Re: [Nfsen-discuss] data-less sources breaking graphs (& thanks :)
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] data-less sources breaking graphs (& thanks :)
|
From: Ivan A. B. <iv...@li...> - 2006-05-11 13:53:09
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Peter, On 10/05/2006 08:40, Peter Haag wrote: > -------- Original Message -------- > From: "Ivan A. Beveridge" <iv...@li...> > Date: Tue May 09 2006 14:41:27 GMT+0200 (CEST) >>> One point I just tested/checked was what happens if I configure a new >>> source that isn't yet sending flow samples. This caused the graphs to >>> stop updating (and broke those on the details page) in previous versions >>> of nfsen .. and is still the case. >>> nfdump-snapshot-20060413 >>> nfsen-snapshot-20060412 > ok - I put that on the bug list. I will have a look into that. Just to add to this. Last night I re-enabled this source (uncommented in nfsen.conf & did a reconfig) after flows started to be sent to the collector. The "structure" (directories/rrds) were still there from when I added it before (and it hung the updating of the graphs etc), and the reconfig noticed & mentioned it. After ~10 hours, nothing shows up on the graphs for that new source (just showing that source in the details page, to get over any scaling issues), but the statistics table on the same page is showing up suitable counters (eg 68Kpps, 210Mbps) for the source. The relevant PROFILEDATA directory has data in it (I confirmed it is expected data, using nfdump), so it looks like there is some issue with the RRD files getting updated. I don't want to rebuild the live profile (currently standing at nearly 800GB of data), as that would take "a little while" ;) I'm guessing there is no way to rebuild a single source (ie rebuild the RRD file)? In liu of that, I'm going to try unconfiguring (commenting-out in config) the new source, deleting the rrdfile and then reconfiguring, to see if that "wakes it up" :) >>> Oh - I'd like to thank you for the port-tracker plugin aswell .. it's >>> giving us some interesting data, and highlights traffic spikes / >>> significant DoSes nicely! I can think of some feature suggestions, but I >>> am sure you have a list as long as your arm (and more :) > > No problem - just send me your ideas. Input is welcomed any time :) OK - I'll have a bit more of a think and punt something across later on. Cheers Ivan - -- Ivan Beveridge <iv...@li...> http://www.linx.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEY0GIQQZN5jq7vncRAkGNAJ9jwLKfWCdDeKnK6Atwy4wzWbbOXACdEki5 f3laILlsVConaxlRola9+qw= =pRlC -----END PGP SIGNATURE----- |
