how do your artsfiles look, are they 0 of size or do they have any data in
them?
At 09:38 11-6-2001 +0000, Halldór Högnason wrote:
>Hi
>
>No, don't see anything. My syslog shows me however that I'm definately
>receiving flows
>from my router, i.e,
>
>Jun 11 09:40:14 halflife cfdcollect[22487]: [I] connected to localhost:2056
>Jun 11 09:40:22 halflife cflowd[30034]: [I] sent data to 127.0.0.1:1999
>Jun 11 09:40:22 halflife cfdcollect[22487]: [I] localhost has data for 1
>router.
>Jun 11 09:40:22 halflife cfdcollect[22487]: [I] got data for router 1.2.3.4
>from localhost
>Jun 11 09:40:22 halflife cfdcollect[22487]: [I] wrote data for router
>1.2.3.4
>Jun 11 09:40:22 halflife cfdcollect[22487]: [I] sleeping for 291 seconds.
>Jún 11 09:42:07 halflife PAM_pwdb[30058]: (su) session opened for user root
>by halldor(uid=502)
>Jun 11 09:42:26 halflife flowwatch: [I] got semaphore: id 1
>Jun 11 09:42:26 halflife flowwatch: [I] attached to 2101248 byte packet
>queue at 0x40185000
>Jun 11 09:45:13 halflife cfdcollect[22487]: [I] awakened by alarm.
>Jun 11 09:45:14 halflife cfdcollect[22487]: [I] connected to localhost:2056
>Jun 11 09:45:24 halflife cflowd[30086]: [I] sent data to 127.0.0.1:2000
>Jun 11 09:45:24 halflife cfdcollect[22487]: [I] localhost has data for 1
>router.
>Jun 11 09:45:24 halflife cfdcollect[22487]: [I] got data for router 1.2.3.4
>from localhost
>Jun 11 09:45:24 halflife cfdcollect[22487]: [I] wrote data for router
>1.2.3.4
>Jun 11 09:45:24 halflife cfdcollect[22487]: [I] sleeping for 289 seconds.
>
>
>Best regards,
>
>Halldor
>
>Halldor Karl Hognason E.E.
>Islandssimi hf.
>Borgartun 30
>105 Reykjavik
>ICELAND
>
>E-mail: halldor.hognason@islandssimi.is
>Tel: +354 5955016
>Mob: +354 820 5016
>Fax: +354 5955050
>
>
>
>
>
> frank
> hellemink
>
> <druid@helms-deep.c To: "Halldór Högnason"
> <Halldor.Hognason@islandssimi.is>,
> hello.com> cflowd@caida.org
>
> cc:
>
> 11.06.2001 07:58 Subject: Re: cflowdmux
> running without errors but no data coming in
>
>
>
>
>
>
>
>
>Halldor,
>
>what happens when you do 'flowwatch all' in the directory where you keep
>your raw flowfiles? Do you see flows?
>
>Frank
>
>At 02:09 11-6-2001 +0000, Halldór Högnason wrote:
> >Hi
> >
> >I sent a mail last week where I stated problems I think I'm having with
>the
> >cflowdmux program.
> >To convince myself that the problem lies in the server I wrote a small UDP
> >listener in Perl
> >and I'm definately receiving Netflow UDP packets from my router.
> >
> >If I'm just having empty logs in my /usr/local/arts/data/cflowd/flows
> >directory, i.e.
> >
> >[root@halflife flows]# ls -al
> >total 8
> >drwxr-xr-x 2 root root 4096 Jun 8 01:27 .
> >drwxr-xr-x 4 root root 4096 Jun 8 01:37 ..
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.0
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.1
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.2
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.3
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.4
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.5
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.6
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.7
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.8
> >-rw-r--r-- 1 root root 1000000 Jun 8 16:29 1.2.3.4.flows.9
> >[root@halflife flows]#
> >
> >By doing f.x. cat on these files gives me nothing so they are obviously
> >empty as I verified.
> >I have seen in the mailing list archive that people have had similar
> >problems and nowhere
> >was there an obvious solution, one recommended doing make install again
> >which I did but
> >it didn't better the situation.
> >
> >I would very much appreciate help on this matter. You all probably
>received
> >my previous letter
> >and I changed the cflowd.conf a bit, (simplyfing it and less criteria on
> >information, f.x. only collect flows).
> >
> >Also I include my Netflow config in the CISCO 36xx I'm trying to collect
> >from,
> >
> >ip flow-aggregation cache source-prefix
> > cache entries 1024
> > cache timeout inactive 300
> > cache timeout active 5
> > export destination 5.6.7.8 9992
> > enabled
> >!
> >
> >interface FastEthernet0/0
> > ip address 1.2.3.4 255.255.255.0
> > ip accounting output-packets
> > ip route-cache policy
> > ip route-cache flow
> > speed auto
> > half-duplex
> > no cdp enable
> >!
> >
> >
> >[root@halflife etc]# more cflowd.conf
> >OPTIONS {
> > # syslog to local6 facility.
> > LOGFACILITY: local6
> >
> > # Listen for connections from cfdcollect on port 2056.
> > TCPCOLLECTPORT: 2056
> >
> > # Use a 2 megabyte packet buffer in shared memory.
> > PKTBUFSIZE: 2097152
> >
> > # Use /usr/local/arts/etc/cflowdtable.socket as named stream socket
> > # for connections from local clients (cfdases et. al.)
> > TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
> >
> > # Keep raw flow files in /usr/local/arts/data/cflowd/flows directory.
> > FLOWDIR: /usr/local/arts/data/cflowd/flows
> >
> > # Each raw flow file should be 1000000 bytes in length.
> > FLOWFILELEN: 1000000
> >
> > # Keep 10 raw flow files per router.
> > NUMFLOWFILES: 10
> >
> > # Log total missed flows from a router if it exceeds 1000 between
> > # connections from cfdcollect.
> > MINLOGMISSED: 1000
> >}
> >
> >COLLECTOR {
> > HOST: 5.6.7.8 # IP address of central collector
> > ADDRESSES: { 5.6.7.8, localhost, 127.0.0.1 }
> > AUTH: none
> >}
> >
> >CISCOEXPORTER {
> > HOST: 1.2.3.4 # IP address of Cisco sending data.
> > ADDRESSES: { 1.2.3.4 } # Addresses of interfaces on Cisco
> > CFDATAPORT: 9992 # Port on which to listen for
> >data.
> > SNMPCOMM: 'public' # SNMP community name.
> > LOCALAS: 12969 # Local AS of Cisco sending
>data.
> > COLLECT: { flows }
> >}
> >
> >
> >
> >
> >
> >Halldor Karl Hognason E.E.
> >Islandssimi hf.
> >Borgartun 30
> >105 Reykjavik
> >ICELAND
> >
> >E-mail: halldor.hognason@islandssimi.is
> >Tel: +354 5955016
> >Mob: +354 820 5016
> >Fax: +354 5955050
> >
> >
> >--
> >cflowd mailing list
> >cflowd@caida.org
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Mon Jun 11 2001 - 03:18:03 PDT