How do I configure the sampling rate for a router device within NFA manually?

Document ID : KB000011045
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

In NFA you may sometimes need to manually set the SampleRateOverride setting for a Netflow device if NFA doesn't automatically apply the Sampling rate for a device.  Usually you can identify this by seeing that the volume/rate of data is off by a power of 10.

 For example if you see a graph showing data rates in Kilobytes per second instead of Megabytes per second, the router may have a sample rate of 1000, but since its not in a format that NFA expects, it is not detected.

 

Question:

How do I configure the sampling rate for a router device within NFA manually?

Environment:
NFA 9.3.3 and earlier.
Answer:

You can manually set the SampleRateOverride setting for a specific device by following the steps below on your Harvester server(s).

1. Run the following query to see what the 'SampleRateOverride' setting currently is on your router, note that '1' is the default value:

mysql -P3308 -D harvester -t -e "select inet_ntoa(router), engineid, samplerateoverride from routers where router=inet_aton('x.x.x.x');"

 

**You may see more then one row for your router, this is normal on the Harvester and happens when a router is sending flows from multiple Engine ID's**

 

2. Run below query in the command line of your Harvester Server(s):


            mysql -P3308 -D harvester -t -e "update routers set sampleRateOverride=x where router=inet_aton('x.x.x.x');"
 
       For example if you need to set the SampleRateOverride setting to 1000 for device 10.1.1.1 you would use the command below:

      mysql -P3308 -D harvester -t -e "update routers set samplerateoverride=1000 where router=inet_aton('10.1.1.1');"

 

2)Restart the following services in order:

CA NFA Harvester

CA NFA Poller 

CA NFA DNS/SNMP Proxies

CA NFA Collection and Poller Webservices

CA NFA Reaper Service

3)Verify that the data reflects the sample rate supplied after allowing data to collect for at least 15-30 minutes.

 

Additional Information:

NFA 9.3.6 made some enhancements to how we detect Sampling Rates from some devices, which means in 9.3.6 and later you may not need to change this setting.

If you do need to update 9.3.6 follow the steps here: https://support.ca.com/us/knowledge-base-articles.TEC1982724.html