Hi
I sent a mail last week where I stated problems I think I'm having with the
cflowdmux program.
To convince myself that the problem lies in the server I wrote a small UDP
listener in Perl
and I'm definately receiving Netflow UDP packets from my router.
If I'm just having empty logs in my /usr/local/arts/data/cflowd/flows
directory, i.e.
[root@halflife flows]# ls -al
total 8
drwxr-xr-x 2 root root 4096 Jun 8 01:27 .
drwxr-xr-x 4 root root 4096 Jun 8 01:37 ..
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.0
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.1
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.2
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.3
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.4
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.5
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.6
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.7
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.8
-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.9
[root@halflife flows]#
By doing f.x. cat on these files gives me nothing so they are obviously
empty as I verified.
I have seen in the mailing list archive that people have had similar
problems and nowhere
was there an obvious solution, one recommended doing make install again
which I did but
it didn't better the situation.
I would very much appreciate help on this matter. You all probably received
my previous letter
and I changed the cflowd.conf a bit, (simplyfing it and less criteria on
information, f.x. only collect flows).
Also I include my Netflow config in the CISCO 36xx I'm trying to collect
from,
ip flow-aggregation cache source-prefix
cache entries 1024
cache timeout inactive 300
cache timeout active 5
export destination 5.6.7.8 9992
enabled
!
interface FastEthernet0/0
ip address 1.2.3.4 255.255.255.0
ip accounting output-packets
ip route-cache policy
ip route-cache flow
speed auto
half-duplex
no cdp enable
!
[root@halflife etc]# more cflowd.conf
OPTIONS {
# syslog to local6 facility.
LOGFACILITY: local6
# Listen for connections from cfdcollect on port 2056.
TCPCOLLECTPORT: 2056
# Use a 2 megabyte packet buffer in shared memory.
PKTBUFSIZE: 2097152
# Use /usr/local/arts/etc/cflowdtable.socket as named stream socket
# for connections from local clients (cfdases et. al.)
TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
# Keep raw flow files in /usr/local/arts/data/cflowd/flows directory.
FLOWDIR: /usr/local/arts/data/cflowd/flows
# Each raw flow file should be 1000000 bytes in length.
FLOWFILELEN: 1000000
# Keep 10 raw flow files per router.
NUMFLOWFILES: 10
# Log total missed flows from a router if it exceeds 1000 between
# connections from cfdcollect.
MINLOGMISSED: 1000
}
COLLECTOR {
HOST: 5.6.7.8 # IP address of central collector
ADDRESSES: { 5.6.7.8, localhost, 127.0.0.1 }
AUTH: none
}
CISCOEXPORTER {
HOST: 1.2.3.4 # IP address of Cisco sending data.
ADDRESSES: { 1.2.3.4 } # Addresses of interfaces on Cisco
CFDATAPORT: 9992 # Port on which to listen for
data.
SNMPCOMM: 'public' # SNMP community name.
LOCALAS: 12969 # Local AS of Cisco sending data.
COLLECT: { flows }
}
Halldor Karl Hognason E.E.
Islandssimi hf.
Borgartun 30
105 Reykjavik
ICELAND
E-mail: halldor.hognason@islandssimi.is
Tel: +354 5955016
Mob: +354 820 5016
Fax: +354 5955050
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 19:34:18 PDT