Re: [Nfsen-discuss] Problems using old nfdump data
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Problems using old nfdump data
|
From: Ivan A. B. <iv...@li...> - 2006-04-03 18:35:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/04/2006 18:37, Esben Bach wrote: > I followed the instructions on the nfsen webpage on using "old" nfdump > data by placing the nfdump output in the profiles directory. However my > "old" nfdump data is new data created by using: > ft2nfdump -r /path/to/flow-tools/datafile | nfdump -w > /pack/nfsen/profiles/live/output > Which seems to work just fine. > > However when i run the "nfsen -r live" command as described in the > documentation, my syslog yells out the following: > > Statring ./nfsen. > Rebuild: No data file found in profile 'live' > Terminating ./nfsen. > > However the "output" file is neatly placed in the profile directory, and > i have made it world writeable (just to be sure it was not a permission > problem). > > FYI i am using nfdump-1.5 and nfsen-1.2.4 and the flow-tools > installation is 0.66. Do you have a collector configured in your nfsen.conf called "output"? I'm not too sure what you have set your profile-data directory as, but here I set it to /opt/data/nfsen: ======================== ivan ~ $ find /opt/data/nfsen/ -type d /opt/data/nfsen/ /opt/data/nfsen/profiles /opt/data/nfsen/profiles/live /opt/data/nfsen/profiles/live/switch02 /opt/data/nfsen/profiles/live/switch17 /opt/data/nfsen/profiles/live/switch20 /opt/data/nfsen/profiles/live/switch28 /opt/data/nfsen/profiles/smtp /opt/data/nfsen/profiles/smtp/switch02 /opt/data/nfsen/profiles/smtp/switch17 /opt/data/nfsen/profiles/smtp/switch20 /opt/data/nfsen/profiles/smtp/switch28 ======================== The data files are in the leaf directories, named: <profilename>/<collectorname>/ (eg live/switch02) Sorry if the above seems blindingly obvious :) Are you able to get a live netflow feed working into your nfsen setup? If not, it may be worth ensuring your basic setup is working with a live netflow feed first. Cheers Ivan - -- Ivan Beveridge <iv...@li...> http://www.linx.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEMWqeQQZN5jq7vncRAu8iAJ9Db7SKRipselu2ssSJJU6l60ZmewCgjRB4 vd8MRTVTrM1ryOoc98dpSPU= =4uI4 -----END PGP SIGNATURE----- |
