cancel
Showing results for 
Search instead for 
Did you mean: 

MX80 Netflow > PRTG or ELK Stack

Comes here often

MX80 Netflow > PRTG or ELK Stack

 

 

I've setup our MX80 to send netflow updates to both PRTG and a ELK stack and both never seem to receive a template update from the MX. I grabbed packets at both endpoints and at the MX and do see netflow packets. I started digging deeper with wireshark and the packets are showing the following even after decoding as cflow:

 

Wireshark Netflow error.PNG

 

Has anyone successfully setup netflow with an MX running firmware 13+ ?

5 REPLIES 5
Kind of a big deal

Re: MX80 Netflow > PRTG or ELK Stack

I haven't tried myself, but this is the general guide for it.

https://documentation.meraki.com/MX/Monitoring_and_Reporting/NetFlow_Overview

Comes here often

Re: MX80 Netflow > PRTG or ELK Stack

Thanks for the reply.

I did look at that. It only really tells you how to turn it on and troubleshoot the flow. The issue I'm having is everything is working and flowing but the packets from the MX are malformed. I read that there is an issue with 13+ firmware with ingress/egress of netflow and may not work with 'some' collectors but having now tried 2 I'm not convinced it isn't just completely broken. 

Here to help

Re: MX80 Netflow > PRTG or ELK Stack

Yes, we can config netflow on MX to monitor traffic on PRTG. Smiley Very Happy 

... but in my case the result is wrong parameters or numbers Smiley Sad

 

Meraki Dashboard: Enable netflow, enter PRTG IP (e.g: a.a.a.a) and netflow port (e.g: 2056) .

PRTG: create a sensor with Receive NetFlow Packets on UDP Port is 2056, sender IP is MX's IP, and time out is 5 mins.

 

If you have PRTG support, you can open a case and post the solution here.

 

Hope this help.

natuan

Comes here often

Re: MX80 Netflow > PRTG or ELK Stack

No such luck on support. We are running the free version with <100 SNMP sensors. I was just looking for a more versatile way to look at the data other than the defaults in dashboard. I'd like to be able to look at a more granular view than just 'past 2 hours/day/week/month'

Kind of a big deal

Re: MX80 Netflow > PRTG or ELK Stack

Why don't you try going to the 14.x firmware.  It is very solid.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.