I have configured a catalyst 6509 switch with an MSFC2 Route Switching Module to export flows to
cflowd.
The NDE config for the MSFC is shown below....
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 1x6.2x1.xx.xx0 9995
The NDE config for the C6509 is shown below....
set mls nde 1x6.2x1.xx.xx0 9995
set mls nde enable
Here is the data from the 'sho ip flo exp' from the msfc
Flow export is enabled
Exporting flows to 1x6.2x1.xx.xx0 (9995)
Exporting using source interface Loopback0
Version 5 flow records
2342413 flows exported in 34552223 udp datagrams
0 flows failed due to lack of export packet
1234052 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
Here is the data from 'sho mls nde' from the 6509
bfs-6000x> (enable) sho mls nde
Netflow Data Export version: 7
Netflow Data Export enabled
Netflow Data Export configured for port 9995 on host 1x6.2x1.xx.xx0
Total packets exported = 34037
For the second part, I have cflowd configured on a PIII 450, 256MB box running Red Hat 7.1.
Here is my Cflowd.conf
OPTIONS {
# syslog to local6 facility.
LOGFACILITY: local6
# Listen for connections from cfdcollect on port 2056.
TCPCOLLECTPORT: 9995
# Use a 2 megabyte packet buffer in shared memory.
PKTBUFSIZE: 2097152
# Use /usr/local/arts/etc/cflowdtable.socket as named stream socket
# for connections from local clients (cfdases et. al.)
TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
# Keep raw flow files in /usr/local/arts/data/cflowd/flows directory.
FLOWDIR: /usr/local/arts/data/cflowd/flows
# Each raw flow file should be 1000000 bytes in length.
FLOWFILELEN: 1000000
# Keep 10 raw flow files per router. Default = 10
NUMFLOWFILES: 5
# Log total missed flows from a router if it exceeds 1000 between
# connections from cfdcollect.
MINLOGMISSED: 10
}
COLLECTOR {
HOST: 1x6.2x1.xx.xx0 # IP address of central collector (cwsi.acns.fsu.edu)
ADDRESSES: { 1x6.2x1.xx.xx0 }
AUTH: none
}
# BFS-MSFCX
CISCOEXPORTER {
HOST: 1xx.xx.xx.x
ADDRESSES: { 1x6.2x1.xx3.x3 1xx.1xx.x.xx54 xxx.x1.x.x 1x.xx6.xx1.xx 1x.xx.x.x 1xx.xxx.xxx.x}
CFDATAPORT: 9995
SNMPCOMM: 'public'
LOCALAS: 2553
COLLECT: { protocol, portmatrix, ifmatrix, nexthop, netmatrix,asmatrix, flows}
}
# BFS-6000X
CISCOEXPORTER {
HOST: 2x.xx.xx.x
ADDRESSES: { 2x.xx.xx.x }
CFDATAPORT: 9995
SNMPCOMM: 'public'
LOCALAS: 2553
COLLECT: { protocol, portmatrix, netmatrix, asmatrix, flows}
}
Here is my cfdcollect.conf
system {
logFacility: local6
dataDirectory: /usr/local/arts/data/cflowd
filePrefix: arts
pidFile: /usr/local/arts/etc/cfdcollect.pid
}
cflowd {
host: cwsi.acns.fsu.edu
tcpCollectPort: 9995
minPollInterval: 300
Cflowd installed quietly and below is the 'tail /var/log/messages' after beginning cflowdmux,
cflowd and cfdcollect respectively
Jun 28 15:01:13 cwsi cflowdmux[6108]: [I] cflowdmux (version cflowd-2-1-b1) started.
Jun 28 15:01:13 cwsi cflowdmux[6108]: [I] created 2101248 byte packet queue shmem segment
{CflowdPacketQueue.cc:247}
Jun 28 15:01:13 cwsi cflowdmux[6108]: [I] attached to 2101248 byte packet queue at 0x401cf000
Jun 28 15:01:13 cwsi cflowdmux[6108]: [I] created semaphore: id 32769
Jun 28 15:01:13 cwsi cflowdmux[6108]: [I] set UDP recv queue to 261040 bytes for fd 4 (port 9995)
Jun 28 15:01:18 cwsi cflowd[6110]: [I] cflowd (version cflowd-2-1-b1) started.
Jun 28 15:01:18 cwsi cflowd[6110]: [I] got semaphore: id 32769
Jun 28 15:01:18 cwsi cflowd[6110]: [I] attached to 2101248 byte packet queue at 0x402c4000
Jun 28 15:01:38 cwsi cfdcollect[6112]: [I] cfdcollect (version cflowd-2-1-b1) started with 1
cflowd instances.
Jun 28 15:01:39 cwsi cfdcollect[6112]: [I] connected to cwsi.acns.fsu.edu:9995
All three run fine, below is the output after they have been running for a while..
Jun 28 15:01:38 cwsi cfdcollect[6112]: [I] cfdcollect (version cflowd-2-1-b1) started with 1
cflowd instances.
Jun 28 15:01:39 cwsi cfdcollect[6112]: [I] connected to cwsi.acns.fsu.edu:9995
Jun 28 15:01:55 cwsi cflowd[6114]: [I] sent data to 146.201.3.30:34198
Jun 28 15:01:55 cwsi cfdcollect[6112]: [I] cwsi.acns.fsu.edu has data for 1 router.
Jun 28 15:01:55 cwsi cfdcollect[6112]: [I] got data for router 128.186.2.252 from
cwsi.acns.fsu.edu
Jun 28 15:01:55 cwsi cfdcollect[6112]: [I] wrote data for router 128.186.2.252
Jun 28 15:01:55 cwsi cfdcollect[6112]: [I] sleeping for 283 seconds.
My problem is that my arts.files are empty, below
[root@cwsi 128.186.2.252]# ls -l
total 0
-rw-rw-r-- 1 root root 0 Jun 20 10:45 arts.20010620
-rw-rw-r-- 1 root root 0 Jun 20 20:00 arts.20010621
-rw-rw-r-- 1 root root 0 Jun 21 20:04 arts.20010622
-rw-rw-r-- 1 root root 0 Jun 22 20:03 arts.20010623
-rw-rw-r-- 1 root root 0 Jun 23 20:03 arts.20010624
-rw-rw-r-- 1 root root 0 Jun 24 20:03 arts.20010625
-rw-rw-r-- 1 root root 0 Jun 27 16:12 arts.20010627
-rw-rw-r-- 1 root root 0 Jun 27 20:04 arts.20010628
My raw flows are not being updated either....
[root@cwsi flows]# ls -l
total 985
-rw-r--r-- 1 root root 1000000 Jun 28 15:01 128.186.2.252.flows.0
-rw-r--r-- 1 root root 1000000 Jun 28 15:01 128.186.2.252.flows.1
-rw-r--r-- 1 root root 1000000 Jun 28 15:01 128.186.2.252.flows.2
-rw-r--r-- 1 root root 1000000 Jun 28 15:01 128.186.2.252.flows.3
-rw-r--r-- 1 root root 1000000 Jun 28 15:01 128.186.2.252.flows.4
drwxrwxr-x 2 root root 1024 Jun 21 11:31 bin
drwxrwxr-x 2 root root 2048 Jun 21 11:35 graphs
[root@cwsi flows]#
Doing an artsdump and flowdump give nothing. Which seems to tell me that the flows are being
sent by the routers but are not being recieved by the collector.
I sincerely need whatever help, suggestion or advise that anyone can give and will greatly
appreciate it.
=====
Edson Manners
Academic Computing & Networking Services
Florida State University
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Thu Jun 28 2001 - 12:51:20 PDT