Re: [Nfsen-discuss] oddity after upgrade (lack of data)
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] oddity after upgrade (lack of data)
|
From: Peter H. <ha...@sw...> - 2006-04-05 10:27:22
|
-----BEGIN PGP SIGNED MESSAGE-----
Hi Brian,
- --On March 29, 2006 16:48:39 -0800 Brian Jones <wor...@gm...> wrote:
| I upgraded to the lastest snapshot (thanks for adding this Peter) because I
| wanted the ability to add new sources.
| Unfortunately even though I have 10GB or so of flow logs it didn't seen to
| processs them in to the RRD.
|
| I didn't make some changes to NfsenRRD.pm to make the RRAs large (but I've
| done this in the past without trouble).
|
| I'm wondering where I might be going wrong?
|
| Here's an output on the profile:
| #
| # Profile live.
| #
| name live
| tstart Sat Mar 11 20:45:00 2006
| tend Wed Mar 29 16:40:00 2006
| updated Wed Mar 29 16:40:00 2006
| filter <none>
| expire 0 hours
| size 7.9 GB
| maxsize 10.0 GB
| sources anaheim_out:burbank_out:amsterdam_out
| type live
| locked 0
| status OK
|
| You can see it starts March 11th, but I'm only seeing data from the time I
| did the upgrade.
|
| My only other thought is I may have changed the collector names at some
| point in the process, but I don't think that should impact the old logs?
Please describe, what excatly you have done.
You must have done something strange as creating a file named 1142138400.rrd is
more than odd!
Otherwise:
1. Make sure the sources in your nfsen.conf corresponds to your directory names
in profile/live.
2. run ./nfsen reconfig
3. rebuild your profile live: ./nfsen -r live
You may do that at any time, while new data is coming in. Profile access is
arbitrated correctly.
This should bring back your profile, but anyway I'd be interessted what you really did ...
- Peter
|
| TIA
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: pet...@sw... Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iQCVAwUBRDObcv5AbZRALNr/AQHJ1QP/Ql4tbXtMKS4/6R/oxO5UKrdrYi+teP5r
4OVg1FTxS1rYe/LjEmM12h0luyz9YpbAtbEPU7Lo/f3/x7Kld6sBqZKFudIwtdGd
f/oc42AJRiuAPJPWa2Uh90DYo7+YBv6hqLeM+UeeAMWZ7IABtojZRyE/upHCGLc+
XB/sN9VbI8E=
=AdIa
-----END PGP SIGNATURE-----
|
