Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please
|
From: Aaron <aa...@gv...> - 2013-04-01 13:16:57
|
I think it’s version 9 based on the configuration of the cisco router that I have sending at this linux machine Aaron From: Mon-Loi Perez [mailto:mlp...@ya...] Sent: Monday, April 01, 2013 6:53 AM To: Aaron Cc: <nfd...@li...> Subject: Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please What is the version of your netflow?do a $ps -wef | grep nfcapd to see your nfcapd options. Or you can also try nfcapd -E for debugging but make sure only 1 instance of nfcapd is running. Mon On Mar 30, 2013, at 22:56, "Aaron" <aa...@gv...> wrote: Hi All, I’m new to the list, and also new to nfdump/nfsen. I have begun trying to install and get running nfdump, please provide guidance where you are able... I also haven’t begun installing nfsen since I thought that nfdump needed to work first before nfsen should be installed, and I am thinking that nfdump may not be working yet...let me know what you think. I’m following the instructions on this site... http://www.3open.org/d/tips/install_nfdump_on_centos_5 ...the only thing I haven’t done on this site is the part at the bottom titled “init script for nfcapd” ...do I need to do that part? If so how? I’ve gotten through most all the steps and I see the following...it seems the files are being built but I don’t see anything in the files... I do know that my router is sending netflow exported data to udp 9995 since tcpdump on this host shows it arriving here. [root@me ~]# ls -la /var/cache/nfdump/2013 total 12 drwxr-xr-x. 3 netflow netflow 4096 Mar 29 09:45 . drwxr-xr-x. 3 netflow netflow 4096 Mar 30 10:45 .. drwxr-xr-x. 4 netflow netflow 4096 Mar 30 00:05 03 [root@me ~]# ls -la /var/cache/nfdump/2013/03 total 16 drwxr-xr-x. 4 netflow netflow 4096 Mar 30 00:05 . drwxr-xr-x. 3 netflow netflow 4096 Mar 29 09:45 .. drwxr-xr-x. 17 netflow netflow 4096 Mar 29 23:05 29 drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 30 [root@me ~]# ls -la /var/cache/nfdump/2013/03/30 total 52 drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 . drwxr-xr-x. 4 netflow netflow 4096 Mar 30 00:05 .. drwxr-xr-x. 2 netflow netflow 4096 Mar 30 01:00 00 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 02:00 01 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 03:00 02 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 04:00 03 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 05:00 04 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 06:00 05 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 07:00 06 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 08:00 07 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 09:00 08 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 10:00 09 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 10:45 10 [root@me ~]# ls -la /var/cache/nfdump/2013/03/30/10 total 44 drwxr-xr-x. 2 netflow netflow 4096 Mar 30 10:45 . drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 .. -rw-r--r--. 1 netflow netflow 276 Mar 30 10:05 nfcapd.201303301000 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:10 nfcapd.201303301005 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:15 nfcapd.201303301010 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:20 nfcapd.201303301015 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:25 nfcapd.201303301020 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:30 nfcapd.201303301025 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:35 nfcapd.201303301030 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:40 nfcapd.201303301035 -rw-r--r--. 1 netflow netflow 276 Mar 30 10:45 nfcapd.201303301040 [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301000 Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows No matched flows [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301005 Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows No matched flows [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301040 Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows No matched flows [root@me ~]# tcpdump -i eth0 -nn | grep -i 9995 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 10:51:56.504510 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 252 10:51:57.506593 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 880 10:51:59.510514 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 708 10:52:00.513018 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1336 10:52:00.513521 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:00.513597 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:00.513620 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:00.513641 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:00.513661 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1392 10:52:00.513722 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:00.513754 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:00.513805 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:00.513820 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 368 10:52:01.515624 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:01.516152 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:01.517030 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:01.517087 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:01.517100 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 10:52:01.517111 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452 ^C114 packets captured 114 packets received by filter 0 packets dropped by kernel Aaron ------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Nfdump-discuss mailing list Nfd...@li... https://lists.sourceforge.net/lists/listinfo/nfdump-discuss |
