MX80 Netflow > PRTG or ELK Stack

MattR
Comes here often

MX80 Netflow > PRTG or ELK Stack

 

 

I've setup our MX80 to send netflow updates to both PRTG and a ELK stack and both never seem to receive a template update from the MX. I grabbed packets at both endpoints and at the MX and do see netflow packets. I started digging deeper with wireshark and the packets are showing the following even after decoding as cflow:

 

Wireshark Netflow error.PNG

 

Has anyone successfully setup netflow with an MX running firmware 13+ ?

5 REPLIES 5
PhilipDAth
Kind of a big deal
Kind of a big deal

I haven't tried myself, but this is the general guide for it.

https://documentation.meraki.com/MX/Monitoring_and_Reporting/NetFlow_Overview

MattR
Comes here often

Thanks for the reply.

I did look at that. It only really tells you how to turn it on and troubleshoot the flow. The issue I'm having is everything is working and flowing but the packets from the MX are malformed. I read that there is an issue with 13+ firmware with ingress/egress of netflow and may not work with 'some' collectors but having now tried 2 I'm not convinced it isn't just completely broken. 

natuan
Here to help

Yes, we can config netflow on MX to monitor traffic on PRTG. 😄 

... but in my case the result is wrong parameters or numbers 😞

 

Meraki Dashboard: Enable netflow, enter PRTG IP (e.g: a.a.a.a) and netflow port (e.g: 2056) .

PRTG: create a sensor with Receive NetFlow Packets on UDP Port is 2056, sender IP is MX's IP, and time out is 5 mins.

 

If you have PRTG support, you can open a case and post the solution here.

 

Hope this help.

natuan

MattR
Comes here often

No such luck on support. We are running the free version with <100 SNMP sensors. I was just looking for a more versatile way to look at the data other than the defaults in dashboard. I'd like to be able to look at a more granular view than just 'past 2 hours/day/week/month'

PhilipDAth
Kind of a big deal
Kind of a big deal

Why don't you try going to the 14.x firmware.  It is very solid.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels