Empty Graphs and Reports, Flowviewer and flow-tools
FlowViewer is a web-based netflow data analysis tool.
Brought to you by:
jloiacon
Menu
▾
▴
Hello guys,
I installed flow-tools from repository:
simple collector:
-w /var/flows/cisco -n 275 -N 3 0.0.0.0/172.16.0.200/3001
ps -ef | grep -v grep | grep flow
root 32284 3711 0 14:16 ? 00:00:00 /usr/bin/flow-capture -w /var/flows/cisco -n 275 -N 3 0.0.0.0/172.16.0.200/3001
flow-cat /var/flows/cisco/2015/2015-09/2015-09-10/* | flow-print
srcIP dstIP prot srcPort dstPort octets packets
10.0.0.2 10.0.0.1 1 0 2048 64 1
10.0.0.2 10.0.0.1 1 0 0 500 5
10.0.0.2 10.0.0.1 1 0 0 500000 5000
10.0.0.2 10.0.0.1 1 0 0 500000 5000
10.0.0.2 10.0.0.1 1 0 2048 1428 17
installed flowviewer by manual:
$reports_directory = "/var/www/html/FlowViewer";
$reports_short = "/FlowViewer";
$graphs_directory = "/var/www/html/FlowGrapher";
$graphs_short = "/FlowGrapher";
$monitor_directory = "/var/www/html/FlowMonitor";
$monitor_short = "/FlowMonitor";
$cgi_bin_directory = "/var/www/cgi-bin/FlowViewer_4.6";
$cgi_bin_short = "/cgi-bin/FlowViewer_4.6";
$work_directory = "/var/www/cgi-bin/FlowViewer_4.6/Flow_Working";
$save_directory = "/var/www/html/FlowViewer_Saves";
$save_short = "/FlowViewer_Saves";
$names_directory = "/var/www/cgi-bin/FlowViewer_4.6";
$ipset_directory = "/var/www/cgi-bin/FlowViewer_4.6"; # Where FlowViewer can find IPset files
$filter_directory = "/var/www/cgi-bin/FlowMonitor_Files/FlowMonitor_Filters";
$rrdtool_directory = "/var/www/cgi-bin/FlowMonitor_Files/FlowMonitor_RRDtool";
$dashboard_directory = "/var/www/html/FlowViewer_Dashboard";
$dashboard_short = "/FlowViewer_Dashboard";
;@other_dashboards = (); # Set to empty if you have just the one nominal Dashboard
@other_dashboards = ("/var/www/html/SOC","/var/www/html/NetOps");
;@dashboard_titles = (); # Set to empty if you have just the one nominal Dashboard
@dashboard_titles = ("Performance","SOC","NetOps"); # titles must be in the same order as the directories
$flow_data_directory = "/var/flows";
$exporter_directory = "/var/flows/all_routers";
$flow_bin_directory = "/usr/bin";
$rrdtool_bin_directory = "/usr/bin";
SiLK parameters
$silk_data_directory = "/silk/flows";
$silk_bin_directory = "/usr/local/bin";
$site_config_file = "/silk/flows/silk.conf"; # If left blank, will look for silk.conf in specified Data Rootdir (see User's Guide)
$sensor_config_file = "/silk/flows/sensor.conf";
$silk_compiled_localtime = ""; # Set to "Y" if you compiled SiLK with --enable-localtime switch
$silk_capture_buffer_pre = (125 * 60); # Start of SiLK file concatenation
$silk_capture_buffer_post= (5 * 60); # End of SiLK file concatenation
$silk_init_loadscheme = 1; # For Flows Initiated/Second - see SiLK rwcount documentation
$silk_active_loadscheme = 5; # For Flows Active/Second - see SiLK rwcount documentation
$silk_class_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
$silk_flowtype_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
$silk_type_default = "all"; # General SiLK file structure info. silk.conf, sensor.conf
$silk_sensors_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
$silk_switches_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
General parameters
$version = "4.6";
$no_devices_or_exporters = "N"; # Applies to special flow-tools environments only
@devices = ("cisco"); # for flow-tools
@ipfix_devices = (); # for SiLK, if none: @ipfix_devices = ();
@ipfix_storage = (""); # If using FlowViewer_CleanSilk, set to storage requirements for each device
$ipfix_default_device = ""; # All initial, blank forms will have this selected instead of "Select Device"
;@exporters = ("192.168.200.1:New York Router","192.168.200.2:Prague Router");
@exporters = ();
all needed folders with:
chown -R www-data:www-data /var/www/cgi-bin/
chown -R www-data:www-data /var/www/html/
chmod -R 0755 /var/www/cgi-bin/
chmod -R 0755 /var/www/html/
Collector and Grapher started:
ps -ef | grep -v grep | grep Flow
root 12959 3711 0 15:55 pts/23 00:00:00 /usr/bin/perl ./FlowMonitor_Collector
root 12961 3711 0 15:55 pts/23 00:00:00 /usr/bin/perl ./FlowMonitor_Grapher
But when i pick "cisco" and making report or graph they are empty. What i am doing wrong?
Last edit: Evgeniy Danilenko 2015-09-11
Hi Evgeniy,
Thanks for considering FlowViewer. The User's Guide has a FAQ at the back of it that might help you as you go forward. It looks like you have things set up pretty good, so the first thing we should do is check the timestamps of your flows. FAQ question 6 from the User's Guide:
Another possibility for this problem is that the timestamps on the flows are not what you are expecting, and hence the data is completely filtered out. For example, you may wish to see everything from 10:00:00 to 11:00:00 but the report is empty, and you're sure you have data because there are plenty of non-zero sized ft... files in your flow-data directory. It may be that the flows are time stamped quite differently from the file timestamp.
In this case a simple "flow-print -f5 < ft-v05.2006-01-19.100001-0500" will list the flows with embedded time stamps. The output could be long so you might want to redirect it to a file first. Compare the flow timestamps to what you are expecting. If they are off - then perhaps your router's time setting is off, or your computer time setting is off.
Joe
Hello Joe,
sorry for long response, you were right! problem was in time zone missconfiguration in our cisco equipment! After I fixed it, i have great reports and graphs. Thanks for you help!
Evgeniy