Can't get Scrutinizer to receive flows
Moderators: scottr, Moderator Team
6 posts
• Page 1 of 1
Can't get Scrutinizer to receive flows
by mascoloj » Fri Oct 21, 2011 7:39 am
I have a Sonicwall NSA 2400 (5.8.1.0) that I configured for Scrutinizer but I cannot seem to receive any flows. I used the video instructions on the Plixer website to configure the firewall and Scrutinizer is installed on Windows 7 (Professional with SP1). Everything appears to be setup correctly, I've checked it a few times and retraced all my steps but I still can't seem to figure this out. Any help would be greatly appreciated.
Thanks
Thanks
- mascoloj
- Posts: 3
- Joined: Fri Oct 21, 2011 7:31 am
Re: Can't get Scrutinizer to receive flows
by BenjaminM » Fri Oct 21, 2011 8:55 am
Hi mascoloj,
We may need more information on the configuration on the SonicWALL. Can you post an image of the NetFlow configuration?
Sometimes you need to set the NetFlow to send every 100 Bytes on the NetFlow config because SonicWALL devices do not have an option for active timeout.
Does this help?
Thanks,
Ben
We may need more information on the configuration on the SonicWALL. Can you post an image of the NetFlow configuration?
Sometimes you need to set the NetFlow to send every 100 Bytes on the NetFlow config because SonicWALL devices do not have an option for active timeout.
Does this help?
Thanks,
Ben
Benjamin Moore
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
-
BenjaminM - Posts: 63
- Joined: Tue Mar 01, 2011 11:33 am
- Location: Sanford, Maine
Re: Can't get Scrutinizer to receive flows
by mascoloj » Fri Oct 21, 2011 9:51 am
Here are 2 screen shots of the sonicwall "log>Flow Reporting" page. The interface settings I did not capture but they are checked off to enable flow reporting. Let me know what you think.
Thanks
Thanks
- sonicwall1.gif (16.91 KiB) Viewed 831 times
- sonicwall2.gif (14.14 KiB) Viewed 831 times
- mascoloj
- Posts: 3
- Joined: Fri Oct 21, 2011 7:31 am
Re: Can't get Scrutinizer to receive flows
by BenjaminM » Fri Oct 21, 2011 10:06 am
Hi mascoloj,
Excellent, Kilobytes exchanged is checked and set to 100.
I would try to uncheck "Report Once" from the configuration. Does this help?
Thanks,
Ben
Excellent, Kilobytes exchanged is checked and set to 100.
I would try to uncheck "Report Once" from the configuration. Does this help?
Thanks,
Ben
Benjamin Moore
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
-
BenjaminM - Posts: 63
- Joined: Tue Mar 01, 2011 11:33 am
- Location: Sanford, Maine
Re: Can't get Scrutinizer to receive flows
by mascoloj » Fri Oct 21, 2011 10:16 am
I just unchecked it and have been waiting to see if it made a difference but nothing so far. This is really mind boggling. I have also stopped the firewall service on my workstation and disabled it from running. Any other suggestions?
- mascoloj
- Posts: 3
- Joined: Fri Oct 21, 2011 7:31 am
Re: Can't get Scrutinizer to receive flows
by BenjaminM » Fri Oct 21, 2011 11:53 am
Hi mascoloj,
I'm curious to see if there is something else listening on port 2055?
Also try unchecking the option of "Skip reporting of STACK flows (connections)"
To check to see if the flows are coming into the Scrutinizer box, you can download wireshark application and see if the flows from the SonicWALL are coming into the server.
This is a great link with a problem similar to yours
http://www.plixer.com/blog/scrutinizer/ ... any-flows/
Please let me know the progress and if there is anything else I can help with.
Thanks,
Ben
I'm curious to see if there is something else listening on port 2055?
Also try unchecking the option of "Skip reporting of STACK flows (connections)"
To check to see if the flows are coming into the Scrutinizer box, you can download wireshark application and see if the flows from the SonicWALL are coming into the server.
This is a great link with a problem similar to yours
http://www.plixer.com/blog/scrutinizer/ ... any-flows/
Please let me know the progress and if there is anything else I can help with.
Thanks,
Ben
Benjamin Moore
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
Plixer International Tech Support
(207)324-8805 ex:4
Bio: viewtopic.php?f=20&t=2404
Twitter: http://twitter.com/ActiveBeerGeek/
-
BenjaminM - Posts: 63
- Joined: Tue Mar 01, 2011 11:33 am
- Location: Sanford, Maine
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests