Re: help getting started - no data...

From: Sheryl Zimmermann (szim@tnoc.5sigcmd.army.mil)
Date: Fri Nov 03 2000 - 05:43:40 PST

  • Next message: Zimmerman, Sheryl Ms.: "RE: help getting started - no data..."

    > Please forgive my presumption - I am getting the following dead.letter
    > errors, and I could really use some help!

      ----- The following addresses had permanent fatal errors -----
    "|/home/petidomo/bin/hermes cflowd"
        (expanded from: <cflowd@caida.org>)

       ----- Transcript of session follows -----
    or... User unknown
    /no/such/directory/dead.letter... cannot open
    /no/such/directory/dead.letter: No such file or directory

    > Really hope someone can help!
    >
    > Everything appears to have compile ok.
    > I'm running 12.01 (11) on a 3600 router. I am exporting to my host
    > using port 2055. When I do a
    > "sh ip flow export", everything looks good.
    > when I run snoop on my sun host (running 2.7) where both cfdcollect
    > and cflowd are running, it shows a large number of udp packets coming
    > in on port 2055.
    > I have flow files being created as per my specs in cflowd.conf. But no
    > arts files.
    > And when I use the sample perl script that Dave Plonka gave Cflow.pm
    > (changed to TCP and port 80), I get the following results:
    > XXXX.flows.0: Invalid index in flow data file: 0! Version 5
    > flow-export is required with *all* data being saved using the COLLECT
    > field of the CISCOEXPORTER stanza(s)!
    >
    > My CISCOEXPORTER stanza reads:
    > CISCOEXPORTER {
    > HOST: XXX.XXX.XXX.XXX # IP address of Cisco sending
    > data.
    > ADDRESSES: {XXX.XXX.XXX.XXX , # Addresses of interfaces on
    > Cisco
    > XXX.XXX.XXX.XXX,
    > XXX.XXX.XXX.XXX} # sending data.
    > CFDATAPORT: 2055 # Port on which to listen for
    > data.
    > SNMPCOMM: 'PUBLIC' # SNMP community name.
    > COLLECT: { flows }
    > }
    >
    > (excuse the XXX's, but need to protect the innocent!)
    >
    > I am receiving no messages from the syslog.

    Also, the shared memory and semaphores appear correct when we do an ipsc
    -a, as well as the ports looking as they should (netstat -an,
    snoop). This router WAS configured prior to this for exporting Protocol
    and DetailHostMatrix data in binary to an NFC. Would that have any
    effect on how cflowd goes to gather data now?

    >
    >
    > Can someone please point me to what might be going wrong??
    >
    >
    >
    > --
    >
    > Shery Zimmerman - Litton PRC
    > 5th Signal TNOC - Design and Performance
    > DSN 380-4034
    >
    >

    --
    

    Shery Zimmerman - Litton PRC 5th Signal TNOC - Design and Performance DSN 380-4034

    -- cflowd mailing list cflowd@caida.org



    This archive was generated by hypermail 2b29 : Fri Nov 03 2000 - 05:55:51 PST