cfdcollect working?....or

From: Michael Bellears (michael.bellears@staff.datafx.com.au)
Date: Mon Jun 25 2001 - 20:51:42 PDT

Next message: Andrew Fort: "RE: cfdcollect working?....or"

Previous message: Joe Loiacono: "Re: how to extract ip data from arts file written by cfdcollect?"
Next in thread: Andrew Fort: "RE: cfdcollect working?....or"
Reply: Andrew Fort: "RE: cfdcollect working?....or"
Reply: Andrew Fort: "RE: cfdcollect working?....or"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have cflowd running on a Debian 2.2 box....Cisco device is a 7206VXR (ip
flow-export version 5 )

root 31348 0.0 0.7 3916 928 ? S 13:28 0:00
/usr/local/arts/sbin/cflowdmux /etc/cflowd.conf
root 31350 0.0 1.3 4928 1768 ? S 13:29 0:00
/usr/local/arts/sbin/cflowd /etc/cflowd.conf
root 31374 0.1 0.8 2188 1088 ? S 13:30 0:01
/usr/local/arts/sbin/cfdcollect /etc/cfdcollect.conf

Flows appear to be exported correctly ->

total 36464
drwxrwsrwx 4 root staff 4096 Jun 26 13:28 .
drwxrwsrwx 3 root staff 4096 May 2 12:35 ..
drwxr-sr-x 2 root staff 4096 Jun 26 13:30 xxx.xxx.xxx.xxx
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.0
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.1
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.2
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.3
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.4
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.5
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.6
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.7
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.8
-rw-r--r-- 1 root staff 1000000 Jun 26 13:29
xxx.xxx.xxx.xxx.flows.9

Then in the xxx.xxx.xxx.xxx dir ->

-rw-r--r-- 1 root staff 430 Jun 26 13:40 arts.20010626

So it appears as if data is being dumped, but when I run
flowdump/flowdumper, i get...

vagabond:/usr/local/arts/data/cflowd/flows# perl flowdumper -v
xxx.xxx.xxx.xxx/arts.20010626
xxx.xxx.xxx.xxx/arts.20010626: Invalid index in cflowd flow file:
0xDFB00000! Version 5 flow-export is required with *all* fields being saved.
e.g. COLLECT: { flows }
vagabond:/usr/local/arts/data/cflowd/flows# perl flowdump
xxx.xxx.xxx.xxx/arts.20010626
Unrecognized character \177 at flowdump line 1.
You have new mail in /var/spool/mail/root
vagabond:/usr/local/arts/data/cflowd/flows

My clfowd.conf file contains ->

CISCOEXPORTER {
  HOST: xxx.xxx.xxx.xxx # IP address of Cisco sending
data.
  ADDRESSES: { xxx.xxx.xxx.xxx }
                                # Addresses of interfaces on Cisco
                                # sending data.
  CFDATAPORT: 2056 # Port on which to listen for data.
  SNMPCOMM: 'public' # SNMP community name.
  COLLECT: { flows, protocol }
}

and my cdfcollect.conf ->

system {
  logFacility: local6 # Syslog to local6 facility.
  dataDirectory: /usr/local/arts/data/cflowd/flows
  filePrefix: arts
  pidFile: /usr/local/arts/etc/cfdcollect.pid
}

#---------------------------------------------------------------------------
# An example cflowd stanza for the case where cflowd is running on the
# local host.
#---------------------------------------------------------------------------
cflowd {
  host: xxx.xxx.xxx.xxx
  tcpCollectPort: 2056
  minPollInterval: 300
}

Any ideas/Suggestions would greatly be appreciated.

Regards,
Michael

--
cflowd mailing list
cflowd@caida.org

Next message: Andrew Fort: "RE: cfdcollect working?....or"
Previous message: Joe Loiacono: "Re: how to extract ip data from arts file written by cfdcollect?"
Next in thread: Andrew Fort: "RE: cfdcollect working?....or"
Reply: Andrew Fort: "RE: cfdcollect working?....or"
Reply: Andrew Fort: "RE: cfdcollect working?....or"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jun 25 2001 - 21:09:52 PDT