Re: [Nfdump-discuss] nfsen syslog problem
netflow collecting and processing tools
Brought to you by:
phaag
From: Xavier F. <xfu...@xt...> - 2007-08-09 12:17:43
|
Hi Peter, On dj, 2007-08-09 at 13:47 +0200, Peter Haag wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > - --On August 9, 2007 13:33:58 +0200 Xavier Fustero <xfu...@xt...> wrote: > > | Hi Peter, > | > | > | On dj, 2007-08-09 at 10:41 +0200, Peter Haag wrote: > | > -----BEGIN PGP SIGNED MESSAGE----- > | > Hash: SHA1 > | > > | > > | > > | > - --On August 8, 2007 16:51:54 +0200 Xavier Fustero <xfu...@xt...> wrote: > | > > | > | Hi, > | > | > | > | I have installed nfsen on a server and added two routers in the config > | > | file (tramuntana and garbi). Then I get a strange message starting it. > | > | > | > | [reta]/opt/nfsen/bin # ./nfsen.rc start > | > | -n Starting nfcpad: > | > | -n tramuntana > | > | -n garbi > | > | done. > | > | -n Starting nfsen-run: > | > | unix dgram connect: Socket operation on non-socket > | > | at /opt/nfsen/bin/nfsen-run line 585 > | > | unix dgram connect: Socket operation on non-socket > | > | at /opt/nfsen/bin/nfsen-run line 79 > | > | no connection to syslog available at /opt/nfsen/bin/nfsen-run line 79 > | > | done. > | > > | > Could you please try the 1.3b. nfsen-run is an older nfsen version. If you start > | > from scratch - start with 1.3b. > | > | I have updated the nfs 1.3b. According to your README file, I have > | applied the first option, a new installation. I copied my previous > | config file nfsen.conf to the new directory /opt/nfs-1.3b/etc and run > | your installation script: > | ./install.pl etc/nfsen.conf > > Do not copy anything by hand. > Run again > > ./install.pl /opt/nfs-1.3b/etc/nfsen.conf > > with full path. > > - Peter I have untar you 1.3b-20070720 under /tmp and run your installation script. My previous nfsen directory is under /opt/nfsen. [reta]/tmp/nfsen-1.3b-20070720 # ./install.pl /opt/nfsen-1.2.4/etc/nfsen.conf Check for required Perl modules: All modules found. unix dgram connect: Socket operation on non-socket at libexec/NfSen.pm line 769 no connection to syslog available at libexec/NfSen.pm line 769 If I go under /tmp/nfsen-1.3b-20070720/bin and try to execute something, I need to define all LIBEXECDIR and PERL path from your scripts. Should it not being done automatically through your script? Is the /tmp/nfsen-1.3b-20070720 the target directory for the new installation? I modified the paths from your scripts to my environment and try to run the nfsen: perl -pi -e 's/\%\%PERL\%\%/\/usr\/bin\/perl/g' files_under_bin perl -pi -e 's/\%\%LIBEXECDIR\%\%/\/tmp\/nfsen-1.3b-20070720\/libexec/g' files_under_bin but it didn't help... [reta]/tmp/nfsen-1.3b-20070720/bin # ./nfsen start ERR No NFSEN config file found. Thanks, Xavi > | > | I can see the nfsen.rc script has dissapeared. I run the > | 'bin/nfsen start' but it complains: > | > | ERR No NFSEN config file found. > | > | However, this is defined in the etc/nfsen.conf file. Could you please > | tell me how to fix this? > | > | Anyway, I haven't modify the Sys::Syslog::setlogsock('unix'); to 'inet' > | and it haven't complain so far... > | > | Best regards, > | Xavi > | > | > | > | > | > - Peter > | > | > | > | However, I can see nfcapd processes running on my server: > | > | > | > | 0 S netflow 16266 1 0 40 20 ? 397 ? 16:42:00 ? > | > | 0:00 /usr/local/bin/nfcapd -w -D -I tram > | > | 0 S netflow 16273 1 0 40 20 ? 261 ? 16:42:00 > | > | pts/7 0:00 /usr/local/bin/nfcapd -w -D -I garb > | > | 0 S netflow 16279 1 0 40 20 ? 397 ? 16:42:00 ? > | > | 0:00 /usr/local/bin/nfcapd -w -D -I garb > | > | 0 S netflow 16260 1 0 40 20 ? 261 ? 16:42:00 > | > | pts/7 0:00 /usr/local/bin/nfcapd -w -D -I tram > | > | > | > | > | > | and new data is collected in the $BASEDIR/profiles/live/[tramuntana| > | > | garbi] directories. Unfortunately, when I connect to the web page > | > | http://localhost/nfsen/nfsen.php I can't see any data. > | > | > | > | I have running syslog-ng on this server. I am wondering if there is a > | > | compatibily problem with the perl package Sys::Syslog and syslog-ng. > | > | > | > | I don't have any option to create a new profile on the top-right > | > | combobox (selected profile). I read somewhere to click on the Stats tab > | > | but there I can just see my two sources without option to edit anything > | > | but Max.Size and Expire. > | > | > | > | Does anyone can give me a clue about the above error and how create or > | > | edit a profile? > | > | > | > | Thanks a lot, > | > | Xavi > | > | > | > | > | > | ------------------------------------------------------------------------- > | > | This SF.net email is sponsored by: Splunk Inc. > | > | Still grepping through log files to find problems? Stop. > | > | Now Search log events and configuration files using AJAX and a browser. > | > | Download your FREE copy of Splunk now >> http://get.splunk.com/ > | > | _______________________________________________ > | > | Nfdump-discuss mailing list > | > | Nfd...@li... > | > | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > | > > | > > | > > | > - -- > | > _______ SWITCH - The Swiss Education and Research Network ______ > | > Peter Haag, Security Engineer, Member of SWITCH CERT > | > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 > | > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland > | > E-mail: pet...@sw... Web: http://www.switch.ch/ > | > -----BEGIN PGP SIGNATURE----- > | > Version: GnuPG v1.4.3 (Darwin) > | > > | > iQCVAwUBRrrTIv5AbZRALNr/AQKZjAP/ZdGvXqSQ8gYkN3jbpE7meRtfW90atGC2 > | > 3a6dlnRy+G3kYKjShR7W5T5+8Bzweq8ocukvxHlN849wVdzSm0wKd5SuJhHXvyrh > | > fs9Y9uEKXrNOMS0v7MzvqmYMd14+T+likyXnbGORc4yYXm88R+ojhQ2GZOc+mdjn > | > C7sngaedJJo= > | > =YzEg > | > -----END PGP SIGNATURE----- > | > > | > | > | ------------------------------------------------------------------------- > | This SF.net email is sponsored by: Splunk Inc. > | Still grepping through log files to find problems? Stop. > | Now Search log events and configuration files using AJAX and a browser. > | Download your FREE copy of Splunk now >> http://get.splunk.com/ > | _______________________________________________ > | Nfdump-discuss mailing list > | Nfd...@li... > | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > > > > - -- > _______ SWITCH - The Swiss Education and Research Network ______ > Peter Haag, Security Engineer, Member of SWITCH CERT > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland > E-mail: pet...@sw... Web: http://www.switch.ch/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (Darwin) > > iQCVAwUBRrr+zP5AbZRALNr/AQIQEQP/R8Kl/tw8ab76skEchlxg/lvvQmuFYhjZ > 0Y8Hy+pYIIlF7cbpl02AYxfvQbDRdbU2DgmiM+yrHYWxB2raIyZiOhxHsw7N9i0E > 0HamRnKqRKz0QhYhntohr/TySE6AMUIOBoi4wtfUL3eQA/qbI7EX1yznRvKgZFBs > NeFNf1P/si8= > =QNEP > -----END PGP SIGNATURE----- > |