From: Deivis Jakstas (Deivis.Jakstas@telecom.lt)
Date: Fri Jul 12 2002 - 04:01:00 PDT
Hello again,
Checked router everything is ok
IOS
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-I-L), Version 12.1(15), RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 13-May-02 23:02 by kellythw
Image text-base: 0x03041DD4, data-base: 0x00001000
They exporting flows
Test#show ip flow export
Flow export is enabled
Exporting flows to aaa.bbb.ccc.125 (2055)
Exporting using source IP address aaa.bbb.ccc.88
Version 5 flow records, peer-as
149 flows exported in 138 udp datagrams
0 flows failed due to lack of export packet
138 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
Also tried to bare bones netflow collector
he show that cisco exports flows
And if I try to trace cflowd strange resource temporaly unavailable apears
select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
semop(98307, 0xbffff7a0, 1) = 0
time([1026471554]) = 1026471554
semop(98307, 0xbffff8c0, 2) = 0
time([1026471554]) = 1026471554
rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
semop(98307, 0xbffff7a0, 1) = 0
time([1026471554]) = 1026471554
semop(98307, 0xbffff8c0, 2) = 0
time([1026471554]) = 1026471554
rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
semop(98307, 0xbffff7a0, 1) = -1 EAGAIN (Resource temporarily
unavailable)
time([1026471554]) = 1026471554
getpid() = 19168
rt_sigaction(SIGPIPE, {0x401833c0, [], 0x4000000}, {SIG_DFL}, 8) = 0
send(3, "<179>Jul 12 12:59:14 cflowd[1916"..., 156, 0) = 156
rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
time([1026471554]) = 1026471554
semop(98307, 0xbffff8c0, 2) = 0
time([1026471556]) = 1026471556
rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
-----Original Message-----
From: Nik Hinson [mailto:nik.hinson@assurance-dynamics.com]
Sent: Friday, July 12, 2002 12:03 PM
To: Deivis Jakstas
Cc: cflowd@caida.org
Subject: Re: [Cflowd] Empty timestamped flows
Yes I had this, there are several things to check.
It's best to start at the router(s). Check that the Cisco (I assume
you're using Cisco routers) thinks it's exporting flow data. Use
something like 'debug ip flow export'.
If that looks OK then make sure you are actually getting UDP packets sent
by the router, use 'debug ip packet detail' or similar. This turned out
to be my problem. I was using 12.1(5)T9 and I assume there's a bug. I
upgraded to 12.2(10) and it works fine.
If this is not your problem you can go on to check that the packets going
out are to the right IP and port number. Also check in your cflowd.conf
that you have all the addresses of the router listed.
Thats all I can think of at the moment.
Regards
Nik Hinson
Many thanks > Hi,
>
> I'm running patched cflowd version but ,
> cflowd creates empty timestamped flow files.
>
> Any suggestion how to fix it ?
_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd
This archive was generated by hypermail 2.1.4 : Fri Jul 12 2002 - 04:08:00 PDT