From: Alex Ponnath (alexp@iccinternet.com)
Date: Mon Jul 29 2002 - 19:39:11 PDT
Thanks for the tip,
When I am loged onto the console and I rename conf file and
Start cflowd I see the errors like
# ./cflowdmux
# ./cflowd
# Jul 29 19:26:33 cflowd1 cflowd[552]: [E] bind(4,ffbffb48,3) failed: Is
a directory {cflowd.cc:110}
Jul 29 19:26:33 cflowd1 cflowd[552]: [A] failed to open named stream
socket! Exiting {cflowd.cc:747}
Jul 29 19:26:33 cflowd1 cflowd[552]: [ID 454543 local6.alert] [A] failed
to open named stream socket! Exiting {cflowd.cc:747}
But once I start it with the files in place I do not get any log
Saying success started etc.
My Syslog.conf is standard
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog,
@loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog,
@loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
And the console messages are loged to /var/adm/messages which does only
log the errors
So so far I am still at an dead end
Alex
-----Original Message-----
From: R. Drew Davis [mailto:drew@research.bell-labs.com]
Sent: Monday, July 29, 2002 7:20 PM
To: Alex Ponnath
Cc: cflowd@caida.org
Subject: Re: [Cflowd] Need some help getting my CFLOWD running on
Solaris 9....
> Date: Mon, 29 Jul 2002 17:53:48 -0700
> From: "Alex Ponnath" <alexp@iccinternet.com>
> To: <cflowd@caida.org>
> Subject: [Cflowd] Need some help getting my CFLOWD running on
> Solaris 9..
..
>
>Hi,
>=20
>i am having a problem for some reason to get cflowd running on my
>Solaris 9 Box. The Server is a dual 440 MHZ 220R with 2 x 18 GB HD's
>and 1 GIG of Mem so power should not be the problem.
>I installed the binary version which installs to the /usr/local/arts
>dir...
>=20
>when i start the cflowdmux and cflowd they start fine since i never saw
>cfdcollect start i started it
>manually with the option which pointed it to the ../etc/cfdcollect.conf
>file
>=20
>It also started fine and is still running but i dont see to log any
data
>to any file for some reason.
>=20
>So i hope someone can point me to the right direction since there is no
>error logs in syslog or console
>I inc below any relevant info regarding my setup and hope somene can
see
>whats wrong
>=20
>thanks
>=20
>Alex
>=20
>=20
>=20
>My cfdcollect.conf loks like this..
>system {
> logFacility: local6 # Syslog to local6 facility.
> dataDirectory: /export/home/netflow
> filePrefix: arts
> pidFile: /usr/local/arts/etc/cfdcollect.pid
>}
>cflowd {
> host: localhost
> tcpCollectPort: 2056
> minPollInterval: 300
>}
>=20
>And my cflowd.conf like this
>OPTIONS {
> LOGFACILITY: local6
> TCPCOLLECTPORT: 2056
> PKTBUFSIZE: 2097152
> TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
> FLOWDIR: /usr/local/arts/data/cflowd/flows
> FLOWFILELEN: 1000000
> NUMFLOWFILES: 10
> MINLOGMISSED: 1000
>}
>=20
>COLLECTOR {
> HOST: 127.0.0.1 # IP address of central collector
> ADDRESSES: { 127.0.0.1 }
> AUTH: none
>}
>=20
>CISCOEXPORTER {
> HOST: 216.158.230.47 # IP address of Cisco sending data.
> CFDATAPORT: 2055 # Port on which to listen for data.
> SNMPCOMM: 'xxxxxxx' # SNMP community name.
> LOCALAS: 18915 # Local AS of Cisco sending data.
> COLLECT: { protocol, portmatrix, ifmatrix, nexthop, netmatrix,=20
> asmatrix, tos, flows }
>}
>=20
>=20
>=20
>Some Basic Debug info for my system
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
D=3D=
>=3D=3D=3D=3D
>=20
>Output of snoop (seems the router is sending the UDP Packets...)
>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>=20
>i can find in the /usr/local/arts/data/cflowd/flows
>the 10 files which are all empty...
># ls -l
>total 2272
>-rw-r--r-- 1 root other 1000000 Jul 29 17:12
>216.158.230.47.flows.0
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.1
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.2
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.3
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.4
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.5
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.6
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.7
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.8
>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>216.158.230.47.flows.9
>=20
>=20
># ipcs -a
>IPC status from <running system> as of Mon Jul 29 17:41:00 PDT 2002
>T ID KEY MODE OWNER GROUP CREATOR
>CGROUP CBYTES QNUM QBYTES LSPID LRPID STIME RTIME CTIME=20
>Message Queues:
>T ID KEY MODE OWNER GROUP CREATOR
>CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME=20
>Shared Memory:
>m 100 0x542 --rw-r--r-- root other root
>other 2 2101248 343 387 17:13:01 17:38:23 17:12:55
>T ID KEY MODE OWNER GROUP CREATOR
>CGROUP NSEMS OTIME CTIME=20
>Semaphores:
>s 0 0x542 --ra-ra-ra- root other root
>other 2 17:40:59 17:06:16
>=20
>netstat -n
>Active UNIX domain sockets
>Address Type Vnode Conn Local Addr Remote Addr
>300012713a0 stream-ord 30001314108 00000000
>/usr/local/arts/etc/cflowdtable.socket =20
>=20
>=20
>ps -e (which refelcts the 3 running services....
>=20
> 345 pts/1 0:00 cflowd
> 347 pts/1 0:02 cfdcolle
> 343 pts/1 0:00 cflowdmu
>=20
>Arts File with 0 byte and never grows...=20
># cd 216.158.230.47
># ls -l
>total 0
>-rw-r--r-- 1 root other 0 Jul 29 17:13 arts.20020730
I'll confess up front that I have never touched a Solaris 9 system, so
if any of my suggestions are laughably bad, that may be why.
You already did the first thing I was going to suggest - which was use
snoop to see if the packets were arriving at all. Next thing I
think you need to resolve is the case of the missing messages.
cflowd emits console messages when it starts up. The complete
silence you are hearing makes me think the messages are going into a
black hole somewhere.
I suggest you review your /etc/syslog.conf to find out where the local6
messages are going. I expect that if you figure that out, you'll soon
be
rewarded with some messages that will guide you the rest of the way.
Drew
R. Drew Davis, Room MH 2C-264 E-mail: drew@bell-labs.com
Bell Laboratories Voice: 908-582-7280
600 Mountain Ave. Fax: 908-582-3340
Murray Hill, NJ 07974
Bell Laboratories: The Research & Development Unit of Lucent
Technologies.
_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd
This archive was generated by hypermail 2.1.4 : Mon Jul 29 2002 - 19:59:02 PDT