In "Collector status" you can see the state of all configured
collectors. In front of the collector name is an LED indicator.
Green LED indicator means that the collector is running, red LED means
that the collector is disabled and a blinking red LED means
that the collector is enabled, but not running. If a unit is
ready, but the collector still doesn't run, see syslog messages
on the unit server for error messages. A non-running collector
is indicated after 30 seconds of inactivity.
Click on "Detail" link to get more information about a specific collector.
"Detail" link gives you detailed information about collector process start time,
current hour and summary statistics (number of received packets, bytes and flows,
forwarded and dropped packets etc). Zero number of received packets may signify data
link problems or a badly configured export device.
You can see the following list of counters:
- Number of bytes - total size of received netflow packets.
- Number of packets - total count of received netflow packets.
- Forwarded packets - how many packets have been forwarded to the other destinations.
- Number of flows - how many flows were extracted from netflow packets.
- Number of rows - how many rows were inserted to the database.
- Number of filtered flows - number of flows, which matched some filtering rule.
- Number of filtered flows (allowed) - number of flows, which matched allow policy.
- Number of filtered flows (denied) - number of flows, which matched deny policy.
- Number of filtered flows (modified) - number of flows, which matched modify policy.
- Dropped packets due to bad source IP - how many packets have been dropped due to unrecognized source IP address.
- Dropped packets due to unsupported netflow version - Caligare Flow Inspector supports only netflow version 1,5,6,7 and 9.
- Dropped flows due to corrupted data - how many flows were dropped due to zero packets value or flow was longer than 4000 seconds, etc.
- Dropped flows due to full buffer - how many flows were dropped due to internal buffer overflow.
- Dropped flow bytes due to full buffer - number of bytes in the flows, which was dropped due to full internal buffer.
- Dropped flow packet due to full buffer - number of packets in the flows, which was dropped due to full internal buffer.
- Dropped flows due to corrupted time - how many flows were received with unsynchronized time (check time on your router and on your server).
- Corrected flows due to corrupted time - how many flows were modified with acceptable time.
![[Note]](images/note.png) | Note |
---|
If you see increasing number of flows with corrupted data or time, please, check that you have a
synchronized time between exporting device and analyzer. Very important is set active flow timeout value
to 1-2 minute on the router.
|