SolutionPack for Traffic Flows 2.0 Summary Sheet – Service Assurance Suite 9.4.1

Table of Contents

Overview

Learn how to install and configure the SolutionPack for Traffic Flows. This SolutionPack provides reports that give you a clear understanding of your IT network traffic. It generates a wide spectrum of network traffic reports that highlight key performance indicators (such as router CPU and processor memory used and the most active network devices and applications) to help you better understand their impact on the network of your data center.

Back to Top

Technical specifications

SolutionPack version

2.0

Compatible EMC M&R versions

6.4 and later

Support list

Netflow v5.0 and v9.0

Cisco ASA NSEL (Network Security Event Logs)

IP Flow Information Export (IPFIX) v10

Data collection method

Flow Listener

Main reports

Global, Exporter, Interface-level Reporting

TopN Reports

Conversations

Protocol and Applications

Back to Top

Where to find the latest SolutionPack software

Install the latest core software update for your product suite. SolutionPacks distributed with core software have a 30-day free evaluation period. If you plan to use the software longer than 30 days, you must install a SolutionPack license before the trial period ends.

This 30-day free evaluation only applies to new installations and is not available for upgraded installations. If you upgrade the core software and want to try a new SolutionPack, you must request a license for that SolutionPack by completing a Support Request (SR) form, which is available on the EMC Online Support website at http://support.emc.com.

Back to Top

Installing a SolutionPack

After you log in as an administrator, you can install a SolutionPack from Centralized Management.

Before you begin

  • Determine whether you need a SolutionPack license file by checking the feature names and expiration dates listed in Centralized Management > License Management. If not listed, obtain a license by completing a Support Request (SR) form, which is available on the EMC Online Support website at http://support.emc.com.

  • Make sure the core modules, such as the Module-Manager, are up-to-date on all servers since not all module dependencies are validated during the SolutionPack installation. See the EMC M&R (Watch4net) Installation and Configuration Guide for more information.

Procedure

  1. Log in to the EMC M&R platform with your user name and password.
  2. Select Administration.
  3. Select Centralized Management.
  4. Select SOLUTIONPACK CENTER.
  5. Select the SolutionPack in the Browse and Install SolutionPacks screen.
  6. Read the summary information and click Install.
  7. Select the components to install.
    1. Type the instance name.
    2. Select the servers in one or more list boxes. For example, select the server in the Flow Database, Flow Collection, and Reports list boxes.
    3. Click Next.
  8. For each list box you select, a screen appears.
    1. Click Next after you complete each screen.
    2. Click Install after you complete the last screen.
    The installation process begins.
  9. Select the maximize arrow next to each component to view the installation process.
    When the installation successfully completes, green checkmarks appear.
  10. Select Centralized Management > SolutionPack to verify the installed SolutionPack.
Back to Top

Post installation tasks

After you install the SolutionPack for Traffic Flows, complete these tasks in the following order.

  1. Starting the Flow database
  2. Creating the tables in the Flow datastore
  3. Starting the Event Processing Manager
  4. Enabling event reporting in SolutionPack for Traffic Flows
  5. Starting the Tomcat service
Back to Top

Starting the Flow database

Procedure

To start the Flow database, execute <Install_Directory>/opt/APG/bin/manage-modules.sh service start datastore Default
Back to Top

Creating the tables in the Flow datastore

Procedure

  1. Follow these steps to create the tables in the Flow datastore:
    Operating system Steps
    Windows
    1. Navigate to APG\Event-Processing\APG-Datastore-Writer\<instance_name>\dll.

      The instance name was set during the installation of the SolutionPack.

    2. Open the setup-db.dll file and copy its contents.
    3. Navigate to APG\Databases\APG-Datastore\Default\bin.
    4. Run the datastore-client.cmd script to connect to the datastore.
    5. At the SQL> prompt, press CTRL+V to paste the contents from the buffer.
    Linux
    1. Navigate to /opt/APG/Event-Processing/APG-Datastore-Writer/<instance_name>/dll.

      The instance name was set during the installation of the SolutionPack.

    2. Type /opt/APG/Databases/APG-Datastore/Default/bin/datastore-client.sh < flow-setup-db.ddl.
    3. To check the progress of the above command, type /opt/APG/Databases/APG-Datastore/Default/bin/datastore-client.sh.
    A message similar to this appears:
    Welcome to APG-Datastore 5.0 CLI (Ctrl+D to exit).
    Connected to jdbc:x100://localhost:12345/ !
    sql>
  2. To view the new tables in the Flow datastore, type .tables; at the SQL> prompt.
Back to Top

Starting the Event Processing Manager

By starting the Event Processing Manager (EPM), you begin traffic flow collection.

Before you begin

Before starting EPM, use the Simple Network Management Protocol (SNMP) to discover the flow exporters, which are managed as routers, into the EMC M&R platform.

Procedure

  1. To start EPM, type /opt/APG/bin/manage-modules.sh service start event-processing-manager <instance_name>
  2. To verify EPM has started, check the processing-0­0.log file in /opt/APG/Event­Processing/Event-Processing-Manager/<instance_name>.
    This message appears at the end of the log:
    Processing manager started!
  3. Ignore this warning in the log file:
    WARNING -- [2013-12-16 08:13:50 EST] -- ComponentClassLoader::init(): Component type
    EventPropertyTagger is deprecated, please update your Event-Processing-Manager configuration to use
    Event-Property-Tagger instead !

Example

Back to Top

Enabling event reporting in SolutionPack for Traffic Flows

For new installations only, enable the event reporting features.

Run these commands once after a new installation.Do not run these commands after an upgrade or reconfiguration.

Procedure

  1. For Linux, execute these commands from the APG/bin directory:
    #./manage-resources.sh update dba/FLOW-TF-DATA '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-PROTO '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-APP '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-SRCADDR '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-DSTADDR '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-CONV '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-HOSTS '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-NOSNMP '
    {"disabled":false}
    '
    #./manage-resources.sh update dba/FLOW-TF-ALLPORTS '
    {"disabled":false}
    '
    .manage-resources.sh update dba/FLOW-TF-INT '
    {"disabled":false}
    '
    
  2. For Windows, execute these commands from the APG\bin folder:
    manage-resources.cmd update dba/FLOW-TF-DATA
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-PROTO
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-APP
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-SRCADDR
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-DSTADDR
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-CONV
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-HOSTS
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-NOSNMP
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-ALLPORTS
    {"disabled":false}
    manage-resources.cmd update dba/FLOW-TF-INT
    {"disabled":false}
    
  3. Restart the Tomcat service in order to make the changes effective
Back to Top

Starting the Tomcat service

Procedure

To start the Tomcat service, execute /opt/APG/bin/manage-modules.sh service restart tomcat Default
Back to Top

Confirming report creation

After you install a SolutionPack, you can view its reports.

To view the reports:

Procedure

  1. Go to User Interface > Report Library.
  2. Click the SolutionPack to view its reports.

Results

It may take up to an hour to display all relevant information in these reports.

Back to Top

Troubleshooting

Report display problems

Back to Top

What to do if data does not appear in any reports

Procedure

  1. After the completion of at least three collection cycles, verify if data is populating into the reports. If there is still no data in the reports, continue to the next step.
  2. Run the scheduled task to import data into reports. If there is still no data in the reports, continue to the next step.
  3. To view the log files for errors, go to Centralized Management and click Logical Overview > Collecting > Collector-Manager::<instance name> > Log Files.
Back to Top

Running a scheduled task to import data into reports

After you push a new configuration into a collector, a scheduled task runs and populates the reports with new data. You can manually run the scheduled task to import the data more quickly.

Before you begin

Allow at least three polling cycles to pass before manually running the scheduled task.

Procedure

  1. Click Administration.
  2. Click Centralized Management.
  3. Expand Scheduled Tasks.
  4. Click Database.
  5. Select the import-properties-Default task.
  6. Click Run Now.
  7. Confirm success in running the task in the Last Result and Last Result Time columns.
Back to Top

What to do if data does not appear in some reports

Procedure

  1. Run the scheduled task to import data into reports. If there is still no data in the reports, continue to step 2.
  2. Search for the metric in the database.
  3. To view the log files for errors, go to Centralized Management and click Logical Overview > Collecting > Collector-Manager::<instance name> > Log Files.
Back to Top

Searching for metrics in the database

You can verify that a metric is being collected and used for reporting when you search and find the metric in the database.

Procedure

  1. Click Administration .
  2. Under Modules, click Management of Database Metrics.
  3. On the Metric Selection page, create the filter, type the number of results, and select the properties to display for the metric.
    For example, to list up to 100 results of the Capacity metric with the properties of device and IP, type name=='Capacity' in the Filter field, 100 in the Maximum results field, and select device and IP for the Properties to show.
  4. Click Query.
    A list of the metric results appears. If nothing displays, the metric is not being collected.
Back to Top

Viewing collector errors in the Collector-Manager log files

Review the Collector-Manager log files to troubleshoot problems with data collection.

Procedure

  1. Click Administration.
  2. Click Centralized Management > Logical Overview.
  3. Expand Collecting.
  4. Click the Collector-Manager for your collector instance.
    Collector-Manager::<Collector-Manager instance> - <host_ID>
  5. Expand Log Files and click the View File icon to review the error messages.
Back to Top