[Cflowd] Cflowd setup.

From: Kris Amy (kris@lunadawn.net)
Date: Tue Mar 04 2003 - 14:55:54 PST

Next message: tahereh mehrjerdi: "[Cflowd] RE:[cflowd]make problem on linux"

Previous message: Martin van den Nieuwelaar: "Re: [Cflowd] Tracking DoS Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

It appears that no netflow traffic is coming from my cisco to my cflowd
server. Here's the relevant conf.

Ethernet 1/0 is my external interface to my provider, and is on dhcp.
Async 65 is internal and is 192.168.10.1

<cisco>
ip flow-cache timeout active 1
interface Ethernet1/0
ip route-cache flow
interface Async65
ip route-cache flow
ip flow-export source Ethernet1/0
ip flow-export version 5
ip flow-export destination 192.168.2.35 2055

<cflowd.conf>
OPTIONS {
  LOGFACILITY: local6
  TCPCOLLECTPORT: 2056
  PKTBUFSIZE: 2097152
  TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
  FLOWDIR: /data/cflowd/flows
  FLOWFILELEN: 1000000
  NUMFLOWFILES: 10
  MINLOGMISSED: 1000
}
COLLECTOR {
  HOST: 192.168.2.35
  ADDRESSES: { 192.168.2.35 }
  AUTH: none
}
CISCOEXPORTER {
  HOST: 192.168.10.1 # IP address of Cisco sending data.
  ADDRESSES: { 192.168.10.1, # Addresses of interfaces on Cisco
                  X.X.X.X} # sending data.
  CFDATAPORT: 2055 # Port on which to listen for data.
  SNMPCOMM: 'public' # SNMP community name.
  LOCALAS: 1324 # Local AS of Cisco sending data.
  COLLECT: { protocol, portmatrix, ifmatrix, nexthop, netmatrix,
                  asmatrix, tos, flows }
}

Then when i try to run flowscan with this config:-
FlowFileGlob /data/cflowd/flows/192.168.10.1.flows.*[0-9]
ReportClasses CampusIO
WaitSeconds 300
Verbose 1

I get:-
NextHops and OutputIfIndexes are undefined.
Identifying outbound flows based solely on destination address ...
Loading "/usr/local/bin/Napster_subnets.boulder" ...
Loading "/usr/local/bin/local_nets.boulder" ...
2003/03/05 08:56:48 working on file
/data/cflowd/flows/192.168.10.1.flows.0...
/data/cflowd/flows/192.168.10.1.flows.0: Invalid index in cflowd flow file:
0x0! Version 5 flow-export is required with *all* fields being saved.
2003/03/05 08:56:48 flowscan-1.020 CampusIO: Cflow::find took 0 wallclock
secs ( 0.02 usr + 0.00 sys = 0.02 CPU) for 1000000 flow file bytes, flow
hit ratio: 0/501
Segmentation fault

Any ideas?

Kris Amy

_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd

Next message: tahereh mehrjerdi: "[Cflowd] RE:[cflowd]make problem on linux"
Previous message: Martin van den Nieuwelaar: "Re: [Cflowd] Tracking DoS Attacks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Mar 04 2003 - 15:09:42 PST