Empty flow files

From: Diane Proscino-Tharp (Diane.Proscino-Tharp@oracle.com)
Date: Thu Jun 28 2001 - 15:42:51 PDT

Next message: R. Drew Davis: "Re: Empty flow files"

Previous message: Joe Loiacono: "Re: Mystery"
Next in thread: R. Drew Davis: "Re: Empty flow files"
Reply: R. Drew Davis: "Re: Empty flow files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have been seeing the same thread in which cflowdmux/cflowd/cfdcollect
are all running but the flow files are empty. I am experienceing the
same problem.

Here is my enviornment:
Solaris 2.6
arts++-1-1-a6
cflowd-2-1-b1 (patched)
FlowScan-1.006

I have a Catalyst 6509 configured for NDE:

switch> sho mls nde
Netflow Data Export version: 7
Netflow Data Export enabled
Netflow Data Export configured for port 2055 on host xxx.xxx.xxx.xxx
Total packets exported = 1660592
switch>

Here is what my unix system tells me: (runing Solaris 2.6)

explain% ps -ef | grep cfl
flowscan 1783 1 0 14:38:00 pts/5 0:00 cflowd
cflowd/etc/cflowd.conf
flowscan 1787 1 0 14:38:46 pts/5 0:02 cfdcollect
cflowd/etc/cfdcollect.conf
flowscan 1826 1819 0 14:50:41 pts/1 0:00 grep cfl
flowscan 1780 1 0 14:37:43 pts/5 0:00 cflowdmux
cflowd/etc/cflowd.conf
explain%
explain% netstat -an | grep 20
*.2055 Idle
1x8.x7.1.xx4.5910 1x0.3x.2x.xx7.33123 24820 0 8760 0
ESTABLISHED
*.2056 *.* 0 0 0 0
LISTEN
127.0.0.1.2056 127.0.0.1.32871 32768 0 32768 0
TIME_WAIT
explain%

explain% ipcs -a
IPC status from <running system> as of Thu Jun 28 14:52:08 2001
Message Queue facility not in system.
T ID KEY MODE OWNER GROUP CREATOR
CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME
Shared Memory:
m 4096 0x0000339d --rw-r--r-- flowscan flowscan flowscan
flowscan 2 2101248 1780 1807 14:38:00 14:48:51 14:37:43
T ID KEY MODE OWNER GROUP CREATOR
CGROUP NSEMS OTIME CTIME
Semaphores:
s 0 0x0000339d --ra-ra-ra- flowscan flowscan flowscan
flowscan 2 14:52:07 12:10:47
s 1 0x0000339b --ra-ra-ra- flowscan flowscan flowscan
flowscan 2 13:20:27 12:33:31
explain%

I did a tcpdump and I can see packets coming from my switch to my
server, but nothing else happens. I don't see any messages in my
syslog file. No errors, no confirmation that the processes have
started, nothing.

Any suggestions, direction where to continue looking/troubleshooting
would be greatly appreciated.

Thanks,
-- Diane

-- 
*****************************
Diane Proscino-Tharp
Voice:  408-506-3759
Location: 4op2/219
Email:  dproscin@oracle.com
*****************************

text/x-vcard attachment: Card for Diane Proscino-Tharp

--
cflowd mailing list
cflowd@caida.org

Next message: R. Drew Davis: "Re: Empty flow files"
Previous message: Joe Loiacono: "Re: Mystery"
Next in thread: R. Drew Davis: "Re: Empty flow files"
Reply: R. Drew Davis: "Re: Empty flow files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Jun 28 2001 - 16:06:28 PDT