Got problem with runing NFSIGHt, on wwwI get info
The database is empty for the date of today. Is the back-end script properly configured and running?
The hourly database cleaning task did not run over the past hour. Is the cron job correctly running?
in /var/log/messages/
Jan 16 19:55:36 NFSEN nfsen[20230]: nfsight plugin: no service activity detected
Jan 16 19:55:36 NFSEN nfsen[20230]: nfsight plugin: running expire_log with max_volume: 0
in /data/nfsen/etc/nfsen.conf
@plugins = (
[ 'live','PortTracker' ],
[ 'live', 'SURFmap' ],
[ '*', 'nfsight' ],
[ '*', 'flowdoh' ],
);
%PluginConf = (
# For plugin demoplugin
demoplugin => {
# scalar
param2 => 42,
# hash
param1 => { 'key' => 'value' },
},
# for plugin otherplugin
otherplugin => [.
# array
'mary had a little lamb'.
],
nfsight => {
path => "/data/nfsen/plugins/nfsight",
expiration => "180",
max_volume => "",
processing_timer => "",
network => {
"10.0.0.0" => "16",
},
scanner_limit => "5",
bidirectional_via_nfdump => "",
print_int_scanner => "1",
print_ext_scanner => "1",
print_int_client => "0",
print_ext_client => "0",
print_int_server => "1",
print_ext_server => "0",
print_int_invalid => "0",
print_ext_invalid => "0",
sql_host => "127.0.0.1",
sql_port => "3306",
sql_user => "root",
sql_pass => "",
sql_db => "nfsight",
},
);
path to www "/var/www/nfsen/nfsight"
in crontab I got two lines :
06 * * /usr/bin/wget --no-check-certificate -q -O - http://127.0.0.1/plugins/frontend/aggregate.php
06 * * /usr/bin/wget --no-check-certificate -q -O - http://management:aggregate@127.0.0.1/nfsen/nfsight/aggregate.php
How can I run backend properly?
What causes the problem. I can even give You access to my Lab-server to verify whats the problem
Anonymous
You dont show your complete %PluginConf.
Is it safe to assume you have the nfsight config entered properly?
With that said though, I'm having the same exact problem and everything is configured fine as far as I can tell.
Is any news on this ticket?
I'm having same problem.
I think that problem in authentication on poge - then i do
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
I'm having same problem.
Please input news. Tks!
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
I have the same problem.
nfsen.conf is like this:
$BASEDIR = "/usr/local/nfsen";
$BINDIR="${BASEDIR}/bin";
$LIBEXECDIR="${BASEDIR}/libexec";
$CONFDIR="${BASEDIR}/etc";
$HTMLDIR = "/var/www/html/nfsen/";
$DOCDIR="${HTMLDIR}/doc";
$VARDIR="${BASEDIR}/var";
$PROFILESTATDIR="${BASEDIR}/profiles-stat";
$PROFILEDATADIR="${BASEDIR}/profiles-data";
$BACKEND_PLUGINDIR="${BASEDIR}/plugins";
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
$PREFIX = '/usr/local/bin';
$USER = "apache";
$WWWUSER = "apache";
$WWWGROUP = "apache";
$BUFFLEN = 200000;
$SUBDIRLAYOUT = 1;
$ZIPcollected = 1;
$ZIPprofiles = 1;
$PROFILERS = 2;
$DISKLIMIT = 98;
$PROFILERS = 6;
%sources = (
);
$low_water = 90;
$syslog_facility = 'local3';
@plugins = (
['*','nfsight'],
);
%PluginConf = (
nfsight => {
path => "/var/www/html/nfsen/plugins/nfsight",
expiration => "180",
processing_timer => "",
network => {
"10.0.0.0" => "16",
},
scanner_limit => "5",
bidirectional_via_nfdump => "",
print_int_scanner => "1",
print_ext_scanner => "1",
print_int_client => "1",
print_ext_client => "1",
print_int_server => "1",
print_ext_server => "1",
print_int_invalid => "1",
print_ext_invalid => "1",
sql_host => "127.0.0.1",
sql_port => "3306",
sql_user => "root",
sql_pass => "",
sql_db => "nfsight",
},
demoplugin => {
param2 => 42,
param1 => { 'key' => 'value' },
},
otherplugin => [
'mary had a little lamb'
],
);
$MAIL_FROM = 'your@from.example.net';
$SMTP_SERVER = 'localhost';
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
1;
/var/log/message
Oct 22 10:16:25 CentOS nfcapd[10063]: Process_v5: New exporter: SysID: 1, engine id 0, type 0, IP: 127.0.0.1, Sampling Mode: 0, Sampling Interval: 1
Oct 22 10:20:10 CentOS nfcapd[10063]: Ident: 'upstream1' Flows: 10, Packets: 33, Bytes: 3045, Sequence Errors: 0, Bad Packets: 0
Oct 22 10:20:10 CentOS nfcapd[10063]: Total ignored packets: 0
Oct 22 10:20:15 CentOS nfsen[10065]: 0 channels/alerts to profile
Oct 22 10:20:15 CentOS nfsen[10065]: Update profile live in group .
Oct 22 10:20:16 CentOS nfsen[10159]: Plugin Cycle: Time: 201510221015, Profile: live, Group: ., Module: nfsight,
Oct 22 10:20:16 CentOS nfsen[10159]: nfsight plugin: no service activity detected
nfsight can collect data in this file.
[root@CentOS nfsight]# pwd
/var/www/html/nfsen/plugins/nfsight
[root@CentOS nfsight]# ll
total 0
-rwxrwxrwx. 1 apache apache 0 Oct 22 10:25 bayesian.data
-rwxrwxrwx. 1 apache apache 0 Oct 22 10:15 nfsight_201510221010.biflow
-rwxrwxrwx. 1 apache apache 0 Oct 22 10:15 nfsight_201510221010.service
-rw-r--r--. 1 apache apache 0 Oct 22 10:20 nfsight_201510221015.biflow
-rw-r--r--. 1 apache apache 0 Oct 22 10:20 nfsight_201510221015.service
-rw-r--r--. 1 apache apache 0 Oct 22 10:25 nfsight_201510221020.biflow
-rw-r--r--. 1 apache apache 0 Oct 22 10:25 nfsight_201510221020.service
[root@CentOS nfsight]#
but mysql is empty.
mysql> use nfsight;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql>
mysql>
mysql> show tables
-> ;
+-----------------------+
| Tables_in_nfsight |
+-----------------------+
| aggregation_log |
| alert |
| log |
| preferred_subnet |
| server_discovery |
| server_discovery_day |
| server_discovery_hour |
| user |
| whitelist |
+-----------------------+
9 rows in set (0.00 sec)
mysql> select * from server_discovery
-> ;
Empty set (0.00 sec)
mysql>
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Having same problem, my config is the same as all the above
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
I have the same problem, and in the httpd error I have noted the cat command find nonexistent file with a different time.... I have set a same time zone in php.in and in configurations file.
The problem is in the documentation, I had the same problem, until I realized that the networks you specify in nfsen.comf, is the networks you have on your site, e.g. your PA/PI addresses.
Your normally don't have rfc1918 traffic in your netflow data, so choosing 10.0.0.0/16 in the example conf isn't an optimal choice, 198.51.100.0/24 would probably have been better, as this is reserved for documentation, and it hints, that your "internal" nets is those addresses you have exposed towards the Internet.