Halldor,
what happens when you do 'flowwatch all' in the directory where you keep
your raw flowfiles? Do you see flows?
Frank
At 02:09 11-6-2001 +0000, Halldór Högnason wrote:
>Hi
>
>I sent a mail last week where I stated problems I think I'm having with the
>cflowdmux program.
>To convince myself that the problem lies in the server I wrote a small UDP
>listener in Perl
>and I'm definately receiving Netflow UDP packets from my router.
>
>If I'm just having empty logs in my /usr/local/arts/data/cflowd/flows
>directory, i.e.
>
>[root@halflife flows]# ls -al
>total 8
>drwxr-xr-x 2 root root 4096 Jun 8 01:27 .
>drwxr-xr-x 4 root root 4096 Jun 8 01:37 ..
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.0
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.1
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.2
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.3
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.4
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.5
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.6
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.7
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.8
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.9
>[root@halflife flows]#
>
>By doing f.x. cat on these files gives me nothing so they are obviously
>empty as I verified.
>I have seen in the mailing list archive that people have had similar
>problems and nowhere
>was there an obvious solution, one recommended doing make install again
>which I did but
>it didn't better the situation.
>
>I would very much appreciate help on this matter. You all probably received
>my previous letter
>and I changed the cflowd.conf a bit, (simplyfing it and less criteria on
>information, f.x. only collect flows).
>
>Also I include my Netflow config in the CISCO 36xx I'm trying to collect
>from,
>
>ip flow-aggregation cache source-prefix
> cache entries 1024
> cache timeout inactive 300
> cache timeout active 5
> export destination 5.6.7.8 9992
> enabled
>!
>
>interface FastEthernet0/0
> ip address 1.2.3.4 255.255.255.0
> ip accounting output-packets
> ip route-cache policy
> ip route-cache flow
> speed auto
> half-duplex
> no cdp enable
>!
>
>
>[root@halflife etc]# more cflowd.conf
>OPTIONS {
> # syslog to local6 facility.
> LOGFACILITY: local6
>
> # Listen for connections from cfdcollect on port 2056.
> TCPCOLLECTPORT: 2056
>
> # Use a 2 megabyte packet buffer in shared memory.
> PKTBUFSIZE: 2097152
>
> # Use /usr/local/arts/etc/cflowdtable.socket as named stream socket
> # for connections from local clients (cfdases et. al.)
> TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
>
> # Keep raw flow files in /usr/local/arts/data/cflowd/flows directory.
> FLOWDIR: /usr/local/arts/data/cflowd/flows
>
> # Each raw flow file should be 1000000 bytes in length.
> FLOWFILELEN: 1000000
>
> # Keep 10 raw flow files per router.
> NUMFLOWFILES: 10
>
> # Log total missed flows from a router if it exceeds 1000 between
> # connections from cfdcollect.
> MINLOGMISSED: 1000
>}
>
>COLLECTOR {
> HOST: 5.6.7.8 # IP address of central collector
> ADDRESSES: { 5.6.7.8, localhost, 127.0.0.1 }
> AUTH: none
>}
>
>CISCOEXPORTER {
> HOST: 1.2.3.4 # IP address of Cisco sending data.
> ADDRESSES: { 1.2.3.4 } # Addresses of interfaces on Cisco
> CFDATAPORT: 9992 # Port on which to listen for
>data.
> SNMPCOMM: 'public' # SNMP community name.
> LOCALAS: 12969 # Local AS of Cisco sending data.
> COLLECT: { flows }
>}
>
>
>
>
>
>Halldor Karl Hognason E.E.
>Islandssimi hf.
>Borgartun 30
>105 Reykjavik
>ICELAND
>
>E-mail: halldor.hognason@islandssimi.is
>Tel: +354 5955016
>Mob: +354 820 5016
>Fax: +354 5955050
>
>
>--
>cflowd mailing list
>cflowd@caida.org
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Mon Jun 11 2001 - 01:12:49 PDT