DX Unified Infrastructure Management

  • Private Community

  • 1.  Tech Tip: NFA 9.1 NetFlow Verification on Windows and Linux Harvesters

    Broadcom Employee
    Posted Jan 16, 2013 12:34 PM

    In NFA 9.1 if you need to verify that NetFlow data is making to your Windows Harvester, there is a Support Tool available called NASTv11.exe (NetFlow Analysis Support Tool).
    Many of you may remember the NFAParser tool from earlier versions of RA, and this tool works very much the same way.

    The tool can be downloaded from the FTP link below to your Harvester where you want to verify NetFlow data.
    ftp://ftp.ca.com/pub/netqos/supporttools/releasedtools/NASTv11.exe

    To run it just double click the exe or run it from the command prompt.

    This will pop up a command prompt window asking for you to choose how long of a report you want to run.

    The default is 5 minutes, but you can run it for as little as 1 minute.

    Note that the more data you have the longer this can run.

    This will pop up an *.htm web page file that will display all of the raw NetFlow data for each device that is sending NetFlow to this router if the Netflow is being sent in the proper format.

    So if you are missing a device or interface in NFA, please run this on your Harvester first to verify data is showing up. Many times in Support we will ask for this as a first step.

    As for Linux Harvesters, this tool does not work there, however you can copy over the NFA files from the Linux harvester to a Windows harvester and run the NAST tool from that directory.
    For more details on this please see the tech doc at the URL below.

    https://comm.support.ca.com/?legacyid=TEC584499



  • 2.  Re: [CA Network Flow Analysis] Tip: NFA 9.1 NetFlow Verification on Windows

    Posted Jan 16, 2013 12:37 PM
    The NFAParser could be run in silent mode. Can the NAST tool do that? If
    so, is it the same syntax as the NFAParser?


  • 3.  RE: Re: [CA Network Flow Analysis] Tip: NFA 9.1 NetFlow Verification on Win

    Broadcom Employee
    Posted Jan 16, 2013 01:01 PM
    Good point Stuart. Yes I just tested this via command line and it does still work.

    The syntax for a 5 minute report would be like below from the directory where the NASTv11.exe tool is located.

    It will dump the file in the same directory where you run the command from, the file name will be like "nfasummary2013-01-16 12-52-00_thru_2013-01-16 12-57-00.htm"


    D:\>NASTv11.exe batch 5
    _/ _/ _/_/_/_/_/ _/_/_/_/
    _/_/ _/ _/ _/ _/ _/
    _/ _/ _/ _/_/_/ _/_/_/ _/ + _/ _/_/_/ _/
    _/ _/ _/ _/ _/ _/ _/ NAST _/ _/ _/ _/_/_/_/
    _/ _/ _/ _/_/_/ _/ _/ + _/ _/ _/ _/
    _/ _/_/ _/ _/ _/ _/ _/ _/ _/
    _/ _/ _/_/_/ _/ _/_/_/_/_/ _/_/_/ _/_/_/_/
    _/
    _/_/


    This should be done before this sentence registers in your coffee-riddled brain.

    ################################################################################

    5>> Dumping 1358359020.nfa for parsing, stand by... Dumped
    Parsing log file
    100% [============================================================================

    4>> Dumping 1358358960.nfa for parsing, stand by... Dumped
    Parsing log file
    100% [============================================================================

    3>> Dumping 1358358900.nfa for parsing, stand by... Dumped
    Parsing log file
    100% [============================================================================

    2>> Dumping 1358358840.nfa for parsing, stand by... Dumped
    Parsing log file
    100% [============================================================================

    1>> Dumping 1358358780.nfa for parsing, stand by... Dumped
    Parsing log file
    100% [============================================================================

    Generating HTML output, sit tight
    100% [============================================================================
    Finished.
    5 NFA file(s) processed.
    FlowTime: 5 minutes
    ################################################################################


  • 4.  RE: Re: [CA Network Flow Analysis] Tip: NFA 9.1 NetFlow Verification on Win

    Posted Jan 16, 2013 01:13 PM
    Awesome thanks. No huge updates my automated NFA parser then.

    Also, any thought to making it possible to run the CIG silently?


  • 5.  RE: Re: [CA Network Flow Analysis] Tip: NFA 9.1 NetFlow Verification on Win

    Broadcom Employee
    Posted Jan 16, 2013 01:27 PM
    The SupportCIG is no longer actively being updated, so I don't believe you will see a silent way to run the SupportCIG.

    We are moving to the a CA Standard Tool called the CACDF which should be available shortly for the newer NetQos family of products.

    By the way the CIG will not gather everything needed on an NFA server since the directories and database structures have changed.

    CACDF will eventually be released for NFA and the Linux Harvester as well, I don't have an ETA on this yet, Development is working on this.

    CACDF is ready however for CAPC and Data Aggregator, but that would be a separate thread, the link below however will give you some details on this if you are interested.

    https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={F28A4276-4D05-4E8B-8D30-C4D354ACFDC0}


  • 6.  RE: Re: [CA Network Flow Analysis] Tip: NFA 9.1 NetFlow Verification on Win

    Posted Feb 11, 2013 09:57 AM
    And just to be clear, the NAST tool doesn't work for anyone who isn't a brand new customer since it only works for 9.1. If you're still running 9.0 because you didn't want to lose your historical data, you'll still need to use the NFA parser. There does appear to be a newer version though, NFAParserv10. Suggestion support: make the version numbers for the tools the same as the version number for the product on which it runs. It used to be that way and is why NFA parser started out at v8 (when RA v8 was out).


  • 7.  RE: Re: [CA Network Flow Analysis] Tip: NFA 9.1 NetFlow Verification on Win

    Broadcom Employee
    Posted Feb 11, 2013 12:20 PM
    Thats correct, NASTv11.exe is only for NFA 9.1.x.

    Earlier versions use the NFAParser still. Below are which versions of the parser should be used with each RA build:

    RA 9.0.161 should use NFAParserv10.exe
    ftp://ftp.ca.com/pub/netqos/supporttools/releasedtools/NFAParserv10.exe

    RA 9.0.118 should use NFAParserv9.exe
    ftp://ftp.ca.com/pub/netqos/supporttools/releasedtools/NFAParserv9.exe

    RA 8.x uses NFAParserv8.exe
    ftp://ftp.ca.com/pub/netqos/supporttools/releasedtools/NFAParserv8.exe

    **Note** RA 8.x is no longer supported at this point in time.


  • 8.  RE: Re: [CA Network Flow Analysis] Tip: NFA 9.1 NetFlow Verification on Win

    Posted Feb 11, 2013 01:55 PM
    This is good info, thanks Chris.

    See what i mean about version numbers not matching? It would be nice if NASTv11 were versioned 9.1 instead of 11. Same for NFAParserv10; it should be NFAParserv9.0.161.