Re: Cflowd - Weird Characters

From: Hendrik Visage (hvisage@envisage.co.za)
Date: Tue Dec 11 2001 - 10:05:44 PST

Next message: Jordi Moncada: "unsubscrive"

Previous message: alaerte@embratel.com.br: "Cflowd - Weird Characters"
In reply to: alaerte@embratel.com.br: "Cflowd - Weird Characters"
Next in thread: Jordi Moncada: "unsubscrive"
Reply: Jordi Moncada: "unsubscrive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 11, 2001 at 03:20:23PM -0300, alaerte@embratel.com.br wrote:
>
>
> Hi,
>
> I have had this problem with weird characters in the raw files. I used
> "Flowwatch" and it showed that the flow are being delivered correctly on the
> sparc-solaris-2.6 running Cflowd:

Check those files with "flowdump"
They are correct, as they are binary data structure dumps.
In other words: "100.2.3.9" would be presented as a 32bit value, ie. 4 bytes
which would print out via more as garbage.

If you want text raw dumps, make use of Cisco's neflow collectors, or try
flowscan

>
> FLOW
> index: 0xc7ffff
> router: 100.6.128.250
> src IP: 100.2.3.9
> dst IP: 100.6.9.200
> input ifIndex: 2
> output ifIndex: 0
> src port: 138
> dst port: 138
> pkts: 2
> bytes: 484
> IP nexthop: 0.0.0.0
> start time: Tue Dec 11 12:00:35 2001
> end time: Tue Dec 11 12:00:35 2001
> protocol: 17
> tos: 0
> src AS: 0
> dst AS: 0
> src masklen: 8
> dst masklen: 21
> TCP flags: 0x10
> engine type: 0
> engine id: 0
>
> I got something like that on the raw files:
>
> more 100.6.128.250.flows.0
>
> Зяя
> э
> I
> i??н< О< Зяя
> э
> т
> i??к< Н< Зяя
> э
> П
> i??ш< С< Зяя
> э
>
>
> i??е< С< Зяя
>
>
> I reinstalled cflowd (cflowd-2-1-b1.tar.gz), arts (arts++-1-1-a8.tar.gz) and
> gmake (make-3.79.1.tar.gz) and it didnґt help.
>
> My cflowd.conf is:
>
> HOST: 100.6.128.250 # IP address of Cisco sending data.
> ADDRESSES: 10.6.128.250 # Addresses of interfaces on
> Cisco sending data.
> CFDATAPORT: 2055 # Port on which to listen for data.
> SNMPCOMM: 'public' # SNMP community name.
> LOCALAS: 0 # Local AS of Cisco sending
> data.
> COLLECT: { protocol, portmatrix, ifmatrix, nexthop,
> netmatrix,
> tos, flows }
>
> My 6509 MSFC configuration is:
>
> ip flow-export source Loopback0
> ip flow-export version 5
> ip flow-export destination 10.2.4.93 2055
>
>
> I would appreciate any help.
>
> Thanks
>
> Alaerte
>
>
>
>
> --
> cflowd mailing list
> cflowd@caida.org

-- 
------------------------
Hendrik Visage
hvisage@envisage.co.za
--
cflowd mailing list
cflowd@caida.org

Next message: Jordi Moncada: "unsubscrive"
Previous message: alaerte@embratel.com.br: "Cflowd - Weird Characters"
In reply to: alaerte@embratel.com.br: "Cflowd - Weird Characters"
Next in thread: Jordi Moncada: "unsubscrive"
Reply: Jordi Moncada: "unsubscrive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Dec 11 2001 - 10:20:14 PST