Re: [Cflowd] How do I tell if cflowd/cflowdmux are collecting data?

From: Systems Administrator (sysadmin@sunet.com.au)
Date: Thu Oct 31 2002 - 16:21:03 PST

  • Next message: balaram velega: "[Cflowd] cflowd problem"

        Hi all. I discovered sometihng thanks to bbnfc and some advice from Martin van der Nieuwelaar. tcpdump shows you the traffic *before* ipchains processes it.

        (Bangs forehead on wall... :) ).

        Thanks all,

    Tim Nelson
    Systems Administrator
    Sunet Internet
    Tel: +61 3 5241 1155
    Fax: +61 3 5241 6187
    Web: http://www.sunet.com.au/
    Email: sysadmin@sunet.com.au
      ----- Original Message -----
      From: Systems Administrator
      To: cflowd@caida.org
      Sent: Thursday, October 31, 2002 3:46 PM
      Subject: [Cflowd] How do I tell if cflowd/cflowdmux are collecting data?

          Hi all. I'm setting up a cflowd setup here, and I've used tcpdump to determine that the cflowd machine is indeed receiving NetFlow packets on the port that cflowdmux is listening on. However, I don't seem to be getting any information out of cflowd. Here's some output to show what I'm getting:

      $ flowdump /usr/local/arts/data/cflowd/flows/210.80.157.1.flows.0 -c
      matched 0 of 0 flows

      $ cfdifmatrix -c /usr/local/etc/cflowd.conf 210.80.157.1
      period: 10/31/2002 14:22:23 - 01/01/1970 10:00:00 EST (-17267242 min, -23 sec)

          What I'm interested is is:
      1. Are there any tools I can use to see if cflowdmux is passing the data to cflowd?
      2. Does anyone know a particular reason why I'm getting a period ending at that particular time?

          My OPTIONS stanza is set to the defaults. Here are the other stanzas I'm using:
      --------------------------------------------------------------------------------
      COLLECTOR {
        HOST: 203.166.102.50 # IP address of central collector
        ADDRESSES: { }
        AUTH: none
      }

      CISCOEXPORTER {
        HOST: 210.80.157.1 # IP address of Cisco sending data.
        ADDRESSES: { 210.80.157.1 } # Addresses of interfaces on Cisco sending data.
        CFDATAPORT: 2055 # Port on which to listen for data.
        SNMPCOMM: 'public' # SNMP community name.
        LOCALAS: 1324 # Local AS of Cisco sending data.
        COLLECT: { protocol, portmatrix, ifmatrix, nexthop, netmatrix,
                        asmatrix, tos, flows }
      }
      --------------------------------------------------------------------------------
       
          Any help would be much appreciated.
       
          Thanks all,
       
      Tim Nelson
      Systems Administrator
      Sunet Internet
      Tel: +61 3 5241 1155
      Fax: +61 3 5241 6187
      Web: http://www.sunet.com.au/
      Email: sysadmin@sunet.com.au

    _______________________________________________
    Cflowd mailing list
    Cflowd@caida.org
    http://login.caida.org/mailman/listinfo/cflowd



    This archive was generated by hypermail 2.1.4 : Thu Oct 31 2002 - 16:27:41 PST