5 Replies Latest reply on Apr 27, 2017 2:48 AM by orhiee

    esx 6.5 cant get netflow - have vcenter and followed the docs

    orhiee Lurker

      Hello,

       

      well i have a esxi 6.5 with vcenter 6.5 (runnig on windows)

       

      I have multiple distributed switches with 2 port groups each, 1 for network 1 for span (using it as a hub to get the all traffic from the switch), and all switches are connected via a firewall on the port group

       

      i have been going over the docs and tutorials online and did the usual: set the setting on switch and enabled on the portgroup, but i dont recevice any data

       

      the tcp dump on the netflow collector has no data coming in (nmap shows te port is open and can see data on port via tcpdump during scan)

       

      the firewall logs are empty, the bro logs are empty and dont show any thing on that port

       

      i am very stuck and any help would be appreciated

       

      thanks

        • 1. Re: esx 6.5 cant get netflow - have vcenter and followed the docs
          jhboricua Novice

          There's hardly any information on your post to make a guess. You need to post more detailed info of how you configured this.

          • 2. Re: esx 6.5 cant get netflow - have vcenter and followed the docs
            orhiee Lurker

            okidoki letme start from the begining:

             

            1 esx server connected to a vcenter server (all 6.5)

            -the vcenter is a VM inside the esx running on w2k12

             

            on the Data-center (just 1 esx) i have 5 distributed switches with 2 port groups each

            -example of switch:

                 port group 1 - for normal vm to vm networking

                 port group 2 - security security settings disabled, so it acts like a hub so i can see the whole traffic going trough "port gorup 1"

            all the port group 1 for each switch are connected thought a firewall (the firewall is also a vm on the esx)

             

            so to get netflow: (based on VMware vSphere 6.5 Documentation Library)

            -i opened the distrubuted swith settings: set netflow collecter ip and port,

            -i opened the portgorup 1 settings and enabled monitoring and netflow

             

            But i am not receiving any data on the netflow collector (looking with tcpdump)

            - the netflow collecter is on the same switch port group 1,

            - the netflow colleceter firewall settting are checked

             

            hoping that clears it  

            • 3. Re: esx 6.5 cant get netflow - have vcenter and followed the docs
              jhboricua Novice

              Gotcha.

               

              Did you set a valid IP address for the distributed switch itself in the Netflow settings? Can you elaborate on what is software/platform the collector runs on?

              • 4. Re: esx 6.5 cant get netflow - have vcenter and followed the docs
                orhiee Lurker

                tanks for the response,

                 

                i did try it with both the ip set and with no ip set (its not a must to set it up)

                 

                the collector runs on win10 with manageEngine collector,

                 

                how ever for debugging i set the ip to a linux servers and ran tcpdump, but no data was being delivered to the listening port (did check if the port was open etc)

                 

                looking for something else, i found that there are vlan and netflow settings defined in the "uplink"s which was disabled by default. although i didnt have time to check it i am hoping thats blocking the transmission (however it doesnt make much sense because destination is on the same switch so why use uplink but we shall see)

                • 5. Re: esx 6.5 cant get netflow - have vcenter and followed the docs
                  orhiee Lurker

                  So apparently you also have to enable netflow on the uplink as well, then all is fine

                   

                  so set Distributed virtual switch settings,

                  set port group settings

                  set uplink settings

                  ps. by set i mean enable netflow