...
If that is not the issue you will need to verify that nothing on your network is filtering the packets and preventing them from arriving at the server.
9. Determining where flows are coming from?
To figure out where all the flows / conversations in your DB are coming from you can look at the agents list. In opFlow 2.5 and below the agents list is only populated from flow data and not from conversations. The information can be found in mongo quite easily:
| Code Block |
|---|
mongo
use nmis; // or opflow, check your config if you are not sure -- 'db_name' => 'opflow',
db.auth("opUserRW","op42flow42");
db.conversations.distinct("agent"); |
Using the tcpdump command from 8b can also be handy to see what is arriving, keep in mind that unwanted may be dropped/ignored by modifying flowd.conf.
10. Ignoring flow sources
When configurations are copied from one device to another flow configuration can come with them, this can lead to more flows being sent to opFlow than is expected. The best solution to this problem is to stop the device from sending flows, this cannot always be done (or done in a timely manor). To solve this issue flowd.conf allows setting which devices to accept flows from, or which to ignore.
Editing /usr/local/etc/flowd.conf
| Code Block |
|---|
# accept from a specific source
flow source 192.168.1.1
# or from a subnet
flow source 192.168.1.0/24
# more examples can be found in flowd.conf |