Hi
No, don't see anything. My syslog shows me however that I'm definately
receiving flows
from my router, i.e,
Jun 11 09:40:14 halflife cfdcollect[22487]: [I] connected to localhost:2056
Jun 11 09:40:22 halflife cflowd[30034]: [I] sent data to 127.0.0.1:1999
Jun 11 09:40:22 halflife cfdcollect[22487]: [I] localhost has data for 1
router.
Jun 11 09:40:22 halflife cfdcollect[22487]: [I] got data for router 1.2.3.4
from localhost
Jun 11 09:40:22 halflife cfdcollect[22487]: [I] wrote data for router
1.2.3.4
Jun 11 09:40:22 halflife cfdcollect[22487]: [I] sleeping for 291 seconds.
Jún 11 09:42:07 halflife PAM_pwdb[30058]: (su) session opened for user root
by halldor(uid=502)
Jun 11 09:42:26 halflife flowwatch: [I] got semaphore: id 1
Jun 11 09:42:26 halflife flowwatch: [I] attached to 2101248 byte packet
queue at 0x40185000
Jun 11 09:45:13 halflife cfdcollect[22487]: [I] awakened by alarm.
Jun 11 09:45:14 halflife cfdcollect[22487]: [I] connected to localhost:2056
Jun 11 09:45:24 halflife cflowd[30086]: [I] sent data to 127.0.0.1:2000
Jun 11 09:45:24 halflife cfdcollect[22487]: [I] localhost has data for 1
router.
Jun 11 09:45:24 halflife cfdcollect[22487]: [I] got data for router 1.2.3.4
from localhost
Jun 11 09:45:24 halflife cfdcollect[22487]: [I] wrote data for router
1.2.3.4
Jun 11 09:45:24 halflife cfdcollect[22487]: [I] sleeping for 289 seconds.
Best regards,
Halldor
Halldor Karl Hognason E.E.
Islandssimi hf.
Borgartun 30
105 Reykjavik
ICELAND
E-mail: halldor.hognason@islandssimi.is
Tel: +354 5955016
Mob: +354 820 5016
Fax: +354 5955050
frank hellemink
<druid@helms-deep.c To: "Halldór Högnason" <Halldor.Hognason@islandssimi.is>,
hello.com> cflowd@caida.org
cc:
11.06.2001 07:58 Subject: Re: cflowdmux running without errors but no data coming in
Halldor,
what happens when you do 'flowwatch all' in the directory where you keep
your raw flowfiles? Do you see flows?
Frank
At 02:09 11-6-2001 +0000, Halldór Högnason wrote:
>Hi
>
>I sent a mail last week where I stated problems I think I'm having with
the
>cflowdmux program.
>To convince myself that the problem lies in the server I wrote a small UDP
>listener in Perl
>and I'm definately receiving Netflow UDP packets from my router.
>
>If I'm just having empty logs in my /usr/local/arts/data/cflowd/flows
>directory, i.e.
>
>[root@halflife flows]# ls -al
>total 8
>drwxr-xr-x 2 root root 4096 Jun 8 01:27 .
>drwxr-xr-x 4 root root 4096 Jun 8 01:37 ..
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.0
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.1
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.2
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.3
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.4
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.5
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.6
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.7
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.8
>-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.9
>[root@halflife flows]#
>
>By doing f.x. cat on these files gives me nothing so they are obviously
>empty as I verified.
>I have seen in the mailing list archive that people have had similar
>problems and nowhere
>was there an obvious solution, one recommended doing make install again
>which I did but
>it didn't better the situation.
>
>I would very much appreciate help on this matter. You all probably
received
>my previous letter
>and I changed the cflowd.conf a bit, (simplyfing it and less criteria on
>information, f.x. only collect flows).
>
>Also I include my Netflow config in the CISCO 36xx I'm trying to collect
>from,
>
>ip flow-aggregation cache source-prefix
> cache entries 1024
> cache timeout inactive 300
> cache timeout active 5
> export destination 5.6.7.8 9992
> enabled
>!
>
>interface FastEthernet0/0
> ip address 1.2.3.4 255.255.255.0
> ip accounting output-packets
> ip route-cache policy
> ip route-cache flow
> speed auto
> half-duplex
> no cdp enable
>!
>
>
>[root@halflife etc]# more cflowd.conf
>OPTIONS {
> # syslog to local6 facility.
> LOGFACILITY: local6
>
> # Listen for connections from cfdcollect on port 2056.
> TCPCOLLECTPORT: 2056
>
> # Use a 2 megabyte packet buffer in shared memory.
> PKTBUFSIZE: 2097152
>
> # Use /usr/local/arts/etc/cflowdtable.socket as named stream socket
> # for connections from local clients (cfdases et. al.)
> TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
>
> # Keep raw flow files in /usr/local/arts/data/cflowd/flows directory.
> FLOWDIR: /usr/local/arts/data/cflowd/flows
>
> # Each raw flow file should be 1000000 bytes in length.
> FLOWFILELEN: 1000000
>
> # Keep 10 raw flow files per router.
> NUMFLOWFILES: 10
>
> # Log total missed flows from a router if it exceeds 1000 between
> # connections from cfdcollect.
> MINLOGMISSED: 1000
>}
>
>COLLECTOR {
> HOST: 5.6.7.8 # IP address of central collector
> ADDRESSES: { 5.6.7.8, localhost, 127.0.0.1 }
> AUTH: none
>}
>
>CISCOEXPORTER {
> HOST: 1.2.3.4 # IP address of Cisco sending data.
> ADDRESSES: { 1.2.3.4 } # Addresses of interfaces on Cisco
> CFDATAPORT: 9992 # Port on which to listen for
>data.
> SNMPCOMM: 'public' # SNMP community name.
> LOCALAS: 12969 # Local AS of Cisco sending
data.
> COLLECT: { flows }
>}
>
>
>
>
>
>Halldor Karl Hognason E.E.
>Islandssimi hf.
>Borgartun 30
>105 Reykjavik
>ICELAND
>
>E-mail: halldor.hognason@islandssimi.is
>Tel: +354 5955016
>Mob: +354 820 5016
>Fax: +354 5955050
>
>
>--
>cflowd mailing list
>cflowd@caida.org
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Mon Jun 11 2001 - 02:54:03 PDT