From: Alex Ponnath (alexp@iccinternet.com)
Date: Mon Jul 29 2002 - 17:53:48 PDT
Hi,
i am having a problem for some reason to get cflowd running on my
Solaris 9 Box. The Server
is a dual 440 MHZ 220R with 2 x 18 GB HD's and 1 GIG of Mem so power
should not be the problem.
I installed the binary version which installs to the /usr/local/arts
dir...
when i start the cflowdmux and cflowd they start fine since i never saw
cfdcollect start i started it
manually with the option which pointed it to the ../etc/cfdcollect.conf
file
It also started fine and is still running but i dont see to log any data
to any file for some reason.
So i hope someone can point me to the right direction since there is no
error logs in syslog or console
I inc below any relevant info regarding my setup and hope somene can see
whats wrong
thanks
Alex
My cfdcollect.conf loks like this..
system {
logFacility: local6 # Syslog to local6 facility.
dataDirectory: /export/home/netflow
filePrefix: arts
pidFile: /usr/local/arts/etc/cfdcollect.pid
}
cflowd {
host: localhost
tcpCollectPort: 2056
minPollInterval: 300
}
And my cflowd.conf like this
OPTIONS {
LOGFACILITY: local6
TCPCOLLECTPORT: 2056
PKTBUFSIZE: 2097152
TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
FLOWDIR: /usr/local/arts/data/cflowd/flows
FLOWFILELEN: 1000000
NUMFLOWFILES: 10
MINLOGMISSED: 1000
}
COLLECTOR {
HOST: 127.0.0.1 # IP address of central collector
ADDRESSES: { 127.0.0.1 }
AUTH: none
}
CISCOEXPORTER {
HOST: 216.158.230.47 # IP address of Cisco sending data.
CFDATAPORT: 2055 # Port on which to listen for data.
SNMPCOMM: 'xxxxxxx' # SNMP community name.
LOCALAS: 18915 # Local AS of Cisco sending data.
COLLECT: { protocol, portmatrix, ifmatrix, nexthop, netmatrix,
asmatrix, tos, flows }
}
Some Basic Debug info for my system
=============================
Output of snoop (seems the router is sending the UDP Packets...)
216.158.204.47 -> cflowd1 UDP D=2055 S=56866 LEN=1472
216.158.204.47 -> cflowd1 UDP D=2055 S=56866 LEN=1472
216.158.204.47 -> cflowd1 UDP D=2055 S=56866 LEN=1472
216.158.204.47 -> cflowd1 UDP D=2055 S=56866 LEN=1472
216.158.204.47 -> cflowd1 UDP D=2055 S=56866 LEN=1472
i can find in the /usr/local/arts/data/cflowd/flows
the 10 files which are all empty...
# ls -l
total 2272
-rw-r--r-- 1 root other 1000000 Jul 29 17:12
216.158.230.47.flows.0
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.1
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.2
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.3
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.4
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.5
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.6
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.7
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.8
-rw-r--r-- 1 root other 1000000 Jul 29 15:27
216.158.230.47.flows.9
# ipcs -a
IPC status from <running system> as of Mon Jul 29 17:41:00 PDT 2002
T ID KEY MODE OWNER GROUP CREATOR
CGROUP CBYTES QNUM QBYTES LSPID LRPID STIME RTIME CTIME
Message Queues:
T ID KEY MODE OWNER GROUP CREATOR
CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME
Shared Memory:
m 100 0x542 --rw-r--r-- root other root
other 2 2101248 343 387 17:13:01 17:38:23 17:12:55
T ID KEY MODE OWNER GROUP CREATOR
CGROUP NSEMS OTIME CTIME
Semaphores:
s 0 0x542 --ra-ra-ra- root other root
other 2 17:40:59 17:06:16
netstat -n
Active UNIX domain sockets
Address Type Vnode Conn Local Addr Remote Addr
300012713a0 stream-ord 30001314108 00000000
/usr/local/arts/etc/cflowdtable.socket
ps -e (which refelcts the 3 running services....
345 pts/1 0:00 cflowd
347 pts/1 0:02 cfdcolle
343 pts/1 0:00 cflowdmu
Arts File with 0 byte and never grows...
# cd 216.158.230.47
# ls -l
total 0
-rw-r--r-- 1 root other 0 Jul 29 17:13 arts.20020730
_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd
This archive was generated by hypermail 2.1.4 : Mon Jul 29 2002 - 18:11:00 PDT