#32 problem with " no service activity detected"

[msiwinski]

Got problem with runing NFSIGHt, on wwwI get info

The database is empty for the date of today. Is the back-end script properly configured and running?
The hourly database cleaning task did not run over the past hour. Is the cron job correctly running?

in /var/log/messages/

Jan 16 19:55:36 NFSEN nfsen[20230]: nfsight plugin: no service activity detected
Jan 16 19:55:36 NFSEN nfsen[20230]: nfsight plugin: running expire_log with max_volume: 0

in /data/nfsen/etc/nfsen.conf
@plugins = (
[ 'live','PortTracker' ],
[ 'live', 'SURFmap' ],
[ '*', 'nfsight' ],
[ '*', 'flowdoh' ],
);

%PluginConf = (
# For plugin demoplugin
demoplugin => {
# scalar
param2 => 42,
# hash
param1 => { 'key' => 'value' },
},
# for plugin otherplugin
otherplugin => [.
# array
'mary had a little lamb'.
],

path to nfsight main directory

nfsight => {
path => "/data/nfsen/plugins/nfsight",
expiration => "180",
max_volume => "",
processing_timer => "",
network => {
"10.0.0.0" => "16",
},
scanner_limit => "5",
bidirectional_via_nfdump => "",
print_int_scanner => "1",
print_ext_scanner => "1",
print_int_client => "0",
print_ext_client => "0",
print_int_server => "1",
print_ext_server => "0",
print_int_invalid => "0",
print_ext_invalid => "0",
sql_host => "127.0.0.1",
sql_port => "3306",
sql_user => "root",
sql_pass => "",
sql_db => "nfsight",
},
);

path to www "/var/www/nfsen/nfsight"
in crontab I got two lines :
06 * * /usr/bin/wget --no-check-certificate -q -O - http://127.0.0.1/plugins/frontend/aggregate.php
06 * * /usr/bin/wget --no-check-certificate -q -O - http://management:aggregate@127.0.0.1/nfsen/nfsight/aggregate.php

How can I run backend properly?
What causes the problem. I can even give You access to my Lab-server to verify whats the problem

[Anonymous]

You dont show your complete %PluginConf.
Is it safe to assume you have the nfsight config entered properly?

With that said though, I'm having the same exact problem and everything is configured fine as far as I can tell.

[Anonymous]

Is any news on this ticket?
I'm having same problem.
I think that problem in authentication on poge - then i do

wget http://management:aggregate@127.0.0.1/nfsen/nfsight/aggregate.php
result is :

Your are not authenticated or your session has expired. Please sign in by clicking here

[Anonymous]

I'm having same problem.
Please input news. Tks!

[Anonymous]

I have the same problem.
nfsen.conf is like this:
$BASEDIR = "/usr/local/nfsen";

$BINDIR="${BASEDIR}/bin";

$LIBEXECDIR="${BASEDIR}/libexec";

$CONFDIR="${BASEDIR}/etc";

$HTMLDIR = "/var/www/html/nfsen/";

$DOCDIR="${HTMLDIR}/doc";

$VARDIR="${BASEDIR}/var";

$PROFILESTATDIR="${BASEDIR}/profiles-stat";

$PROFILEDATADIR="${BASEDIR}/profiles-data";

$BACKEND_PLUGINDIR="${BASEDIR}/plugins";

$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";

$PREFIX = '/usr/local/bin';

$USER = "apache";

$WWWUSER = "apache";
$WWWGROUP = "apache";

$BUFFLEN = 200000;

$SUBDIRLAYOUT = 1;

$ZIPcollected = 1;

$ZIPprofiles = 1;

$PROFILERS = 2;

$DISKLIMIT = 98;

$PROFILERS = 6;

%sources = (
);

$low_water = 90;

$syslog_facility = 'local3';

@plugins = (
['*','nfsight'],
);

%PluginConf = (
nfsight => {
path => "/var/www/html/nfsen/plugins/nfsight",
expiration => "180",
processing_timer => "",
network => {
"10.0.0.0" => "16",
},
scanner_limit => "5",
bidirectional_via_nfdump => "",
print_int_scanner => "1",
print_ext_scanner => "1",
print_int_client => "1",
print_ext_client => "1",
print_int_server => "1",
print_ext_server => "1",
print_int_invalid => "1",
print_ext_invalid => "1",
sql_host => "127.0.0.1",
sql_port => "3306",
sql_user => "root",
sql_pass => "",
sql_db => "nfsight",
},
demoplugin => {
param2 => 42,
param1 => { 'key' => 'value' },
},
otherplugin => [
'mary had a little lamb'
],
);

$MAIL_FROM = 'your@from.example.net';

$SMTP_SERVER = 'localhost';

$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};

1;

/var/log/message
Oct 22 10:16:25 CentOS nfcapd[10063]: Process_v5: New exporter: SysID: 1, engine id 0, type 0, IP: 127.0.0.1, Sampling Mode: 0, Sampling Interval: 1
Oct 22 10:20:10 CentOS nfcapd[10063]: Ident: 'upstream1' Flows: 10, Packets: 33, Bytes: 3045, Sequence Errors: 0, Bad Packets: 0
Oct 22 10:20:10 CentOS nfcapd[10063]: Total ignored packets: 0
Oct 22 10:20:15 CentOS nfsen[10065]: 0 channels/alerts to profile
Oct 22 10:20:15 CentOS nfsen[10065]: Update profile live in group .
Oct 22 10:20:16 CentOS nfsen[10159]: Plugin Cycle: Time: 201510221015, Profile: live, Group: ., Module: nfsight,
Oct 22 10:20:16 CentOS nfsen[10159]: nfsight plugin: no service activity detected

nfsight can collect data in this file.
[root@CentOS nfsight]# pwd
/var/www/html/nfsen/plugins/nfsight
[root@CentOS nfsight]# ll
total 0
-rwxrwxrwx. 1 apache apache 0 Oct 22 10:25 bayesian.data
-rwxrwxrwx. 1 apache apache 0 Oct 22 10:15 nfsight_201510221010.biflow
-rwxrwxrwx. 1 apache apache 0 Oct 22 10:15 nfsight_201510221010.service
-rw-r--r--. 1 apache apache 0 Oct 22 10:20 nfsight_201510221015.biflow
-rw-r--r--. 1 apache apache 0 Oct 22 10:20 nfsight_201510221015.service
-rw-r--r--. 1 apache apache 0 Oct 22 10:25 nfsight_201510221020.biflow
-rw-r--r--. 1 apache apache 0 Oct 22 10:25 nfsight_201510221020.service
[root@CentOS nfsight]#

but mysql is empty.
mysql> use nfsight;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql>
mysql>
mysql> show tables
-> ;
+-----------------------+
| Tables_in_nfsight |
+-----------------------+
| aggregation_log |
| alert |
| log |
| preferred_subnet |
| server_discovery |
| server_discovery_day |
| server_discovery_hour |
| user |
| whitelist |
+-----------------------+
9 rows in set (0.00 sec)

mysql> select * from server_discovery
-> ;
Empty set (0.00 sec)

mysql>

[Anonymous]

Having same problem, my config is the same as all the above

[Anonymous]

I have the same problem, and in the httpd error I have noted the cat command find nonexistent file with a different time.... I have set a same time zone in php.in and in configurations file.

[Ralf Schultz]

The problem is in the documentation, I had the same problem, until I realized that the networks you specify in nfsen.comf, is the networks you have on your site, e.g. your PA/PI addresses.

Your normally don't have rfc1918 traffic in your netflow data, so choosing 10.0.0.0/16 in the example conf isn't an optimal choice, 198.51.100.0/24 would probably have been better, as this is reserved for documentation, and it hints, that your "internal" nets is those addresses you have exposed towards the Internet.