From: Nik Hinson (nik.hinson@assurance-dynamics.com)
Date: Tue Jul 30 2002 - 01:04:27 PDT
another thing that you can check is that in your cflowd.conf file you have
all the IP addresses of the target router(s). I've sometimes found this
to be a problem.
regards
Nik
> Thanks for the tip,
>
> When I am loged onto the console and I rename conf file and
> Start cflowd I see the errors like
>
> # ./cflowdmux
> # ./cflowd
> # Jul 29 19:26:33 cflowd1 cflowd[552]: [E] bind(4,ffbffb48,3) failed: Is
> a directory {cflowd.cc:110}
> Jul 29 19:26:33 cflowd1 cflowd[552]: [A] failed to open named stream
> socket! Exiting {cflowd.cc:747}
> Jul 29 19:26:33 cflowd1 cflowd[552]: [ID 454543 local6.alert] [A] failed
> to open named stream socket! Exiting {cflowd.cc:747}
>
> But once I start it with the files in place I do not get any log
> Saying success started etc.
>
> My Syslog.conf is standard
>
> *.err;kern.notice;auth.notice /dev/sysmsg
> *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
>
> *.alert;kern.err;daemon.err operator
> *.alert root
>
> *.emerg *
>
> # if a non-loghost machine chooses to have authentication messages #
> sent to the loghost machine, un-comment out the following line:
> #auth.notice ifdef(`LOGHOST', /var/log/authlog,
> @loghost)
>
> mail.debug ifdef(`LOGHOST', /var/log/syslog,
> @loghost)
>
> #
> # non-loghost machines will use the following lines to cause "user" #
> log messages to be logged locally.
> #
> ifdef(`LOGHOST', ,
> user.err /dev/sysmsg
> user.err /var/adm/messages
> user.alert `root, operator'
> user.emerg *
> )
>
>
> And the console messages are loged to /var/adm/messages which does only
> log the errors
>
>
> So so far I am still at an dead end
>
> Alex
>
>
> -----Original Message-----
> From: R. Drew Davis [mailto:drew@research.bell-labs.com]
> Sent: Monday, July 29, 2002 7:20 PM
> To: Alex Ponnath
> Cc: cflowd@caida.org
> Subject: Re: [Cflowd] Need some help getting my CFLOWD running on
> Solaris 9....
>
>
>> Date: Mon, 29 Jul 2002 17:53:48 -0700
>> From: "Alex Ponnath" <alexp@iccinternet.com>
>> To: <cflowd@caida.org>
>> Subject: [Cflowd] Need some help getting my CFLOWD running on
>> Solaris 9..
> ..
>>
>>Hi,
>>=20
>>i am having a problem for some reason to get cflowd running on my
>> Solaris 9 Box. The Server is a dual 440 MHZ 220R with 2 x 18 GB HD's
>> and 1 GIG of Mem so power should not be the problem.
>>I installed the binary version which installs to the /usr/local/arts
>> dir...
>>=20
>>when i start the cflowdmux and cflowd they start fine since i never saw
>> cfdcollect start i started it
>>manually with the option which pointed it to the ../etc/cfdcollect.conf
>> file
>>=20
>>It also started fine and is still running but i dont see to log any
> data
>>to any file for some reason.
>>=20
>>So i hope someone can point me to the right direction since there is no
>> error logs in syslog or console
>>I inc below any relevant info regarding my setup and hope somene can
> see
>>whats wrong
>>=20
>>thanks
>>=20
>>Alex
>>=20
>>=20
>>=20
>>My cfdcollect.conf loks like this..
>>system {
>> logFacility: local6 # Syslog to local6 facility.
>> dataDirectory: /export/home/netflow
>> filePrefix: arts
>> pidFile: /usr/local/arts/etc/cfdcollect.pid
>>}
>>cflowd {
>> host: localhost
>> tcpCollectPort: 2056
>> minPollInterval: 300
>>}
>>=20
>>And my cflowd.conf like this
>>OPTIONS {
>> LOGFACILITY: local6
>> TCPCOLLECTPORT: 2056
>> PKTBUFSIZE: 2097152
>> TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
>> FLOWDIR: /usr/local/arts/data/cflowd/flows
>> FLOWFILELEN: 1000000
>> NUMFLOWFILES: 10
>> MINLOGMISSED: 1000
>>}
>>=20
>>COLLECTOR {
>> HOST: 127.0.0.1 # IP address of central collector
>> ADDRESSES: { 127.0.0.1 }
>> AUTH: none
>>}
>>=20
>>CISCOEXPORTER {
>> HOST: 216.158.230.47 # IP address of Cisco sending data.
>> CFDATAPORT: 2055 # Port on which to listen for data.
>> SNMPCOMM: 'xxxxxxx' # SNMP community name.
>> LOCALAS: 18915 # Local AS of Cisco sending data.
>> COLLECT: { protocol, portmatrix, ifmatrix, nexthop, netmatrix,=20
>> asmatrix, tos, flows }
>>}
>>=20
>>=20
>>=20
>>Some Basic Debug info for my system
>>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3
> D=3D=
>>=3D=3D=3D=3D
>>=20
>>Output of snoop (seems the router is sending the UDP Packets...)
>>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>>216.158.204.47 -> cflowd1 UDP D=3D2055 S=3D56866 LEN=3D1472
>>=20
>>i can find in the /usr/local/arts/data/cflowd/flows
>>the 10 files which are all empty...
>># ls -l
>>total 2272
>>-rw-r--r-- 1 root other 1000000 Jul 29 17:12
>>216.158.230.47.flows.0
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.1
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.2
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.3
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.4
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.5
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.6
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.7
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.8
>>-rw-r--r-- 1 root other 1000000 Jul 29 15:27
>>216.158.230.47.flows.9
>>=20
>>=20
>># ipcs -a
>>IPC status from <running system> as of Mon Jul 29 17:41:00 PDT 2002 T
>> ID KEY MODE OWNER GROUP CREATOR
>>CGROUP CBYTES QNUM QBYTES LSPID LRPID STIME RTIME CTIME=20
>> Message Queues:
>>T ID KEY MODE OWNER GROUP CREATOR
>>CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME=20
>> Shared Memory:
>>m 100 0x542 --rw-r--r-- root other root
>>other 2 2101248 343 387 17:13:01 17:38:23 17:12:55
>>T ID KEY MODE OWNER GROUP CREATOR
>>CGROUP NSEMS OTIME CTIME=20
>>Semaphores:
>>s 0 0x542 --ra-ra-ra- root other root
>>other 2 17:40:59 17:06:16
>>=20
>>netstat -n
>>Active UNIX domain sockets
>>Address Type Vnode Conn Local Addr Remote Addr
>> 300012713a0 stream-ord 30001314108 00000000
>>/usr/local/arts/etc/cflowdtable.socket =20
>>=20
>>=20
>>ps -e (which refelcts the 3 running services....
>>=20
>> 345 pts/1 0:00 cflowd
>> 347 pts/1 0:02 cfdcolle
>> 343 pts/1 0:00 cflowdmu
>>=20
>>Arts File with 0 byte and never grows...=20
>># cd 216.158.230.47
>># ls -l
>>total 0
>>-rw-r--r-- 1 root other 0 Jul 29 17:13 arts.20020730
>
> I'll confess up front that I have never touched a Solaris 9 system, so
> if any of my suggestions are laughably bad, that may be why.
>
> You already did the first thing I was going to suggest - which was use
> snoop to see if the packets were arriving at all. Next thing I think
> you need to resolve is the case of the missing messages.
> cflowd emits console messages when it starts up. The complete
> silence you are hearing makes me think the messages are going into a
> black hole somewhere.
>
> I suggest you review your /etc/syslog.conf to find out where the local6
> messages are going. I expect that if you figure that out, you'll soon
> be
> rewarded with some messages that will guide you the rest of the way.
>
> Drew
>
> R. Drew Davis, Room MH 2C-264 E-mail: drew@bell-labs.com
> Bell Laboratories Voice: 908-582-7280
> 600 Mountain Ave. Fax: 908-582-3340
> Murray Hill, NJ 07974
>
> Bell Laboratories: The Research & Development Unit of Lucent
> Technologies.
>
> _______________________________________________
> Cflowd mailing list
> Cflowd@caida.org
> http://login.caida.org/mailman/listinfo/cflowd
_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd
This archive was generated by hypermail 2.1.4 : Tue Jul 30 2002 - 01:14:56 PDT