[Nfdump-discuss] Fwd: Re: nfdump on Centos 6 problem

Tue, 28 May 2013 10:57:05 -0700 

Hello everyone

I found the problem.

The router's configuration had:

interface Loopback0
ip address 10.10.0.1 255.255.255.255
!
interface GigabitEthernet0/0
ip address 192.168.168.20 255.255.255.0
ip flow ingress
!
ip flow-export source loopback0
ip flow-export version 9
ip flow-export destination 192.168.168.10 9996

The Centos interface configuration:

# ifconfig eth2
inet addr:192.168.168.10 Bcast:192.168.168.255 Mask:255.255.255.0
Gi0/0 from router and eth2 from Centos are in the same network, in order to test, in the router configuration, I have changed to: 

ip flow-export source GigabitEthernet0/0

and nfdump saves data now.
The problem is solved, but I don't understand why that happen, Centos can ping both interfaces. 

# ping 10.10.0.1
PING 10.10.0.1 (10.10.0.1) 56(84) bytes of data.
64 bytes from 10.10.0.1: icmp_seq=1 ttl=254 time=7.09 ms
64 bytes from 10.10.0.1: icmp_seq=2 ttl=254 time=10.0 ms

# ping 192.168.168.20
PING 192.168.168.20 (192.168.168.20) 56(84) bytes of data.
64 bytes from 192.168.168.20: icmp_seq=1 ttl=255 time=98.7 ms
64 bytes from 192.168.168.20: icmp_seq=2 ttl=255 time=45.3 ms

Thanks

Saludos,

Fabián


El 2013-05-24 02:35, Evgheni Dereveanchin escribió:


Hi Fabian,
I use nfdump 1.6.10 & nfsen 1.3.6-p1 on CentOS 6 minimal without any issues. 

The preparation steps are:

1)yum install httpd php wget gcc make rrdtool-devel flex byacc

2)edit /etc/selinux/config -- set SELINUX=disabled
3)iptables -I INPUT -p udp -m state --state NEW -m udp --dport 9995 -j ACCEPT 

change the port to the one you need ^

4)/etc/init.d/iptables save

5)chkconfig httpd on

6)Reboot the machine to disable SElinux completely.

7)Install nfdump and nfsen

8)Start nfsen, open it in web browser

Regards,

Evgheni

*From:*Fabián Mejía [mailto:ing.fabianme...@gmail.com]
*Sent:* 23 May 2013 18:19
*To:* nfdump-discuss@lists.sourceforge.net
*Subject:* [Nfdump-discuss] nfdump on Centos 6 problem

Hello all
I installed nfdump-1.6.10 and nfsen-1.3.6p1 on Centos 6. I started on a minimal installation. After, all dependencies was installed with yum from regular Centos repository and some packet from epel repository (flow-tools). 
My router is sending netflow data to 9996 udp port.
nfsen seems to work well, I can see graphs from live profile but without data. I think nfdump do not work well, because iptables and ip6tables are stopped on the server, SELinux is in disabled mode and tcpdump shows received packets but nfdump saves empty files: 

# tcpdump -i eth2 -n udp port 9996
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
15:57:28.220558 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 72 15:57:55.213269 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 168 15:58:22.229552 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 168 15:58:49.207766 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 168 15:59:16.194815 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 120 15:59:28.197556 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 120 

# ls -al
total 96
drwxr-xr-x. 2 apache apache 4096 may 22 16:25 .
drwxrwxr-x. 3 apache apache 4096 may 22 16:25 ..
-rw-r--r--. 1 apache apache  276 may 22 14:40 nfcapd.201305221435
-rw-r--r--. 1 apache apache  276 may 22 14:45 nfcapd.201305221440
-rw-r--r--. 1 apache apache  276 may 22 14:50 nfcapd.201305221445
-rw-r--r--. 1 apache apache  276 may 22 14:55 nfcapd.201305221450
-rw-r--r--. 1 apache apache  276 may 22 15:00 nfcapd.201305221455
-rw-r--r--. 1 apache apache  276 may 22 15:05 nfcapd.201305221500
-rw-r--r--. 1 apache apache  276 may 22 15:10 nfcapd.201305221505
-rw-r--r--. 1 apache apache  276 may 22 15:15 nfcapd.201305221510
-rw-r--r--. 1 apache apache  276 may 22 15:20 nfcapd.201305221515
-rw-r--r--. 1 apache apache  276 may 22 15:25 nfcapd.201305221520
-rw-r--r--. 1 apache apache  276 may 22 15:30 nfcapd.201305221525
-rw-r--r--. 1 apache apache  276 may 22 15:35 nfcapd.201305221530
-rw-r--r--. 1 apache apache  276 may 22 15:40 nfcapd.201305221535
-rw-r--r--. 1 apache apache  276 may 22 15:45 nfcapd.201305221540
-rw-r--r--. 1 apache apache  276 may 22 15:50 nfcapd.201305221545
-rw-r--r--. 1 apache apache  276 may 22 15:55 nfcapd.201305221550
-rw-r--r--. 1 apache apache  276 may 22 16:00 nfcapd.201305221555
-rw-r--r--. 1 apache apache  276 may 22 16:05 nfcapd.201305221600
-rw-r--r--. 1 apache apache  276 may 22 16:10 nfcapd.201305221605
-rw-r--r--. 1 apache apache  276 may 22 16:15 nfcapd.201305221610
-rw-r--r--. 1 apache apache  276 may 22 16:20 nfcapd.201305221615
-rw-r--r--. 1 apache apache  276 may 22 16:25 nfcapd.201305221620


# nfdump -r nfcapd.201305221620 'any'
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 
No matched flows


I found this similar issue in this list but it is no solved:

http://sourceforge.net/mailarchive/forum.php?thread_name=1364867767.65514.YahooMailNeo%40web122006.mail.ne1.yahoo.com&forum_name=nfdump-discuss

Does anybody know the solution?

Anyhelp is welcome.


Saludos,
Fabián 




------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to