Fortinet black logo

Administration Guide

Home FortiNDR 7.4.4 Administration Guide
7.4.4
7.4.6
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.3
7.2.2
7.2.1
7.2.0
7.1.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0

Troubleshooting inactive Netflow status

Troubleshooting inactive Netflow status

The Netflow Status widget displays Inactive when no flows are seen in the last five minutes.

To diagnose an inactive Netflow status:
  1. Enure FortiNDR's port UDP 2055, 6343, and 9995 are open. To monitor the packets, run the following CLI command:

    diagnose sniffer packet

    For example: diagnose sniffer packet port1 'port 9995'

  2. Verify that HA mode is off. Netflow does not support HA: secondary mode.

    Run the following CLI command:

    get system status

  3. Check the logs to see if there are any crashes related to the flow daemon. The following CLI commands can retrieve logs:

    diagnose debug crashlog <crash_log_date>

    diagnose sys top

    diagnose deb database error

  4. Try reloading the daemon with the CLI:

    execute reload [<daemon_name>]

    Note

    If you use the command execute netflow on:

  5. Be aware that it takes time for the daemon to activate after running execute reload and the daemon does not immediately indicate that it is on. We recommend waiting a few seconds before checking its status.
Previous
Next

Troubleshooting inactive Netflow status

Troubleshooting inactive Netflow status

The Netflow Status widget displays Inactive when no flows are seen in the last five minutes.

To diagnose an inactive Netflow status:
  1. Enure FortiNDR's port UDP 2055, 6343, and 9995 are open. To monitor the packets, run the following CLI command:

    diagnose sniffer packet

    For example: diagnose sniffer packet port1 'port 9995'

  2. Verify that HA mode is off. Netflow does not support HA: secondary mode.

    Run the following CLI command:

    get system status

  3. Check the logs to see if there are any crashes related to the flow daemon. The following CLI commands can retrieve logs:

    diagnose debug crashlog <crash_log_date>

    diagnose sys top

    diagnose deb database error

  4. Try reloading the daemon with the CLI:

    execute reload [<daemon_name>]

    Note

    If you use the command execute netflow on:

  5. Be aware that it takes time for the daemon to activate after running execute reload and the daemon does not immediately indicate that it is on. We recommend waiting a few seconds before checking its status.
Previous
Next