Re: [Nfsen-discuss] Problems using old nfdump data
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Problems using old nfdump data
|
From: Esben B. <es...@cs...> - 2006-04-03 20:11:22
|
Hmm okay i tried renaming, but apparently that does not work or i am
doing something wrong.
Important configuration bits as follows:
<begin>
$BASEDIR= "/pack/nfsen-1.2.4";
$PROFILESTATDIR="/netanalysis/nfsen/profiles";
$PROFILEDATADIR="${BASEDIR}/profiles";
%source = (
'output' => { 'port' => '9997', 'col' => '#ff0000'},
);
<end>
The data from nfdump is placed in
/pack/nfsen-1.2.4/profiles/live/output/output
But i get the same error when trying to rebuild the live profile. Any
ideas, or is further conf files needed?
--
Esben
Esben Bach wrote:
> Ahh okay that might be the problem, was not aware that the connectors
> had to have the same name. I will give that a try asap.
>
> I have not tested anything with a live netflow feed, since our current
> installation is rather complex and relies on the old flow-tools data,
> so for the time being (probably not a permanent solution) i will have
> to convert the flow-tools data every now and then.
>
> I will get back on the progress to see if changing the name works.
>
> Ivan A. Beveridge wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 03/04/2006 18:37, Esben Bach wrote:
>>
>>
>>> I followed the instructions on the nfsen webpage on using "old" nfdump
>>> data by placing the nfdump output in the profiles directory. However my
>>> "old" nfdump data is new data created by using:
>>> ft2nfdump -r /path/to/flow-tools/datafile | nfdump -w
>>> /pack/nfsen/profiles/live/output
>>> Which seems to work just fine.
>>>
>>> However when i run the "nfsen -r live" command as described in the
>>> documentation, my syslog yells out the following:
>>>
>>> Statring ./nfsen.
>>> Rebuild: No data file found in profile 'live'
>>> Terminating ./nfsen.
>>>
>>> However the "output" file is neatly placed in the profile directory,
>>> and
>>> i have made it world writeable (just to be sure it was not a permission
>>> problem).
>>>
>>> FYI i am using nfdump-1.5 and nfsen-1.2.4 and the flow-tools
>>> installation is 0.66.
>>>
>>
>>
>> Do you have a collector configured in your nfsen.conf called "output"?
>>
>> I'm not too sure what you have set your profile-data directory as, but
>> here I set it to /opt/data/nfsen:
>>
>>
>> ========================
>> ivan ~ $ find /opt/data/nfsen/ -type d
>> /opt/data/nfsen/
>> /opt/data/nfsen/profiles
>> /opt/data/nfsen/profiles/live
>> /opt/data/nfsen/profiles/live/switch02
>> /opt/data/nfsen/profiles/live/switch17
>> /opt/data/nfsen/profiles/live/switch20
>> /opt/data/nfsen/profiles/live/switch28
>> /opt/data/nfsen/profiles/smtp
>> /opt/data/nfsen/profiles/smtp/switch02
>> /opt/data/nfsen/profiles/smtp/switch17
>> /opt/data/nfsen/profiles/smtp/switch20
>> /opt/data/nfsen/profiles/smtp/switch28
>> ========================
>>
>> The data files are in the leaf directories, named:
>> <profilename>/<collectorname>/
>> (eg live/switch02)
>>
>> Sorry if the above seems blindingly obvious :)
>>
>> Are you able to get a live netflow feed working into your nfsen setup?
>> If not, it may be worth ensuring your basic setup is working with a live
>> netflow feed first.
>>
>> Cheers
>>
>>
>> Ivan
>> - --
>> Ivan Beveridge
>> <iv...@li...> http://www.linx.net/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.1 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> iD8DBQFEMWqeQQZN5jq7vncRAu8iAJ9Db7SKRipselu2ssSJJU6l60ZmewCgjRB4
>> vd8MRTVTrM1ryOoc98dpSPU=
>> =4uI4
>> -----END PGP SIGNATURE-----
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by xPML, a groundbreaking scripting
>> language
>> that extends applications into web and mobile media. Attend the live
>> webcast
>> and join the prime developer group breaking into this new coding
>> territory!
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
>> _______________________________________________
>> Nfsen-discuss mailing list
>> Nfs...@li...
>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>
>>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding
> territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Nfsen-discuss mailing list
> Nfs...@li...
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
|
