Re: [Nfsen-discuss] Problems using old nfdump data
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Problems using old nfdump data
|
From: Esben B. <es...@cs...> - 2006-04-03 19:33:15
|
Ahh okay that might be the problem, was not aware that the connectors had to have the same name. I will give that a try asap. I have not tested anything with a live netflow feed, since our current installation is rather complex and relies on the old flow-tools data, so for the time being (probably not a permanent solution) i will have to convert the flow-tools data every now and then. I will get back on the progress to see if changing the name works. Ivan A. Beveridge wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On 03/04/2006 18:37, Esben Bach wrote: > > >>I followed the instructions on the nfsen webpage on using "old" nfdump >>data by placing the nfdump output in the profiles directory. However my >>"old" nfdump data is new data created by using: >>ft2nfdump -r /path/to/flow-tools/datafile | nfdump -w >>/pack/nfsen/profiles/live/output >>Which seems to work just fine. >> >>However when i run the "nfsen -r live" command as described in the >>documentation, my syslog yells out the following: >> >>Statring ./nfsen. >>Rebuild: No data file found in profile 'live' >>Terminating ./nfsen. >> >>However the "output" file is neatly placed in the profile directory, and >>i have made it world writeable (just to be sure it was not a permission >>problem). >> >>FYI i am using nfdump-1.5 and nfsen-1.2.4 and the flow-tools >>installation is 0.66. >> >> > >Do you have a collector configured in your nfsen.conf called "output"? > >I'm not too sure what you have set your profile-data directory as, but >here I set it to /opt/data/nfsen: > > >======================== >ivan ~ $ find /opt/data/nfsen/ -type d >/opt/data/nfsen/ >/opt/data/nfsen/profiles >/opt/data/nfsen/profiles/live >/opt/data/nfsen/profiles/live/switch02 >/opt/data/nfsen/profiles/live/switch17 >/opt/data/nfsen/profiles/live/switch20 >/opt/data/nfsen/profiles/live/switch28 >/opt/data/nfsen/profiles/smtp >/opt/data/nfsen/profiles/smtp/switch02 >/opt/data/nfsen/profiles/smtp/switch17 >/opt/data/nfsen/profiles/smtp/switch20 >/opt/data/nfsen/profiles/smtp/switch28 >======================== > >The data files are in the leaf directories, named: ><profilename>/<collectorname>/ >(eg live/switch02) > >Sorry if the above seems blindingly obvious :) > >Are you able to get a live netflow feed working into your nfsen setup? >If not, it may be worth ensuring your basic setup is working with a live >netflow feed first. > >Cheers > > >Ivan >- -- >Ivan Beveridge ><iv...@li...> http://www.linx.net/ >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.1 (MingW32) >Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > >iD8DBQFEMWqeQQZN5jq7vncRAu8iAJ9Db7SKRipselu2ssSJJU6l60ZmewCgjRB4 >vd8MRTVTrM1ryOoc98dpSPU= >=4uI4 >-----END PGP SIGNATURE----- > > >------------------------------------------------------- >This SF.Net email is sponsored by xPML, a groundbreaking scripting language >that extends applications into web and mobile media. Attend the live webcast >and join the prime developer group breaking into this new coding territory! >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >_______________________________________________ >Nfsen-discuss mailing list >Nfs...@li... >https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > |
