How to perform a Quick Health Check

How to get the most out of your CySight software.

How to perform a Quick Health Check

Check List:
  • Check the backend is running.
  • Check the license key is installed
  • Check data being received with tcpdump or wireshark.
  • Check the template is correct with tcpdump or wireshark.
  • Check firewalls both local and enterprise are not preventing flows.
  • Check no previous product installed mysql, java, tomcat. If so remove all older software and reinstall CySight.
  • Check Front-End has more than one left hand menu and data is being received.
Basic Front-End tests

Run a Real-Time->Usage->Device query from left menu. Check the time. If the time is correct it may be that the system is recalculating the bandwidth. The time it takes to do this depends on the number of flows. If data reflects latest time then the Overview should recover after it has been recalculated.

Basic Back-End tests


Check the backend is running. telnet to the localhost on port 30000. The collector will respond with the version. Check the threads and foreach Device thread you can check the processing occurring on that thread.

[root@netflowauditor]# telnet localhost 30000
Trying ::1...
Connected to localhost.
Escape character is '^]'.

==================================================
DigiToll Collector
--------------------------------------------------
Version : 8.5.0
Release Date: 2014-06-20
CollectorID : 127.0.0.1
==================================================

DigiToll> threads

--------------------------------------------------
Device 1001 Thread : GET_READY (running)
Device 1002 Thread : GET_READY (running)
Device 1071 Thread :NORMAL_PROCESSING (running)
Device 1073 Thread :NORMAL_PROCESSING (running)
Device 1074 Thread :NORMAL_PROCESSING (running)
Device 1101 Thread :NORMAL_PROCESSING (running)
File Dumpers Running : 0(0)
Lsum Manager : sleep
SNMP Manager :start snmp re-query timeout interface fields
HealthCheck Updater : Alive
HealthCheck Updater count: 1
Globals State : Sleeping
GU Last Polled : 21 Jun 2014 01:55:06
Device Manager : Sleeping
DM Last Polled : 21 Jun 2014 01:55:07
DP Wrapper State : Sleeping.
DP Last Polled : 21 Jun 2014 01:55:07
DP Thread : Not running
--------------------------------------------------

# SHOW THE PROCESSING OCCURRING FROM EACH EXPORTER #

DigiToll> deviceinfo 1071

--------------------------------------------------
DeviceID 1071
Device Label : NetFlow2057
Device Enabled : True
Device Plugin : CiscoNetFlow
Input count : 1091545
Thread Alive : True
NetFlow Port : 2057
Last Live Dump : Sat Jun 21 01:55:30 EST 2014

Router : 10.12.13.38
IPv4 Live (1) : 4861

Router : 10.12.13.22
IPv4 Live (1) : 138

Router : 10.12.13.17
IPv4 Live (1) : 7203

Router : 10.12.13.48
IPv4 Live (1) : 5738

Router : 10.12.13.49
IPv4 Live (1) : 2654

Router : 10.12.13.47
IPv4 Live (1) : 470
--------------------------------------------------

# IF THE EXPORTS ARE INCrEASING IN SIZE THEN COLLECTION IS WORKING #

DigiToll> deviceinfo 1071
--------------------------------------------------
DeviceID 1071
Device Label : NetFlow2057
Device Enabled : True
Device Plugin : CiscoNetFlow
Input count : 1094978
Thread Alive : True
NetFlow Port : 2057
Last Live Dump : Sat Jun 21 01:55:30 EST 2014

Router : 10.12.13.38
IPv4 Live (1) : 5188

Router : 10.12.13.22
IPv4 Live (1) : 166

Router : 10.12.13.17
IPv4 Live (1) : 7699

Router : 10.12.13.48
IPv4 Live (1) : 6099

Router : 10.12.13.49
IPv4 Live (1) : 2814

Router : 10.12.13.47
IPv4 Live (1) : 517
--------------------------------------------------


telnet localhost 30001.
  • You should see verbose system generated tests. If you see lines that reflect data dumped to database we know backend is working fine
  • To leave the telnet session press Cntrl+] then exit
Linux tests

Some Linux systems if they have iptables firewall on need the iptables to be reflushed “iptables –F”.

Confirm the template is correct for Version 9+ of NetFlow, IPFIX or sflow

match ipv4 tos (Required)
match ipv4 protocol (Required)
match ipv4 source address (Required)
match ipv4 destination address (Required)
match transport source-port (Required)
match transport destination-port (Required)
match interface input (Required)
collect interface output (preferred/Required for egress analysis)
match flow direction (preferred/ required for internal router deduplication when interfaces set to ingress & egress combinations)
match application name
collect datalink dot1q vlan input
collect datalink dot1q vlan output
collect datalink mac source address input
collect datalink mac source address output
collect datalink mac destination address input
collect datalink mac destination address output
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags (preferred)
collect counter bytes (Required)
collect counter packets (Required)
Top

Return to “Tips & Tricks (FAQ)”