Overview:
This knowledge-based article provides guidance for support agents to troubleshoot and resolve an issue related to incorrect destination IP addresses on a Mediation server for Netflow collector scenarios. It outlines the problem statement reported by the customer and provides information for analyzing and resolving similar issues in the future.
Problem Statement:
The customer has reported an issue regarding incorrect destination IP addresses being recorded on the Mediation server. The customer has shared specific records, including IP addresses, timestamps, and filenames, which indicate that the Address fields of CFLOW requests are displaying inaccurate information. Additionally, the customer has provided Wireshark traces showing both correct and incorrect IP address entries.
Information:
-
Gather Relevant Details:
- The impacted server details (e.g., server name or IP address).
- The exact start time of the issue.
- Were there any recent changes made to the system prior to the issue?
- Application services affected by the issue.
- Request error or trace logs associated with the problem.
- Wireshark traces of the Netflow messages sent to the Mediation server with correct and incorrect records and an example from the CFG logs.
-
Analyze Wireshark Traces:
- Review the Wireshark traces provided by the customer.
- Identify incorrect destination IP addresses and corresponding source IP addresses.
- Compare with correct destination IP addresses from the traces.
Conclusion
-
- If the Wireshark traces reveal that these IP Addresses are coming from upstream network elements please share evidence and ask the customer to check with their external network element as this is not an issue with CGF/Mediation Server.
- Example:
Comments
0 comments
Article is closed for comments.