Re: [Nfdump-discuss] nfsen syslog problem
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] nfsen syslog problem
|
From: Xavier F. <xfu...@xt...> - 2007-08-09 12:17:43
|
Hi Peter,
On dj, 2007-08-09 at 13:47 +0200, Peter Haag wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> - --On August 9, 2007 13:33:58 +0200 Xavier Fustero <xfu...@xt...> wrote:
>
> | Hi Peter,
> |
> |
> | On dj, 2007-08-09 at 10:41 +0200, Peter Haag wrote:
> | > -----BEGIN PGP SIGNED MESSAGE-----
> | > Hash: SHA1
> | >
> | >
> | >
> | > - --On August 8, 2007 16:51:54 +0200 Xavier Fustero <xfu...@xt...> wrote:
> | >
> | > | Hi,
> | > |
> | > | I have installed nfsen on a server and added two routers in the config
> | > | file (tramuntana and garbi). Then I get a strange message starting it.
> | > |
> | > | [reta]/opt/nfsen/bin # ./nfsen.rc start
> | > | -n Starting nfcpad:
> | > | -n tramuntana
> | > | -n garbi
> | > | done.
> | > | -n Starting nfsen-run:
> | > | unix dgram connect: Socket operation on non-socket
> | > | at /opt/nfsen/bin/nfsen-run line 585
> | > | unix dgram connect: Socket operation on non-socket
> | > | at /opt/nfsen/bin/nfsen-run line 79
> | > | no connection to syslog available at /opt/nfsen/bin/nfsen-run line 79
> | > | done.
> | >
> | > Could you please try the 1.3b. nfsen-run is an older nfsen version. If you start
> | > from scratch - start with 1.3b.
> |
> | I have updated the nfs 1.3b. According to your README file, I have
> | applied the first option, a new installation. I copied my previous
> | config file nfsen.conf to the new directory /opt/nfs-1.3b/etc and run
> | your installation script:
> | ./install.pl etc/nfsen.conf
>
> Do not copy anything by hand.
> Run again
>
> ./install.pl /opt/nfs-1.3b/etc/nfsen.conf
>
> with full path.
>
> - Peter
I have untar you 1.3b-20070720 under /tmp and run your installation
script. My previous nfsen directory is under /opt/nfsen.
[reta]/tmp/nfsen-1.3b-20070720
# ./install.pl /opt/nfsen-1.2.4/etc/nfsen.conf
Check for required Perl modules: All modules found.
unix dgram connect: Socket operation on non-socket at libexec/NfSen.pm
line 769
no connection to syslog available at libexec/NfSen.pm line 769
If I go under /tmp/nfsen-1.3b-20070720/bin and try to execute something,
I need to define all LIBEXECDIR and PERL path from your scripts. Should
it not being done automatically through your script? Is
the /tmp/nfsen-1.3b-20070720 the target directory for the new
installation?
I modified the paths from your scripts to my environment and try to run
the nfsen:
perl -pi -e 's/\%\%PERL\%\%/\/usr\/bin\/perl/g' files_under_bin
perl -pi -e 's/\%\%LIBEXECDIR\%\%/\/tmp\/nfsen-1.3b-20070720\/libexec/g'
files_under_bin
but it didn't help...
[reta]/tmp/nfsen-1.3b-20070720/bin # ./nfsen start
ERR No NFSEN config file found.
Thanks,
Xavi
> |
> | I can see the nfsen.rc script has dissapeared. I run the
> | 'bin/nfsen start' but it complains:
> |
> | ERR No NFSEN config file found.
> |
> | However, this is defined in the etc/nfsen.conf file. Could you please
> | tell me how to fix this?
> |
> | Anyway, I haven't modify the Sys::Syslog::setlogsock('unix'); to 'inet'
> | and it haven't complain so far...
> |
> | Best regards,
> | Xavi
> |
> |
> |
> |
> | > - Peter
> | > |
> | > | However, I can see nfcapd processes running on my server:
> | > |
> | > | 0 S netflow 16266 1 0 40 20 ? 397 ? 16:42:00 ?
> | > | 0:00 /usr/local/bin/nfcapd -w -D -I tram
> | > | 0 S netflow 16273 1 0 40 20 ? 261 ? 16:42:00
> | > | pts/7 0:00 /usr/local/bin/nfcapd -w -D -I garb
> | > | 0 S netflow 16279 1 0 40 20 ? 397 ? 16:42:00 ?
> | > | 0:00 /usr/local/bin/nfcapd -w -D -I garb
> | > | 0 S netflow 16260 1 0 40 20 ? 261 ? 16:42:00
> | > | pts/7 0:00 /usr/local/bin/nfcapd -w -D -I tram
> | > |
> | > |
> | > | and new data is collected in the $BASEDIR/profiles/live/[tramuntana|
> | > | garbi] directories. Unfortunately, when I connect to the web page
> | > | http://localhost/nfsen/nfsen.php I can't see any data.
> | > |
> | > | I have running syslog-ng on this server. I am wondering if there is a
> | > | compatibily problem with the perl package Sys::Syslog and syslog-ng.
> | > |
> | > | I don't have any option to create a new profile on the top-right
> | > | combobox (selected profile). I read somewhere to click on the Stats tab
> | > | but there I can just see my two sources without option to edit anything
> | > | but Max.Size and Expire.
> | > |
> | > | Does anyone can give me a clue about the above error and how create or
> | > | edit a profile?
> | > |
> | > | Thanks a lot,
> | > | Xavi
> | > |
> | > |
> | > | -------------------------------------------------------------------------
> | > | This SF.net email is sponsored by: Splunk Inc.
> | > | Still grepping through log files to find problems? Stop.
> | > | Now Search log events and configuration files using AJAX and a browser.
> | > | Download your FREE copy of Splunk now >> http://get.splunk.com/
> | > | _______________________________________________
> | > | Nfdump-discuss mailing list
> | > | Nfd...@li...
> | > | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> | >
> | >
> | >
> | > - --
> | > _______ SWITCH - The Swiss Education and Research Network ______
> | > Peter Haag, Security Engineer, Member of SWITCH CERT
> | > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> | > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> | > E-mail: pet...@sw... Web: http://www.switch.ch/
> | > -----BEGIN PGP SIGNATURE-----
> | > Version: GnuPG v1.4.3 (Darwin)
> | >
> | > iQCVAwUBRrrTIv5AbZRALNr/AQKZjAP/ZdGvXqSQ8gYkN3jbpE7meRtfW90atGC2
> | > 3a6dlnRy+G3kYKjShR7W5T5+8Bzweq8ocukvxHlN849wVdzSm0wKd5SuJhHXvyrh
> | > fs9Y9uEKXrNOMS0v7MzvqmYMd14+T+likyXnbGORc4yYXm88R+ojhQ2GZOc+mdjn
> | > C7sngaedJJo=
> | > =YzEg
> | > -----END PGP SIGNATURE-----
> | >
> |
> |
> | -------------------------------------------------------------------------
> | This SF.net email is sponsored by: Splunk Inc.
> | Still grepping through log files to find problems? Stop.
> | Now Search log events and configuration files using AJAX and a browser.
> | Download your FREE copy of Splunk now >> http://get.splunk.com/
> | _______________________________________________
> | Nfdump-discuss mailing list
> | Nfd...@li...
> | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
>
>
> - --
> _______ SWITCH - The Swiss Education and Research Network ______
> Peter Haag, Security Engineer, Member of SWITCH CERT
> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> E-mail: pet...@sw... Web: http://www.switch.ch/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
>
> iQCVAwUBRrr+zP5AbZRALNr/AQIQEQP/R8Kl/tw8ab76skEchlxg/lvvQmuFYhjZ
> 0Y8Hy+pYIIlF7cbpl02AYxfvQbDRdbU2DgmiM+yrHYWxB2raIyZiOhxHsw7N9i0E
> 0HamRnKqRKz0QhYhntohr/TySE6AMUIOBoi4wtfUL3eQA/qbI7EX1yznRvKgZFBs
> NeFNf1P/si8=
> =QNEP
> -----END PGP SIGNATURE-----
>
|