[Cflowd] Big Problem with cflowdmux

From: Jerome Bertsch (jbertsch@ext.cri74.org)
Date: Tue Apr 30 2002 - 02:43:39 PDT

  • Next message: Strahler, Carsten: "[Cflowd] no output from arts toolset"

    Hello,

    I think i have a serious problem with cflowdmux : it seems to start
    good, but there is unfortunately no UDP socket listening . Maybe
    someone had the same problem, it would be great to explain me what's
    happens because i'm really lost :

      According to syslog there is :

    Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] cflowdmux (version
    cflowd-2-1-b1) started.
    Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] created 1052672 byte
    packet queue shmem segment {CflowdPacketQueue.cc:247}
    Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] attached to 1052672 byte
    packet queue at 0x4016a000
    Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] created semaphore: id
    622597
    Apr 30 09:17:13 jbertsch1 cflowd[26659]: [I] cflowd (version
    cflowd-2-1-b1) started.
    Apr 30 09:17:13 jbertsch1 cflowd[26659]: [I] got semaphore: id 622597
    Apr 30 09:17:13 jbertsch1 cflowd[26659]: [I] attached to 1052672 byte
    packet queue at 0x4016a000

    My file cflowd.conf is :

    OPTIONS {
       LOGFACILITY: local6
      TCPCOLLECTPORT: 2222
      PKTBUFSIZE: 2097152
      TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
      FLOWDIR: /usr/local/arts/data/cflowd/flows
      FLOWFILELEN: 1000000
      NUMFLOWFILES: 10
      MINLOGMISSED: 1000
    }
    COLLECTOR {
      HOST: 10.100.20.40 # IP address of central collector
      ADDRESSES: { 10.100.20.40 }
      AUTH: none
    }
    CISCOEXPORTER {
      HOST: 195.202.0.93 # IP address of Cisco sending
    data.
      ADDRESSES: { 195.202.0.93 # Addresses of interfaces on
    Cisco
                      } # sending data.
      CFDATAPORT: 36401 # Port on which to listen for
    data.
      SNMPCOMM: 'public' # SNMP community name.
                                            # Local AS of Cisco sending
    data.
      COLLECT:{ flows }
    }

    but netstat -an gives :
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address
    State
    tcp 0 0 0.0.0.0:1313 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:515 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:37 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:2056 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:9 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:32906 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:13 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:111 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:113 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:21 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:22 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:5432 0.0.0.0:*
    LISTEN
    tcp 0 0 0.0.0.0:25 0.0.0.0:*
    LISTEN
    tcp 0 0 10.100.20.40:22 10.100.20.4:40276
    ESTABLISHED
    tcp 0 0 10.100.20.40:22 10.100.20.4:40277
    ESTABLISHED
    tcp 0 0 10.100.20.40:22 10.100.20.4:40465
    ESTABLISHED
    tcp 0 0 10.100.20.40:22 10.100.20.4:40339
    ESTABLISHED
    udp 0 0 0.0.0.0:32772 0.0.0.0:*
    udp 0 0 127.0.0.1:32773 127.0.0.1:32773
    ESTABLISHED
    udp 0 0 0.0.0.0:9 0.0.0.0:*
    udp 0 0 0.0.0.0:965 0.0.0.0:*
     udp 0 0 0.0.0.0:111 0.0.0.0:*
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags Type State I-Node Path
    unix 2 [ ACC ] STREAM LISTENING 63747 @
    unix 2 [ ACC ] STREAM LISTENING 44250 /dev/printer
    unix 2 [ ACC ] STREAM LISTENING 23232
    /var/run/postgresql/.s.PGSQL.5432
    unix 6 [ ] DGRAM 144 /dev/log
    unix 2 [ ] DGRAM 63746
    unix 2 [ ] DGRAM 62816
    unix 2 [ ] DGRAM 44249
    unix 2 [ ] DGRAM 181

    jbertsch1:/var/log# lsof -p 26653
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    cflowdmux 26653 root cwd DIR 3,3 4096 2284801
    /home/jbertsch/cflowd/usr/local/arts/sbin
    cflowdmux 26653 root rtd DIR 3,2 4096 2 /
    cflowdmux 26653 root txt REG 3,3 487792 2284802
    /home/jbertsch/cflowd/usr/local/arts/sbin/cflowdmux
    cflowdmux 26653 root mem REG 3,2 90210 179185
    /lib/ld-2.2.5.so
    cflowdmux 26653 root mem REG 3,2 69472 179209
    /lib/libnsl-2.2.5.so
    cflowdmux 26653 root mem REG 3,2 130088 179208
    /lib/libm-2.2.5.so
    cflowdmux 26653 root mem REG 3,2 1153816 179192
    /lib/libc-2.2.5.so
    cflowdmux 26653 root mem DEL 0,5 262145
    /SYSVffffffff
    cflowdmux 26653 root 0u CHR 136,3 5 /dev/pts/3
    cflowdmux 26653 root 1u CHR 136,3 5 /dev/pts/3
    cflowdmux 26653 root 2u CHR 136,3 5 /dev/pts/3
    cflowdmux 26653 root 3u unix 0xc68ebcc0 62816 socket

    I think cflowdmux does not care about my file cflowd.conf, maybe the
    problem comes because of that ??

    _______________________________________________
    Cflowd mailing list
    Cflowd@caida.org
    http://login.caida.org/mailman/listinfo/cflowd



    This archive was generated by hypermail 2.1.4 : Tue Apr 30 2002 - 03:04:54 PDT