From: Nik Hinson (nik.hinson@assurance-dynamics.com)
Date: Fri Jul 12 2002 - 04:11:55 PDT
Hi,
I'm afraid I've no idea what's going on there.
regards,
Nik
> Hello again,
>
> Checked router everything is ok
> IOS
>
> Cisco Internetwork Operating System Software
> IOS (tm) 2500 Software (C2500-I-L), Version 12.1(15), RELEASE SOFTWARE
> (fc1)
> Copyright (c) 1986-2002 by cisco Systems, Inc.
> Compiled Mon 13-May-02 23:02 by kellythw
> Image text-base: 0x03041DD4, data-base: 0x00001000
>
> They exporting flows
>
>
> Test#show ip flow export
> Flow export is enabled
> Exporting flows to aaa.bbb.ccc.125 (2055)
> Exporting using source IP address aaa.bbb.ccc.88
> Version 5 flow records, peer-as
> 149 flows exported in 138 udp datagrams
> 0 flows failed due to lack of export packet
> 138 export packets were sent up to process level
> 0 export packets were dropped due to no fib
> 0 export packets were dropped due to adjacency issues
> 0 export packets were dropped due to fragmentation failures
> 0 export packets were dropped due to encapsulation fixup failures
>
> Also tried to bare bones netflow collector
> he show that cisco exports flows
>
> And if I try to trace cflowd strange resource temporaly unavailable
> apears
>
> select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
> rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
> semop(98307, 0xbffff7a0, 1) = 0
> time([1026471554]) = 1026471554
> semop(98307, 0xbffff8c0, 2) = 0
> time([1026471554]) = 1026471554
> rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
> select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
> rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
> semop(98307, 0xbffff7a0, 1) = 0
> time([1026471554]) = 1026471554
> semop(98307, 0xbffff8c0, 2) = 0
> time([1026471554]) = 1026471554
> rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
> select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
> rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
> semop(98307, 0xbffff7a0, 1) = -1 EAGAIN (Resource
> temporarily unavailable)
> time([1026471554]) = 1026471554
> getpid() = 19168
> rt_sigaction(SIGPIPE, {0x401833c0, [], 0x4000000}, {SIG_DFL}, 8) = 0
> send(3, "<179>Jul 12 12:59:14 cflowd[1916"..., 156, 0) = 156
> rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
> time([1026471554]) = 1026471554
> semop(98307, 0xbffff8c0, 2) = 0
> time([1026471556]) = 1026471556
> rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
> select(6, [4 5], NULL, NULL, {0, 0}) = 0 (Timeout)
>
>
>
>
> -----Original Message-----
> From: Nik Hinson [mailto:nik.hinson@assurance-dynamics.com]
> Sent: Friday, July 12, 2002 12:03 PM
> To: Deivis Jakstas
> Cc: cflowd@caida.org
> Subject: Re: [Cflowd] Empty timestamped flows
>
>
> Yes I had this, there are several things to check.
>
> It's best to start at the router(s). Check that the Cisco (I assume
> you're using Cisco routers) thinks it's exporting flow data. Use
> something like 'debug ip flow export'.
>
> If that looks OK then make sure you are actually getting UDP packets
> sent by the router, use 'debug ip packet detail' or similar. This
> turned out to be my problem. I was using 12.1(5)T9 and I assume there's
> a bug. I upgraded to 12.2(10) and it works fine.
>
> If this is not your problem you can go on to check that the packets
> going out are to the right IP and port number. Also check in your
> cflowd.conf that you have all the addresses of the router listed.
>
> Thats all I can think of at the moment.
>
> Regards
>
> Nik Hinson
>
> Many thanks > Hi,
>>
>> I'm running patched cflowd version but ,
>> cflowd creates empty timestamped flow files.
>>
>> Any suggestion how to fix it ?
_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd
This archive was generated by hypermail 2.1.4 : Fri Jul 12 2002 - 04:22:39 PDT