the device.

  • Update SNMP: Poll the device for SNMP details on demand.

  • Check Box: Check this checkbox to remove the device from the Status tab device tree. The device will be rediscovered immediately if the collector is still receiving flows from the device. Note that templates and interfaces from devices that stop sending flows are aged out.

  • Round LED:

    • Green: This exporter is enabled and up on the collector specified.

    • Red: This exporter is enabled and down on the collector specified.

    • Yellow: No flows have been received for this exporter on the collector specified.

    • Gray: This exporter is disabled on the collector specified.

  • Exporter: Exporter name, or IP Address if unnamed. Clicking on name/IP address opens a Manage Exporters modal with options to name the exporter, the domain for the exporter, set Protocol Exclusions for this exporter, SNMP Credential selection, and also attach Additional Notes to the exporter.

  • Status:

  • Enabled: Flows from this exporter will be collected, stored, and available for reporting.

  • Backup: Flows from this exporter will be collected and stored, but will not be included in reporting from this collector.

  • Disabled: Flows from this exporter will be ignored by the collector.

  • Unlicensed: Set by the collector. This exporter exceeds the exporter license count and flows from it will be ignored. Users wanting to disable specific exporters should use ‘disabled’.

  • Last Activity: Timestamp when the last flow was received for this exporter.

  • Collector IP: IP Address of the collector receiving flows for this exporter.

  • Credential: SNMP Credential in use by this exporter. Clicking on the SNMP Credential opens the Manage Exporters configuration modal to the SNMP section, allowing editing of the credential.

  • Additional Notes: Any notes added to this exporter are visible in this column.

Interface details

Selected interfaces can be hidden from the reporting GUI. The SNMP community string used to communicate with the device can be altered.

At the top, there is a drop down box containing all the flow sending devices. Type in this box to filter. After a device is selected, a drop down box to select the SNMP community string/credential will appear. Next to the community string is a check box for SNMP Enabled. If SNMP Enabled is checked, the Watcher Service will attempt to poll and update SNMP information for the device. By default, the automatic SNMP discovery occurs once a night. The user can disable the automatic SNMP capability by unchecking Auto SNMP Update from the Admin Tab > Settings -> System Preferences.

There are several columns displayed for each interface on the NetFlow capable router/switch. Some of them include:

  • Action: The drop-down arrow is a menu providing options for:

    • Manage Exporters: Launches the Manage Exporters interface.

    • Settings: Provides a modal to provide a custom description for the device and allows for custom In and Out speeds on the interface to be entered.

    • Update SNMP: Attempts to update the details using the SNMP credentials.

  • Hide: Check off to remove the interface from appearing in the Status tab.

  • Interface: this is the SNMP instance of the interface. Click on it to run the default report.

  • Custom Description: A custom interface name can be entered.

  • ifAlias: Collected via SNMP.

  • ifName: Collected via SNMP.

  • ifDescr: Collected via SNMP.

  • ifSpeed: Collected via SNMP. Use the next two columns to customize the in/out speeds.

  • Custom (Bits) In: Specify a custom inbound speed to override the default. This does not do an SNMP set on the device. Enter a 0 in the Custom (Bits) ifSpeed to force the Status tab to display the interface in bits in lieu of % utilization.

  • Custom (Bits) Out: Specify a custom outbound speed to override the default. This does not do an SNMP set on the device.

  • Metering: Indicates whether NetFlow is collected INGRESS, EGRESS or BOTH on this interface. To determine which flows are being used when reporting on an interface, run a report and click on the “Filters / Details” button and then click on the Exporter Details tab.

Scrutinizer labels flow exporter interface names using the following logic in this order if it is available:

  • Instance and Custom Name

  • Instance, ifAlias and ifDescr

  • Instance, ifDescr and ifName

  • Instance and ifDescr

  • Instance

This requires SNMP access to the devices that are exporting flows. SNMP Enterprise MIBs may require 3rd party software or customized scripts to correlate the enterprise instances to match the MIB II instances.

If SNMP is not available, the collector will look for an interface names option template. Some vendors export an interface names option template using NetFlow or IPFIX. This option template contains the names of the interfaces. In Cisco IOS v 12.4(2)T or greater, the command is:

Router(config)# ip flow-export interface-names

SonicWALL and other vendors export a similar options template.

SNMP

If any updates are applied to a router or switch, be sure to go back to the device interface and run Update SNMP in the down arrow menu, or wait for the daily evening update to run.

Important

By default, the flow collector performs SNMP polls on a nightly basis on the switches and routers it is receiving flows from. This software was engineered to be a passive collection tool with minimal SNMP requirements. The best way to update the SNMP information including the information on the interfaces is to click on the “Update” button. NetFlow v9 option templates can be used in place of SNMP to gather interface names and speeds.