Re: Not getting Data from cflowd

From: Todd Caine (todd_caine@eli.net)
Date: Mon Nov 06 2000 - 15:27:36 PST

Next message: Charles: "Has anyone writen a script to:"

Previous message: Dana Watanabe: "Not getting Data from cflowd"
In reply to: Dana Watanabe: "Not getting Data from cflowd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

First of all, get syslog working. Use logger(1) to make sure you can receive
syslog messages,
try:
/usr/bin/logger -p local6.debug "This is a test"

Send a sighup to syslogd as root,
try:
sudo kill -1 `ps -ef | grep /usr/sbin/syslogd | awk '{ print $2 }'`

If you can't get it to work then try stopping and restarting syslogd via your rc
scripts under /etc/rc#.d/,
try:
sudo /etc/rc#.d/S##syslogd stop; sudo /etc/rc#.d/S##syslogd start

Now try logger again. Once you get syslog messages working for local6.* or
whatever syslog facility you have configured cflowd to use, then try running them
again and use the archive to troubleshoot.

Regards,
Todd Caine

Dana Watanabe wrote:

> I'm running cflowdmux, cflowd and cfdcollect all on:
> SunOS miles 5.7 Generic sun4u sparc SUNW,Ultra-60
>
> Running the programs seems to not collect any data. I can run Cisco
> NetFlowCollector and its collects data. And i have cflowd running to
> collect data on the same port. But when i turn of NFC and run cflow, it
> doesn't store anything.
>
> What i've done/noticed...
>
> I did the shmsys thing in /etc/system
>
> When i run the three programs, i get no messages in syslog (if i've made
> an error in cflowd.conf, i get error messages, though)
>
> There is an arts.YYYYMMDD file that gets created in the dataDirectory,
> but it stays at 0 size.
>
> The flow files in FLOWDIR get created, but i'm pretty sure are untouched
> and only contain null characters.
>
> When i run cflowdmux, *.9995 shows up in netstat.
> These lines show up in ipcs:
> m 101 0x6cd9 --rw-r--r-- dwatanab oac dwatanab oac
> 1 1052672 3701 3701 13:28:34 no-entry 13:28:34
> s 65536 0x6cd9 --ra-ra-ra- dwatanab oac dwatanab oac
> 2 13:28:51 13:28:34
>
> When i run cflowd, *.2056 shows up in netstat, along with:
>
> 300019be800 stream-ord 30003ead5b8 00000000 /opt/arts/cflowdtable.socket
>
> Running ipcs changes the memory entry to:
> m 101 0x6cd9 --rw-r--r-- dwatanab oac dwatanab oac
> 2 1052672 3701 3846 13:31:38 no-entry 13:28:34
>
> When i run cfdcollect, i get the following in netstat:
>
> 127.0.0.1.32856 127.0.0.1.2056 32768 0 32768 0 ESTABLISHED
> 127.0.0.1.2056 127.0.0.1.32856 32768 0 32768 0 ESTABLISHED
>
> and again the line in ipcs has changed:
>
> m 101 0x6cd9 --rw-r--r-- dwatanab oac dwatanab
> oac 2
> 1052672 3701 4214 13:31:38 13:44:00 13:28:34
>
> here's the only weird thing i've noticed... process 4214 doesn't exist.
> 3701 is cflowdmux and 3846 is cflowd, but when i went to check 4214 it's
> not there. 65536 seems like an odd ID number too...
>
> I've tried running it as root, running it not as root and all the same results.
> --
> cflowd mailing list
> cflowd@caida.org

--
cflowd mailing list
cflowd@caida.org

Next message: Charles: "Has anyone writen a script to:"
Previous message: Dana Watanabe: "Not getting Data from cflowd"
In reply to: Dana Watanabe: "Not getting Data from cflowd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Nov 06 2000 - 15:41:53 PST