From: Systems Administrator (sysadmin@sunet.com.au)
Date: Wed Oct 30 2002 - 20:46:06 PST
Hi all. I'm setting up a cflowd setup here, and I've used tcpdump to determine that the cflowd machine is indeed receiving NetFlow packets on the port that cflowdmux is listening on. However, I don't seem to be getting any information out of cflowd. Here's some output to show what I'm getting:
$ flowdump /usr/local/arts/data/cflowd/flows/210.80.157.1.flows.0 -c
matched 0 of 0 flows
$ cfdifmatrix -c /usr/local/etc/cflowd.conf 210.80.157.1
period: 10/31/2002 14:22:23 - 01/01/1970 10:00:00 EST (-17267242 min, -23 sec)
What I'm interested is is:
1. Are there any tools I can use to see if cflowdmux is passing the data to cflowd?
2. Does anyone know a particular reason why I'm getting a period ending at that particular time?
My OPTIONS stanza is set to the defaults. Here are the other stanzas I'm using:
--------------------------------------------------------------------------------
COLLECTOR {
HOST: 203.166.102.50 # IP address of central collector
ADDRESSES: { }
AUTH: none
}
CISCOEXPORTER {
HOST: 210.80.157.1 # IP address of Cisco sending data.
ADDRESSES: { 210.80.157.1 } # Addresses of interfaces on Cisco sending data.
CFDATAPORT: 2055 # Port on which to listen for data.
SNMPCOMM: 'public' # SNMP community name.
LOCALAS: 1324 # Local AS of Cisco sending data.
COLLECT: { protocol, portmatrix, ifmatrix, nexthop, netmatrix,
asmatrix, tos, flows }
}
--------------------------------------------------------------------------------
Any help would be much appreciated.
Thanks all,
Tim Nelson
Systems Administrator
Sunet Internet
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187
Web: http://www.sunet.com.au/
Email: sysadmin@sunet.com.au
_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd
This archive was generated by hypermail 2.1.4 : Wed Oct 30 2002 - 20:53:37 PST