SolarWinds NetFlow Traffic Analyzer
This template was deprecated in SAM 2020.2.1, but is available in THWACK if you need to import it into SAM.
This SAM template reports statistics gathered by SolarWinds NetFlow Traffic Analyzer (NTA).
To learn about using NTA, see:
Prerequisites
WMI access to the target server.
SolarWinds NTA is installed and licensed in your environment.
Credentials
User with administrative privileges on the target server.
Component monitors
Service: SolarWinds NetFlow Service
This component returns CPU and memory usage of the SolarWinds NetFlow Service. This service is responsible for receiving and saving data to the database as well as providing licensing information to the web console. If this service is stopped, data will not be collected.
Cached Data Queue Length
This monitor returns the amount of data not currently saved to the database. If this service is stopped or disabled, this data will be lost. This value should be as low as possible. If the returned value grows, the NTA server will not be able to save processed flows into the database. It is recommended that you adjust Top Talkers Optimization.
Collapsed Records Per Second
This monitor returns the amount of incoming records that are collapsed, per second.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
IP Address Cache Size
This monitor returns the size of the IP address cache. This counter will function only when the DNS resolution is set to "persistent."
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
IP Requests Per Second
This monitor returns the IP requests rate, per second. This counter will function only when the DNS resolution is set to "persistent."
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
IP Requests Queued
This monitor returns the number of IP requests in the queue. This counter will function only when the DNS resolution is set to "persistent."
IP Resolved Per Second
This monitor returns the IP resolved rate, per second. This counter will function only when the DNS resolution is set to "persistent."
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
IP Responses Per Second
This monitor returns the IP responses rate, per second. This counter will function only when the DNS resolution is set to "persistent."
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
IP Responses Queued
This monitor returns the number of IP responses in the queue. This counter will function only when the DNS resolution is set to "persistent."
IP UnResolved Per Second
This monitor returns the IP unresolved rate, per second. This counter will function only when the DNS resolution is set to "persistent."
Packets Received Per Second
This monitor returns the packets received rate, per second, before the queue.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
Packet Dropped: Unmanaged Node
This monitor returns the number of packets dropped due to a node not being managed by NetFlow. This is caused by the node being disabled or the node not existing in NPM. The returned value should be zero. If the returned value is greater than zero, add these nodes to NPM or disable the exporting of these flows on your router.
Packet Dropped: Unmonitored Node
This monitor returns the number of packets dropped due to a node not being monitored by NetFlow. These nodes are monitored by NPM. The returned value should be zero. If the value is greater than zero, add these nodes as NetFlow Sources or disable the exporting of these flows on the router.
PDU Dropped: Unmanaged Interface
This monitor returns the number of PDUs dropped due to an interface not being managed by NetFlow. This is caused by the node being disabled or the node not being in the NetFlow Sources table. This counter will function only when the option, "Allow monitoring of flows from unmanaged interfaces," in the NTA settings is set.
PDU Dropped: Unmonitored Interface
This monitor returns the number of packets dropped due to an interface not being monitored by NetFlow. These Interfaces are in NPM. The value returned should be zero. If the value is greater than zero, add these interfaces into NetFlow Sources or disable the exporting of these flows on the router.
PDU Dropped: Unmonitored Port
This monitor returns the number of packets dropped due to an unmonitored application. This counter is connected to the "Enable data retention for traffic on unmonitored ports" setting in NTA settings. If checked, flows with unmonitored ports will remain stored in the database. If unchecked, flows will be dropped and this counter will continue to grow. The returned value should be zero. If the value returned is greater than zero, you should verify that all the ports you want to monitor are actually being monitored.
PDU Dropped: Unmonitored Protocol
This monitor returns the number of packets dropped due to a disabled protocol. Protocols to be monitored can be changed in the NetFlow Settings > Monitored Protocols section. The returned value for this monitor should be zero. If the value returned is greater than zero, you should verify that the protocols you want to monitor are actually being monitored.
PDUs Processed Per Second
This monitor returns the PDUs processed, per second.
Raw Packet Queue Length
This monitor returns the number of raw packets in the queue. If the value returned continues to grow, this indicates that the NetFlow service will not be able to handle the amount of incoming flows quickly enough, thereby placing them in the queue. Consider upgrading your SolarWinds Platform server to improve performance.
Netflow V1 Bytes Received Per Second
This monitor returns the number of bytes NetFlow V1 received per second.
Note: By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
Netflow V1 Flows Received Per Second
This monitor returns the number of flows NetFlow V1 received per second.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
Netflow V5 Bytes Received Per Second
This monitor returns the number of bytes NetFlow V5 received per second.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
Netflow V5 Flows Received Per Second
This monitor returns the number of flows NetFlow V5 received per second.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
Netflow V9 Bytes Received Per Second
This monitor returns the number of bytes NetFlow V9 received per second.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
Netflow V9 Flows Received Per Second
This monitor returns the number of flows NetFlow V9 received per second.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
sFlow V5 Bytes Received Per Second
This monitor returns the number of bytes sFlow V5 received per second.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
sFlow V5 Flows Received Per Second
This monitor returns the flow rate received, per second, for sFlow V5.
By default, this component monitor is disabled and should only be enabled for troubleshooting purposes.
Packet Dropped: Insufficient performance
This monitor returns the amount incoming packets dropped due to the poor performance of the SQL server or NTA Service. The returned value should be zero. If this occurs in one specific instance, verify that the database server is not overloaded. Database Maintenance may be the culprit. If this is a persistent problem, the database server probably is not able to process the amount of incoming flows. It is recommended that you adjust Top Talkers Optimization.
Netflow service time difference error
This monitor returns the number of events when the time difference between the database server and the NTA Server is greater than 5 minutes.
Type of event: Error. Event ID: 340, 341.
Possible impact: Data in the database could be saved and represented wrongly.
Solution: Synchronize the time between the NTA Server(s) and the database server.
Unmonitored traffic record is missing
This monitor returns the number of events that occur when system records go missing in the NTA table.
Type of event: Event ID: 304.
Solution: Run the Configuration Wizard to repair this problem.
Unable to start listening on port
This monitor returns the number of events when the NTA service cannot start the port listener on NTA port. (Default is port 2055).
Type of event: Event ID: 323.
Impact: NTA Service is not able to receive flows.
Solution: Verify the actual port that is occupied and attempt to free it, or, change the port of the NTA service which can be located on the NTA Settings page.
PDUs Received Per Second
This monitor returns the PDUs received, per second.