Re: [Nfsen-discuss] NFSen Timeslot

2021-03-09 Thread Pieter Bezuidenhout (P) 
Brian,

Thanks. Was a problem with my paths to the stylesheets and javascripts. After 
fixing that ,all was working.


Thanks again

Pieter
= This e-mail and its contents are subject to the Telkom SA SOC Ltd. E-mail 
legal notice http://www.telkom.co.za/TelkomEMailLegalNotice.PDF =
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NFSen Timeslot

2021-03-09 Thread Brian Candler 

On 09/03/2021 06:48, Pieter Bezuidenhout (P) wrote:
There is no arrow to move  with either Time Window or Timeslot. One 
can also not change the tstart/tend values on the right


1. In Network view in developer console, are there any 4xx or 5xx errors 
from page fetches? I see all status 200, mostly PNGs, but there are a 
few javascript files: global.js, menu.js, detail.js


2. In Javascript console view, do you see any errors? I see none.

3. Look at where it says Select , right 
click on the drop-down and select Inspect.  Then look in the Elements 
tab for what it shows.


I see:

onchange="SetCursorMode(1615194300, 1615280700, 1529856300, 1615237500, 
1615237500,576, 67)" size="1">

Single Timeslot
Time Window
            


Regards,

Brian.

___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NFSen Timeslot

2021-03-08 Thread Pieter Bezuidenhout (P) 
Do you have javascript disabled?
No

Does the time bar actually move, and update t^start / t^end, when you
drag the little arrow at the bottom?
No, it does not even appear as in my previous installation. Arrow not there.

Can you open your brower's developer console, go to the 'network' tab,
and see what I/O if any is generated when you move or attempt to move
the bar?
Nothing gets generated

When you select between Time Window and Single Timeslot, does this cause
a page refresh?  (It should)
No refresh taking place

Other
There is no arrow to move  with either Time Window or Timeslot. One can also 
not change the tstart/tend values on the right

[cid:05776bfe-3ea7-4858-8a3a-985548566852]
= This e-mail and its contents are subject to the Telkom SA SOC Ltd. E-mail 
legal notice http://www.telkom.co.za/TelkomEMailLegalNotice.PDF =
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NFSen Timeslot

2021-03-08 Thread Brian Candler 

On 08/03/2021 14:18, nfsen-discuss-requ...@lists.sourceforge.net wrote:

Did a new install of NFSen & NFDump. On the new install it do not allow me to 
select a time on the graph or specify a time window. Any ideas what could cause 
this ?


Do you have javascript disabled?

Does the time bar actually move, and update t^start / t^end, when you 
drag the little arrow at the bottom?


Can you open your brower's developer console, go to the 'network' tab, 
and see what I/O if any is generated when you move or attempt to move 
the bar?


When you select between Time Window and Single Timeslot, does this cause 
a page refresh?  (It should)




___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-26 Thread Adrian Popa 
Having a lower expire time shouldn't influence the nfsen graphs, but it
will create more netflow traffic and netflow data will take up more disk
space. So, there's no advantage of having a lower expire time. Data is
still processed every 5 minutes.

On Thu, Apr 23, 2020 at 5:58 PM Roberto Carna 
wrote:

> Dear all, let me ask you a last question:
>
> You say nfsen cycletime (frequency to put data to graphs) is 5 minutes.
>
> What happens if I set the active flow timeout to 1 minute in the source
> router??? Using 1 minute or 5 minutes in the source router is the same
> result from the nfsen graphs point of view???
>
> Special thanks !!!
>
> El mar., 21 abr. 2020 a las 12:49, Roberto Carna (<
> robertocarn...@gmail.com>) escribió:
>
>> Thanks a lot to all of you.
>>
>> Regards!!!
>>
>> El mar., 21 abr. 2020 a las 12:06, Giles Coochey ()
>> escribió:
>>
>>>
>>> On 21/04/2020 15:45, Roberto Carna wrote:
>>> > Hi Giles, I'll read them right now.
>>> >
>>> > But from nfsen side, is it possible to change 5 minutes cycle time to
>>> > a lower value, let's say 1 minute ??? I mean the interval that Nfsen
>>> > writes the data to the graphs.
>>> >
>>> > Thanks again, regards !!!
>>>
>>> It needs to be done on the router side. Nfsen will not know about the
>>> flow stats until the router sends detail about it. So the timeout has to
>>> happen on the router, you can set the value on the router to 60 seconds
>>> if you wish to get upto the minute flow information, but Nfsen will, by
>>> default, only update every 5 minutes anyway.
>>>
>>> Netflow and SNMP are two very different things, with SNMP only looking
>>> at packet counters, whereas, Netflow providing flow information, the two
>>> graphs will never look exactly the same.
>>>
>>> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-23 Thread Roberto Carna 
Dear all, let me ask you a last question:

You say nfsen cycletime (frequency to put data to graphs) is 5 minutes.

What happens if I set the active flow timeout to 1 minute in the source
router??? Using 1 minute or 5 minutes in the source router is the same
result from the nfsen graphs point of view???

Special thanks !!!

El mar., 21 abr. 2020 a las 12:49, Roberto Carna ()
escribió:

> Thanks a lot to all of you.
>
> Regards!!!
>
> El mar., 21 abr. 2020 a las 12:06, Giles Coochey ()
> escribió:
>
>>
>> On 21/04/2020 15:45, Roberto Carna wrote:
>> > Hi Giles, I'll read them right now.
>> >
>> > But from nfsen side, is it possible to change 5 minutes cycle time to
>> > a lower value, let's say 1 minute ??? I mean the interval that Nfsen
>> > writes the data to the graphs.
>> >
>> > Thanks again, regards !!!
>>
>> It needs to be done on the router side. Nfsen will not know about the
>> flow stats until the router sends detail about it. So the timeout has to
>> happen on the router, you can set the value on the router to 60 seconds
>> if you wish to get upto the minute flow information, but Nfsen will, by
>> default, only update every 5 minutes anyway.
>>
>> Netflow and SNMP are two very different things, with SNMP only looking
>> at packet counters, whereas, Netflow providing flow information, the two
>> graphs will never look exactly the same.
>>
>>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Roberto Carna 
Thanks a lot to all of you.

Regards!!!

El mar., 21 abr. 2020 a las 12:06, Giles Coochey ()
escribió:

>
> On 21/04/2020 15:45, Roberto Carna wrote:
> > Hi Giles, I'll read them right now.
> >
> > But from nfsen side, is it possible to change 5 minutes cycle time to
> > a lower value, let's say 1 minute ??? I mean the interval that Nfsen
> > writes the data to the graphs.
> >
> > Thanks again, regards !!!
>
> It needs to be done on the router side. Nfsen will not know about the
> flow stats until the router sends detail about it. So the timeout has to
> happen on the router, you can set the value on the router to 60 seconds
> if you wish to get upto the minute flow information, but Nfsen will, by
> default, only update every 5 minutes anyway.
>
> Netflow and SNMP are two very different things, with SNMP only looking
> at packet counters, whereas, Netflow providing flow information, the two
> graphs will never look exactly the same.
>
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Giles Coochey 



On 21/04/2020 15:45, Roberto Carna wrote:

Hi Giles, I'll read them right now.

But from nfsen side, is it possible to change 5 minutes cycle time to 
a lower value, let's say 1 minute ??? I mean the interval that Nfsen 
writes the data to the graphs.


Thanks again, regards !!!


It needs to be done on the router side. Nfsen will not know about the 
flow stats until the router sends detail about it. So the timeout has to 
happen on the router, you can set the value on the router to 60 seconds 
if you wish to get upto the minute flow information, but Nfsen will, by 
default, only update every 5 minutes anyway.


Netflow and SNMP are two very different things, with SNMP only looking 
at packet counters, whereas, Netflow providing flow information, the two 
graphs will never look exactly the same.




___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Roberto Carna 
Hi Giles, I'll read them right now.

But from nfsen side, is it possible to change 5 minutes cycle time to a
lower value, let's say 1 minute ??? I mean the interval that Nfsen writes
the data to the graphs.

Thanks again, regards !!!

El mar., 21 abr. 2020 a las 10:57, Giles Coochey ()
escribió:

> This might help:
>
>
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/xe-16/nf-xe-16-book/nflow-filt-samp-traff-xe.html#GUID-811CA1DB-CFBF-4656-BD9E-12F47AF5FFD3
>
> or if using Flexible netflow
>
>
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/use-fnflow-redce-cpu.html#GUID-7BC9-0C2C-4A11-912B-B844F4A43C58
>
> If you are not using Cisco, but your software emulates the cisco type
> configuration methods, then the above may still apply.
> On 21/04/2020 14:46, Roberto Carna wrote:
>
> OK, I understandlet me ask you a lst question please:
>
> Where should I configure the sampling time in nfsen? I mean the frequency
> that nfsen writes the flow data in the graphs.
>
> Thanks a lot again!!!
>
> El mar., 21 abr. 2020 a las 10:37, Giles Coochey ()
> escribió:
>
>> On 21/04/2020 14:09, Roberto Carna wrote:
>>
>> Dear all, thanks for your comments. I think the netflow configuration
>> from my router lets flows last more than 5 minutes, so I have spikes in my
>> graphs as you said.
>>
>> This is my netflow router config, please can you tell me if you can see
>> the flow timeout value in order to adjust it???
>>
>> #sh ip flow export template
>> Template Options Flag = 0
>> Total number of Templates added = 1
>> Total active Templates = 0
>> Flow Templates active = 0
>> Flow Templates added = 0
>> Option Templates active = 0
>> Option  Templates added = 1
>> Template ager polls = 0
>> Option Template ager polls = 38535501
>> Main cache version 9 export is enabled
>> Template export information
>> Template timeout = 30
>> Template refresh rate = 20
>> Option export information
>> Option timeout = 30
>> Option refresh rate = 20
>> #sh ip cache flow IP packet size distribution (107758M total packets):
>> IP Flow Switching Cache, 0 bytes
>> 3773 active, 196227 inactive, 1293394830 added
>> 52708905 ager polls, 0 flow alloc failures
>> Active flows timeout in 30 minutes
>> Inactive flows timeout in 15 seconds
>> last clearing of statistics never
>>
>> It does depend on (a) the version of software you are using and (b) how
>> you have chosen to configure Netflow.
>>
>> For instance recently versions of Cisco IOS allow for configuring Netflow
>> as it used to be configured, or in a way known as "Flexible Netflow".
>>
>> Look for something like "ip flow-cache timeout active"
>>
>> Or, if you have a section in your config called "flow monitor" look to
>> add "cache timeout active" to that section.
>>
>> Best to check the documentation for your router, it should be documented
>> there.
>>
>> --
>> Giles Coochey
>>
>> ___
>> Nfsen-discuss mailing list
>> Nfsen-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>
>
>
> ___
> Nfsen-discuss mailing 
> listNfsen-discuss@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
> --
> Giles Coochey
>
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Giles Coochey 

This might help:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/xe-16/nf-xe-16-book/nflow-filt-samp-traff-xe.html#GUID-811CA1DB-CFBF-4656-BD9E-12F47AF5FFD3

or if using Flexible netflow

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/use-fnflow-redce-cpu.html#GUID-7BC9-0C2C-4A11-912B-B844F4A43C58

If you are not using Cisco, but your software emulates the cisco type 
configuration methods, then the above may still apply.


On 21/04/2020 14:46, Roberto Carna wrote:

OK, I understandlet me ask you a lst question please:

Where should I configure the sampling time in nfsen? I mean the 
frequency that nfsen writes the flow data in the graphs.


Thanks a lot again!!!

El mar., 21 abr. 2020 a las 10:37, Giles Coochey (>) escribió:


On 21/04/2020 14:09, Roberto Carna wrote:

Dear all, thanks for your comments. I think the
netflow configuration from my router lets flows last more than 5
minutes, so I have spikes in my graphs as you said.

This is my netflow router config, please can you tell me if you
can see the flow timeout value in order to adjust it???

#sh ip flow export template
Template Options Flag = 0
Total number of Templates added = 1
Total active Templates = 0
Flow Templates active = 0
Flow Templates added = 0
Option Templates active = 0
Option  Templates added = 1
Template ager polls = 0
Option Template ager polls = 38535501
Main cache version 9 export is enabled
Template export information
Template timeout = 30
Template refresh rate = 20
Option export information
Option timeout = 30
Option refresh rate = 20
#sh ip cache flow IP packet size distribution (107758M total
packets):
IP Flow Switching Cache, 0 bytes
3773 active, 196227 inactive, 1293394830 added
52708905 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never


It does depend on (a) the version of software you are using and
(b) how you have chosen to configure Netflow.

For instance recently versions of Cisco IOS allow for configuring
Netflow as it used to be configured, or in a way known as
"Flexible Netflow".

Look for something like "ip flow-cache timeout active"

Or, if you have a section in your config called "flow monitor"
look to add "cache timeout active" to that section.

Best to check the documentation for your router, it should be
documented there.

-- 
Giles Coochey


___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
Giles Coochey

___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Roberto Carna 
OK, I understandlet me ask you a lst question please:

Where should I configure the sampling time in nfsen? I mean the frequency
that nfsen writes the flow data in the graphs.

Thanks a lot again!!!

El mar., 21 abr. 2020 a las 10:37, Giles Coochey ()
escribió:

> On 21/04/2020 14:09, Roberto Carna wrote:
>
> Dear all, thanks for your comments. I think the netflow configuration from
> my router lets flows last more than 5 minutes, so I have spikes in my
> graphs as you said.
>
> This is my netflow router config, please can you tell me if you can see
> the flow timeout value in order to adjust it???
>
> #sh ip flow export template
> Template Options Flag = 0
> Total number of Templates added = 1
> Total active Templates = 0
> Flow Templates active = 0
> Flow Templates added = 0
> Option Templates active = 0
> Option  Templates added = 1
> Template ager polls = 0
> Option Template ager polls = 38535501
> Main cache version 9 export is enabled
> Template export information
> Template timeout = 30
> Template refresh rate = 20
> Option export information
> Option timeout = 30
> Option refresh rate = 20
> #sh ip cache flow IP packet size distribution (107758M total packets):
> IP Flow Switching Cache, 0 bytes
> 3773 active, 196227 inactive, 1293394830 added
> 52708905 ager polls, 0 flow alloc failures
> Active flows timeout in 30 minutes
> Inactive flows timeout in 15 seconds
> last clearing of statistics never
>
> It does depend on (a) the version of software you are using and (b) how
> you have chosen to configure Netflow.
>
> For instance recently versions of Cisco IOS allow for configuring Netflow
> as it used to be configured, or in a way known as "Flexible Netflow".
>
> Look for something like "ip flow-cache timeout active"
>
> Or, if you have a section in your config called "flow monitor" look to add
> "cache timeout active" to that section.
>
> Best to check the documentation for your router, it should be documented
> there.
>
> --
> Giles Coochey
>
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Giles Coochey 

On 21/04/2020 14:09, Roberto Carna wrote:
Dear all, thanks for your comments. I think the netflow configuration 
from my router lets flows last more than 5 minutes, so I have spikes 
in my graphs as you said.


This is my netflow router config, please can you tell me if you can 
see the flow timeout value in order to adjust it???


#sh ip flow export template
Template Options Flag = 0
Total number of Templates added = 1
Total active Templates = 0
Flow Templates active = 0
Flow Templates added = 0
Option Templates active = 0
Option  Templates added = 1
Template ager polls = 0
Option Template ager polls = 38535501
Main cache version 9 export is enabled
Template export information
Template timeout = 30
Template refresh rate = 20
Option export information
Option timeout = 30
Option refresh rate = 20
#sh ip cache flow IP packet size distribution (107758M total packets):
IP Flow Switching Cache, 0 bytes
3773 active, 196227 inactive, 1293394830 added
52708905 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never


It does depend on (a) the version of software you are using and (b) how 
you have chosen to configure Netflow.


For instance recently versions of Cisco IOS allow for configuring 
Netflow as it used to be configured, or in a way known as "Flexible 
Netflow".


Look for something like "ip flow-cache timeout active"

Or, if you have a section in your config called "flow monitor" look to 
add "cache timeout active" to that section.


Best to check the documentation for your router, it should be documented 
there.


--
Giles Coochey

___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Roberto Carna 
Dear all, thanks for your comments. I think the netflow configuration from
my router lets flows last more than 5 minutes, so I have spikes in my
graphs as you said.

This is my netflow router config, please can you tell me if you can see the
flow timeout value in order to adjust it???

#sh ip flow export template
Template Options Flag = 0
Total number of Templates added = 1
Total active Templates = 0
Flow Templates active = 0
Flow Templates added = 0
Option Templates active = 0
Option  Templates added = 1
Template ager polls = 0
Option Template ager polls = 38535501
Main cache version 9 export is enabled
Template export information
Template timeout = 30
Template refresh rate = 20
Option export information
Option timeout = 30
Option refresh rate = 20
#sh ip cache flow IP packet size distribution (107758M total packets):
IP Flow Switching Cache, 0 bytes
3773 active, 196227 inactive, 1293394830 added
52708905 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never

El mar., 21 abr. 2020 a las 6:09, Giles Coochey ()
escribió:

>
> On 21/04/2020 08:59, Adrian Popa wrote:
>
> *2020-04-20 21:26:02.872  1546.520 UDP  200.41.181.78:1194 
>   <->  181.166.177.133:1194 
>  0   2133680  
> 125.1 M 2
>
> *
>
> This is the port used by OpenVPN. If most of your traffic is tunnelled via
> OpenVPN you won't see the individual flows inside that VPN.
>
> If you don't timeout flows every five minutes or so, this flow will only
> show up in your graphs when the flow ends.
>
> --
> Giles Coochey
>
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Giles Coochey 


On 21/04/2020 08:59, Adrian Popa wrote:
*2020-04-20 21:26:02.872 1546.520 UDP 200.41.181.78:1194 
 <-> 
181.166.177.133:1194  0 
213368 0 125.1 M 2 *


This is the port used by OpenVPN. If most of your traffic is tunnelled 
via OpenVPN you won't see the individual flows inside that VPN.


If you don't timeout flows every five minutes or so, this flow will only 
show up in your graphs when the flow ends.


--
Giles Coochey

___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Adrian Popa 
*2020-04-20 21:26:02.872  1546.520 UDP  200.41.181.78:1194
  <->
181.166.177.133:1194 
 0   2133680  125.1 M 2*

This looks like a long-lasting openvpn session. You need to force your
router to expire netflow data at most 5 minutes, and you would get
that flow segmented over different time slots.


On Tue, Apr 21, 2020 at 6:10 AM Roberto Carna 
wrote:

> I need to add that if I process a traffic request in a given simple
> timeslot, I always see a bidirectional flow with a big UDP traffic value
> corresponding to a different timeslot (in bold):
>
> Date first seen  Duration Proto  Src IP Addr:Port   Dst 
> IP Addr:Port   Out Pkt   In Pkt Out Byte  In Byte Flows
> 2020-04-20 21:51:44.796 0.000 UDP 200.63.169.126:47467 
>  <->  8.8.8.8:53 
>    020  
> 162 2
> 2020-04-20 21:51:51.092 0.072 TCP 200.63.169.116:32431 
>  <->   104.104.17.152:443 
>   0   220   
>   6544 2
> 2020-04-20 21:51:52.544 0.000 UDP 200.63.169.126:44829 
>  <->  8.8.8.8:53 
>    020  
> 162 2
> 2020-04-20 21:51:56.728 0.712 TCP 200.63.169.116:32432 
>  <->  52.55.59.20:443 
>   0   180   
>   5200 2
> 2020-04-20 21:52:11.996 0.000 UDP  200.41.181.76:24348 
>  <->  8.8.8.8:53 
>    020  
> 140 2*2020-04-20 21:26:02.872  1546.520 UDP  200.41.181.78:1194 
>   <->  181.166.177.133:1194 
>  0   2133680  
> 125.1 M 2*
> 2020-04-20 21:52:11.076 3.656 TCP 200.63.169.119:20002 
>  <->  200.70.32.2:8395 
>  0   900
> 15242 2
> 2020-04-20 21:52:10.124 0.000 UDP 200.63.169.126:48249 
>  <->  8.8.8.8:53 
>    020  
> 162 2
> 2020-04-20 21:51:50.992 0.000 UDP 200.63.169.126:51661 
>  <->  8.8.8.8:53 
>    020  
> 162 2
> 2020-04-20 21:52:00.912 0.028 TCP 200.63.169.116:32231 
>  <->   172.217.172.67:443 
>   080   
>742 2
> 2020-04-20 21:51:58.248 0.008 TCP 200.63.169.116:32407 
>  <->104.20.90.238:443 
>   040   
>238 2
>
> Why this behaviour is always present in the traffic requets??? Because nfsen 
> traffic values are not real at all for a given timeslot.
>
> Thanks again !!!
>
>
> El lun., 20 abr. 2020 a las 23:11, Roberto Carna (<
> robertocarn...@gmail.com>) escribió:
>
>> Dear, I have nfsen installed in a Debian box. It works OK.
>>
>> I have an Internet link with an ISP which give me two public IP blocks.
>>
>> So I've created a nfsen profile in order to measure the Internet link
>> traffic, in this way:
>>
>> Traffic IN: DST NET  OR DST NET 
>>
>> Traffic OUT: SRC NET  OR SRC NET 
>>
>> But the resulting traffic curve is not the same to the SNMP curve
>> obtained with my SNMP monitor software.
>>
>> Please can you tell me what can be wrong? Is it possible to obtain
>> similar traffic curves using nfsen and snmp?
>>
>> Special thanks !!!
>>
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-21 Thread Adrian Popa 
Netflow and SNMP measure two different things. SNMP measures layer2 traffic
with precision, while netflow measures layer3 traffic (mostly IPv4) without
precision. The precision loss is due to:
* sampling (maybe it's off for you)
* flow expire timers (a long-lasting flow - e.g. that lasts for hours, will
only expire when it ends and you will see a spike corresponding to the
whole session worth of data just in the end interval). On routers you can
force expire long lasting flows (ideally every 5 minutes).

So it's normal to see less netflow traffic than SNMP.

On Tue, Apr 21, 2020 at 5:12 AM Roberto Carna 
wrote:

> Dear, I have nfsen installed in a Debian box. It works OK.
>
> I have an Internet link with an ISP which give me two public IP blocks.
>
> So I've created a nfsen profile in order to measure the Internet link
> traffic, in this way:
>
> Traffic IN: DST NET  OR DST NET 
>
> Traffic OUT: SRC NET  OR SRC NET 
>
> But the resulting traffic curve is not the same to the SNMP curve obtained
> with my SNMP monitor software.
>
> Please can you tell me what can be wrong? Is it possible to obtain similar
> traffic curves using nfsen and snmp?
>
> Special thanks !!!
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen traffic curve is not similar to SNMP traffic curve

2020-04-20 Thread Roberto Carna 
I need to add that if I process a traffic request in a given simple
timeslot, I always see a bidirectional flow with a big UDP traffic value
corresponding to a different timeslot (in bold):

Date first seen  Duration Proto  Src IP Addr:Port
 Dst IP Addr:Port   Out Pkt   In Pkt Out Byte  In Byte Flows
2020-04-20 21:51:44.796 0.000 UDP 200.63.169.126:47467
 <->  8.8.8.8:53
   02
0  162 2
2020-04-20 21:51:51.092 0.072 TCP 200.63.169.116:32431
 <->
104.104.17.152:443 
0   220 6544 2
2020-04-20 21:51:52.544 0.000 UDP 200.63.169.126:44829
 <->  8.8.8.8:53
   02
0  162 2
2020-04-20 21:51:56.728 0.712 TCP 200.63.169.116:32432
 <->
52.55.59.20:443 
 0   180 5200 2
2020-04-20 21:52:11.996 0.000 UDP  200.41.181.76:24348
 <->  8.8.8.8:53
   02
0  140 2*2020-04-20 21:26:02.872  1546.520 UDP
200.41.181.78:1194   <->
 181.166.177.133:1194 
  0   2133680  125.1 M 2*
2020-04-20 21:52:11.076 3.656 TCP 200.63.169.119:20002
 <->
200.70.32.2:8395 
 0   90015242 2
2020-04-20 21:52:10.124 0.000 UDP 200.63.169.126:48249
 <->  8.8.8.8:53
   02
0  162 2
2020-04-20 21:51:50.992 0.000 UDP 200.63.169.126:51661
 <->  8.8.8.8:53
   02
0  162 2
2020-04-20 21:52:00.912 0.028 TCP 200.63.169.116:32231
 <->
172.217.172.67:443 
080  742 2
2020-04-20 21:51:58.248 0.008 TCP 200.63.169.116:32407
 <->
104.20.90.238:443 
   040  238 2

Why this behaviour is always present in the traffic requets??? Because
nfsen traffic values are not real at all for a given timeslot.

Thanks again !!!


El lun., 20 abr. 2020 a las 23:11, Roberto Carna ()
escribió:

> Dear, I have nfsen installed in a Debian box. It works OK.
>
> I have an Internet link with an ISP which give me two public IP blocks.
>
> So I've created a nfsen profile in order to measure the Internet link
> traffic, in this way:
>
> Traffic IN: DST NET  OR DST NET 
>
> Traffic OUT: SRC NET  OR SRC NET 
>
> But the resulting traffic curve is not the same to the SNMP curve obtained
> with my SNMP monitor software.
>
> Please can you tell me what can be wrong? Is it possible to obtain similar
> traffic curves using nfsen and snmp?
>
> Special thanks !!!
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen-ng

2019-10-15 Thread Leandro 

Alfredo , thanks for your feedback.
btw: Have you ever tryed to get 95th percentile on nfsen ?
This is my final goal ...
Regards.
Leo.

On 15/10/19 13:32, Alfredo Sola wrote:

nfs

Hi guys, anyone can share something about nfsen-ng ?
It seems to be up to time but can not find some pictures to see.
Does it have same features than old nfsen ?

I find it lacking essential features compared to the classic nfsen. 
Especially when you need to filter an refine something you are looking for.

I also find it cumbersome to setup.

I think it holds promise but until such time it gets to at least 
feature parity with the classic, I am staying with the classic.





___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen-ng

2019-10-15 Thread Alfredo Sola 


> Hi guys, anyone can share something about nfsen-ng ?
> It seems to be up to time but can not find some pictures to see.
> Does it have same features than old nfsen ? 

I find it lacking essential features compared to the classic nfsen. 
Especially when you need to filter an refine something you are looking for.

I also find it cumbersome to setup.

I think it holds promise but until such time it gets to at least 
feature parity with the classic, I am staying with the classic.

-- 
Alfredo Sola
https://www.tecnocratica.net




___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-16 Thread Brian Candler 

On 16/09/2019 12:51, Adrian Popa wrote:
The backend plugins work like that. Your plugin is called with the 
last 5 minute's worth of data pushed to it and you can manage/export 
it as you wish. The only requirement is to finish processing before 
the 5 minute mark, otherwise you'll have a positive feedback loop and 
may kill your server.


That's cool.  So all I'm saying is: keep or extend that plugin 
capability, rather than make major changes to nfcapd and/or nfdump to be 
able to connect to Elasticsearch and write to it.


(Adding an '-o json' option to nfdump would be fine though)


___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-16 Thread Adrian Popa 
Quote: What I'd suggest instead is a user hook when nfsend rolls over the
nfcapd files.  This could be used to submit the last 5 minute's worth of
flows to elasticsearch in bulk
,
or run custom alerting queries, or all sorts of other interesting things.

The backend plugins work like that. Your plugin is called with the last 5
minute's worth of data pushed to it and you can manage/export it as you
wish. The only requirement is to finish processing before the 5 minute
mark, otherwise you'll have a positive feedback loop and may kill your
server.

On Mon, Sep 16, 2019 at 2:44 PM Brian Candler  wrote:

> On 13/09/2019 12:20, nfsen-discuss-requ...@lists.sourceforge.net wrote:
>
>  * Something other than PHP :-)
>
>   I also dislike PHP and deem it as the BASIC of our times.
>
> And nfsen uses perl for its backend - possibly the FORTRAN of our times??
>
>
>   Another idea: adding to nfdump the ability to dump flows to an ELK 
> stack.
>
> Changing nfdump seems orthogonal to fixing nfsen.  The key differentiator
> of the nfcapd/nfdump/nfsen stack is that it writes to compact linear disk
> files - no database, simple setup, low resource requirements.
>
> What I'd suggest instead is a user hook when nfsend rolls over the nfcapd
> files.  This could be used to submit the last 5 minute's worth of flows to
> elasticsearch in bulk
> ,
> or run custom alerting queries, or all sorts of other interesting things.
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-16 Thread Brian Candler 

On 13/09/2019 12:20, nfsen-discuss-requ...@lists.sourceforge.net wrote:

  * Something other than PHP :-)

I also dislike PHP and deem it as the BASIC of our times.


And nfsen uses perl for its backend - possibly the FORTRAN of our times??



Another idea: adding to nfdump the ability to dump flows to an ELK 
stack.


Changing nfdump seems orthogonal to fixing nfsen.  The key 
differentiator of the nfcapd/nfdump/nfsen stack is that it writes to 
compact linear disk files - no database, simple setup, low resource 
requirements.


What I'd suggest instead is a user hook when nfsend rolls over the 
nfcapd files.  This could be used to submit the last 5 minute's worth of 
flows to elasticsearch in bulk 
, 
or run custom alerting queries, or all sorts of other interesting things.


___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-13 Thread Peter Krüpl 
Hi,

What i have been missing for so long, is the ability to create profiles from 
profiles.

I might have narrowed down 
what i want to look for but then i would like to narrow i further… That means 
sifting through the live profile again,
that potentially is a lot of data.

I really like the nfdump storage in files. It is simple easy, and rock solid. 
Maybe they could be spiced up with some
additional external indexing features, letting the new nysen skip files that 
with certainty do not contain what is searched for.
And performance wise, it would help a lot to process the files in parallel 
(using the existing nfdump tools).

I’m all for python, and flask seems like a good lightweight choice. But maybe 
Django could bring a lot of other useful stuff
to the table… users, groups authentication etc.. 


Med venlig hilsen / Kind Regards
Peter Krüpl, pe...@krupl.net


> On 13 Sep 2019, at 12.24, Alfredo Sola  
> wrote:
> 
> 
>   Hello,
> 
>   Since we are discussing ideas, I felt I'd chime in.
> 
>> * Something other than PHP :-)
> 
>   I also dislike PHP and deem it as the BASIC of our times. However, it 
> is easy for everybody to setup and it is easy to find hands to work with it. 
> So I wouldn’t avoid PHP just for the sake of it. Having said that, perhaps a 
> nice alternative would be Python, for example using the Flask module. I would 
> avoid node.js; I feel it is something else to keep away from, and for the 
> same reasons as PHP (or BASIC).
> 
>   If we stick to PHP, there is this project which perhaps could be the 
> basis for a nice nfsen replacement. It just needs to take it to feature 
> completeness and a better finish:
>   https://github.com/mbolli/nfsen-ng
> 
>> * Integration into data store back ends or graphing systems
> 
>   Another idea: adding to nfdump the ability to dump flows to an ELK 
> stack. It will probably use way less resources than Logstash does. That would 
> be useful by itself. Furthermore, then some efforts could be contributed 
> towards Rob Cowart’s excellent Elastiflow at 
> https://github.com/robcowart/elastiflow/
> 
>   Yet another one: Integrate nfsen’s alert system with ExaBGP, thereby 
> having an automatic blackholer similar to Pavel Ostinov’s excellent 
> FastNetMon. FastNetMon has more functionality, but just nfsen alters+ExaBGP 
> would probably be enough and pretty useful for smaller AS.
> 
>> There isn't even a draft work plan at this time, but maybe ask me again
>> in six months.  Right now we're just trying to gauge interest and
>> solicit interested hackers.
> 
>   I offer no coding abilities, but will send coffee and beers where and 
> when required :)
> 
> -- 
> Alfredo Sola
> https://www.tecnocratica.net
> 
> 
> 
> 
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-13 Thread Adrian Popa 
nfsen-ng looks great, thanks for pointing it out!

I plan on releasing a backend (and home-made frontend) for nfsen that can
be used to generate graphs for traffic engineering. For example, by having
a list of "interesting" prefixes in your network you can see (as a rrd
graph) how much traffic flows to that prefix on specific devices and
interfaces. So you can have a better idea how to balance traffic when some
links reach congestion. The same thing can be done with AS information, and
you can get a "Top AS" per interface.

There is some cleanup and some documenting I need to do and I'll release it
on github. It worked quite well for ~10 years in the company I work for,
but now they're using paid tools from Arbor.

I will let the mailing list know when it's released.

On Fri, Sep 13, 2019 at 1:44 PM Alfredo Sola <
alfr...@solucionesdinamicas.net> wrote:

>
> Hello,
>
> Since we are discussing ideas, I felt I'd chime in.
>
> >  * Something other than PHP :-)
>
> I also dislike PHP and deem it as the BASIC of our times. However,
> it is easy for everybody to setup and it is easy to find hands to work with
> it. So I wouldn’t avoid PHP just for the sake of it. Having said that,
> perhaps a nice alternative would be Python, for example using the Flask
> module. I would avoid node.js; I feel it is something else to keep away
> from, and for the same reasons as PHP (or BASIC).
>
> If we stick to PHP, there is this project which perhaps could be
> the basis for a nice nfsen replacement. It just needs to take it to feature
> completeness and a better finish:
> https://github.com/mbolli/nfsen-ng
>
> >  * Integration into data store back ends or graphing systems
>
> Another idea: adding to nfdump the ability to dump flows to an ELK
> stack. It will probably use way less resources than Logstash does. That
> would be useful by itself. Furthermore, then some efforts could be
> contributed towards Rob Cowart’s excellent Elastiflow at
> https://github.com/robcowart/elastiflow/
>
> Yet another one: Integrate nfsen’s alert system with ExaBGP,
> thereby having an automatic blackholer similar to Pavel Ostinov’s excellent
> FastNetMon. FastNetMon has more functionality, but just nfsen alters+ExaBGP
> would probably be enough and pretty useful for smaller AS.
>
> > There isn't even a draft work plan at this time, but maybe ask me again
> > in six months.  Right now we're just trying to gauge interest and
> > solicit interested hackers.
>
> I offer no coding abilities, but will send coffee and beers where
> and when required :)
>
> --
> Alfredo Sola
> https://www.tecnocratica.net
>
>
>
>
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-13 Thread Alfredo Sola 

Hello,

Since we are discussing ideas, I felt I'd chime in.

>  * Something other than PHP :-)

I also dislike PHP and deem it as the BASIC of our times. However, it 
is easy for everybody to setup and it is easy to find hands to work with it. So 
I wouldn’t avoid PHP just for the sake of it. Having said that, perhaps a nice 
alternative would be Python, for example using the Flask module. I would avoid 
node.js; I feel it is something else to keep away from, and for the same 
reasons as PHP (or BASIC).

If we stick to PHP, there is this project which perhaps could be the 
basis for a nice nfsen replacement. It just needs to take it to feature 
completeness and a better finish:
https://github.com/mbolli/nfsen-ng

>  * Integration into data store back ends or graphing systems

Another idea: adding to nfdump the ability to dump flows to an ELK 
stack. It will probably use way less resources than Logstash does. That would 
be useful by itself. Furthermore, then some efforts could be contributed 
towards Rob Cowart’s excellent Elastiflow at 
https://github.com/robcowart/elastiflow/

Yet another one: Integrate nfsen’s alert system with ExaBGP, thereby 
having an automatic blackholer similar to Pavel Ostinov’s excellent FastNetMon. 
FastNetMon has more functionality, but just nfsen alters+ExaBGP would probably 
be enough and pretty useful for smaller AS.

> There isn't even a draft work plan at this time, but maybe ask me again
> in six months.  Right now we're just trying to gauge interest and
> solicit interested hackers.

I offer no coding abilities, but will send coffee and beers where and 
when required :)

-- 
Alfredo Sola
https://www.tecnocratica.net




___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-12 Thread John Kristoff 
On Thu, 12 Sep 2019 16:54:06 +
"i...@maximka.de"  wrote:

> I'm curious, if you have concrete ideas with regard to new project.

I have some general ideas about what might, could, or should be worked
on.  Personally this includes the following:

  * Something other than PHP :-)
  * Limits / authentication on input forms and channel management
  * Integration into data store back ends or graphing systems

There isn't even a draft work plan at this time, but maybe ask me again
in six months.  Right now we're just trying to gauge interest and
solicit interested hackers.

John


___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen hack-a-thon

2019-09-12 Thread info 
Hi John,
that sound's interesting to me. I'm curious, if you have concrete ideas with 
regard to new project.
Alexei

> On 12 September 2019 at 15:33 John Kristoff  wrote:
> 
> 
> Friends,
> 
> At the FIRST 2020 conference in Montreal next June, we plan to organize
> a hack-a-thon, and one of projects we hope to encourage is the hacking
> of something that might replace NfSen or otherwise augment nfdump with
> some modern graphing, plotting, or visualization tools.
> 
> If anyone has any interest in helping work on this either as a tool
> hacker or project lead, contact me.  If you just want to suggest some
> high level ideas, that is fine too, but keep in mind we will really need
> people to do some actual coding work so no promises we can or will do
> what you want if you or someone you send doesn't help implement it.
> 
> John
> 
> 
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen Error Creating Graph

2018-12-05 Thread Adrian Popa 
Sounds like a permissions issue in your graphs/www data.

On Wed, Dec 5, 2018 at 7:01 PM Patrick Kulbis 
wrote:

> I’m having an issue getting the graphs to show data.  In the live Profile
> on the details tab all graphs just show “Error Creating Graph!”.  I can’t
> seem to find any log file referencing any issues and I see data in
> Statistics Table and netflow processing. Attached screen shot, please help.
>
>
>
> Thanks
>
> Patrick Kulbis
> Sr. Systems Administrator
>
> 
> 1355 CHESTER INDUSTRIAL PKWY. AVON, OHIO 44011
> DESK PHONE: (440) 934-8324 Ext. 174
> MOBILE PHONE: (216) 570-3283
> FAX: (440) 934-3626
> This e-mail originated or was forwarded from Technifab, Inc. Its contents
> and attachments may contain proprietary and privileged information and is
> intended only for the use of the named recipient. If you are not the
> intended recipient, be aware that unauthorized disclosure, copying /
> distributing of this e-mail / attachments is prohibited and unlawful. If
> you have received this communication in error, please notify sender
> immediately by return e-mail and destroy this e-mail / attachments.
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NFSen problems, outdated dependencies, possible memory leak (at least on FreeBSD).

2018-11-14 Thread Brian Candler 

On 14/11/2018 15:00, i...@maximka.de wrote:

I put nfsen code unofficially on github[1] and tried to notify the author[2]. 
If you discover some new issues, you could add them to the unofficial 
repository tracker[3].


Three PRs sent.

Cheers,

Brian.



___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NFSen problems, outdated dependencies, possible memory leak (at least on FreeBSD).

2018-11-14 Thread info 
I put nfsen code unofficially on github[1] and tried to notify the author[2]. 
If you discover some new issues, you could add them to the unofficial 
repository tracker[3].

[1] https://github.com/p-alik/nfsen
[2] https://github.com/p-alik/nfsen/issues/2#issuecomment-422768953
https://github.com/p-alik/nfsen/issues/1#issuecomment-344597948
email-to-phaag.txt in attachment
[3] https://github.com/p-alik/nfsen/issues

Regards, 
Alexei
 
If you have some issues, please add it https://github.com/p-alik/nfsen/issues

> On 14 November 2018 at 13:16 Brian Candler  wrote:
> 
> 
> nfsen is pretty much unmaintained.  I have several local patches that I 
> use to get it to work under Ubuntu.  Unfortunately there's no tracker to 
> submit them too.
> 
> 
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discussDate: Wed, 15 Nov 2017 14:45:40 +0100 (CET)
From: i...@maximka.de
Reply-To: i...@maximka.de
To: ph...@sourceforge.net
Message-ID: <178700309.100506.1510753540...@communicator.strato.de>
Subject: installation of nfsen 1.3.8 throws exception: Can't use string
 ("live") as a HASH ref while "strict refs" in use at libexec/NfProfile.pm
 line 1238
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.8.3-Rev38
X-Originating-IP: 158.181.77.211
X-Originating-Client: open-xchange-appsuite
X-OX-Marker: 4dce0f6a-3487-4f32-ac39-6de833ed9c2c

Hi Peter,
I got the issue for nfsen 1.3.7 and reported it to the list 
https://sourceforge.net/p/nfsen/mailman/message/35147369/

Right now by updating to 1.3.8 same issue appears.
Big description and bug fixing is on github 
https://github.com/p-alik/nfsen/issues/1

Best regards,
Alexei
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NFSen problems, outdated dependencies, possible memory leak (at least on FreeBSD).

2018-11-14 Thread Brian Candler 
nfsen is pretty much unmaintained.  I have several local patches that I 
use to get it to work under Ubuntu.  Unfortunately there's no tracker to 
submit them too.



___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen/ --commit-profile fails

2017-12-27 Thread Thomas Rottig 

Hi Adrian,that was it - easy if one knows it - thanks a lot:)Kind Regards,ThomasAdrian Popa  hat am 27. Dezember 2017 um 19:13 geschrieben:Names in general (device, profile, etc) should not contain the character '-' because it is not escaped in the CDEF definition. Try renaming your source.On Wed, Dec 27, 2017 at 2:49 PM, Thomas Rottig  wrote:Hi Brian, thanks for the feedback. I could read the mail just fine but happy to send again as plain text :) Many thanks, regards, Thomas  --Hi everybody,   just started dabbling with nfsen and netflow in general in order to display VMWare dvSwitch data in librenms.  I have successfully integrated the base data flow from the switch into librenms and now wanted to filter more relevant data.  I use this script (http://www.linuxscrew.com/2012/03/15/nfsen-traffic-classification-breakdown/) to generate the commands:   Unfortunatly I hit errors while commiting the profile:  ERR Error GenGraph: Profile: vcenter, packets-day: don't understand 'datahttp-out,-1,*'  This is triggered by  libexec/NfSenRRD.pm  line 287 (call to RRDs::graph)   From my understanding and debug attempts I understand that the syntax of the CDEF line should be like  CDEF:http-out=datahttp-out,-1,*  It seems to be different (datahttp-out,-1,*( unless RRD::graph only pushed back part of it.   The following is a stripped down command set to replicate  /data/nfsen/bin/nfsen -a Breakdown/vcenter shadow=1 /data/nfsen/bin/nfsen --add-channel Breakdown/vcenter8/http-out sourcelist="VMdvswitch" filter="(src net 0.0.0.0/0) and ((dst port 80 and proto tcp) or (dst port 80 and proto udp) or (dst port 443 and proto tcp) or (dst port 443 and proto udp))" colour="#FF" sign=- order=1 /data/nfsen/bin/nfsen --commit-profile Breakdown/vcenterDoes anyone have an idea why this might happen?  I have  /usr/src/nfsen-1.3.6p1  /usr/bin/nfdump: Version: 1.6.12  RRDtool 1.5.5  Copyright by Tobias Oetiker     Compiled 2016-03-23 10:46:12   Thanks a lot,  regards,  Thomas ---   > Brian Candler  hat am 27. Dezember 2017 um 11:05 geschrieben:> >  Please send your mail again without HTML.  All that came through was: > > > Date: Sun, 24 Dec 2017 16:14:58 +0100 (CET) > From: Thomas Rottig thomas.rot...@sysm.de > To: nfsen-discuss@lists.sourceforge.net > Subject: [Nfsen-discuss] nfsen/ --commit-profile fails > Message-ID: 1713045567.45617.1514128498...@email.1und1.de > Content-Type: text/plain; charset="us-ascii" > > An HTML attachment was scrubbed... > > -- > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > >  Regards, > >  Brian.  Mit freundlichen Grüßen / kind regards  Thomas Rottig    Zentrale: +49 (0) 6321 959781-0 Fax:          +49 (0) 6321 959781-19 Mobil: +49 (0) 173 315 3877 Web:    [http://www.sysm.de](http://www.sysm.de/)  Deutschland: SYSM – Systemmanagement Service & Konzepte GmbH, Am Stentenwehr 33, 67435 Neustadt Schweiz: SYSM AG, Tiefenaustrasse , CH-3048 Worblaufen    SYSM - Systemmanagement Service & Konzepte GmbH Geschäftsführer: Michael Schwab Firmensitz: Am Stentenwehr 33, 67435 Neustadt Registergericht: Amtsgericht Neustadt a.d. Weinstraße, HRB 2561  -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discussMit freundlichen Grüßen / kind regardsThomas RottigZentrale: +49 (0) 6321 959781-0Fax:          +49 (0) 6321 959781-19Mobil: +49 (0) 173 315 3877Web:    http://www.sysm.deDeutschland: SYSM – Systemmanagement Service & Konzepte GmbH, Am Stentenwehr 33, 67435 NeustadtSchweiz: SYSM AG, Tiefenaustrasse , CH-3048 Worblaufen SYSM - Systemmanagement Service & Konzepte GmbHGeschäftsführer: Michael SchwabFirmensitz: Am Stentenwehr 33, 67435 NeustadtRegistergericht: Amtsgericht Neustadt a.d. Weinstraße, HRB 2561
 

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net

Re: [Nfsen-discuss] nfsen/ --commit-profile fails

2017-12-27 Thread Adrian Popa 
Names in general (device, profile, etc) should not contain the character
'-' because it is not escaped in the CDEF definition. Try renaming your
source.

On Wed, Dec 27, 2017 at 2:49 PM, Thomas Rottig 
wrote:

> Hi Brian,
> thanks for the feedback.
> I could read the mail just fine but happy to send again as plain text :)
> Many thanks,
> regards,
> Thomas
>
> --
> Hi everybody,
>
>
> just started dabbling with nfsen and netflow in general in order to
> display VMWare dvSwitch data in librenms.
>
> I have successfully integrated the base data flow from the switch into
> librenms and now wanted to filter more relevant data.
>
> I use this script (http://www.linuxscrew.com/2012/03/15/nfsen-traffic-
> classification-breakdown/) to generate the commands:
>
>
> Unfortunatly I hit errors while commiting the profile:
>
> ERR Error GenGraph: Profile: vcenter, packets-day: don't understand
> 'datahttp-out,-1,*'
>
> This is triggered by  libexec/NfSenRRD.pm  line 287 (call to RRDs::graph)
>
>
> From my understanding and debug attempts I understand that the syntax of
> the CDEF line should be like
>
> CDEF:http-out=datahttp-out,-1,*
>
> It seems to be different (datahttp-out,-1,*( unless RRD::graph only pushed
> back part of it.
>
>
> The following is a stripped down command set to replicate
>
> /data/nfsen/bin/nfsen -a Breakdown/vcenter shadow=1
> /data/nfsen/bin/nfsen --add-channel Breakdown/vcenter8/http-out
> sourcelist="VMdvswitch" filter="(src net 0.0.0.0/0) and ((dst port 80 and
> proto tcp) or (dst port 80 and proto udp) or (dst port 443 and proto tcp)
> or (dst port 443 and proto udp))" colour="#FF" sign=- order=1
> /data/nfsen/bin/nfsen --commit-profile Breakdown/vcenter
>
>
>
> Does anyone have an idea why this might happen?
>
> I have
>
> /usr/src/nfsen-1.3.6p1
>
> /usr/bin/nfdump: Version: 1.6.12
>
> RRDtool 1.5.5  Copyright by Tobias Oetiker Compiled
> 2016-03-23 10:46:12
>
>
> Thanks a lot,
>
> regards,
>
> Thomas
>
> ---
>
>
>
>
>
>
> > Brian Candler  hat am 27. Dezember 2017 um 11:05
> geschrieben:
> >
> >  Please send your mail again without HTML.  All that came through was:
> >
> >
> > Date: Sun, 24 Dec 2017 16:14:58 +0100 (CET)
> > From: Thomas Rottig thomas.rot...@sysm.de
> > To: nfsen-discuss@lists.sourceforge.net
> > Subject: [Nfsen-discuss] nfsen/ --commit-profile fails
> > Message-ID: 1713045567.45617.1514128498...@email.1und1.de
> > Content-Type: text/plain; charset="us-ascii"
> >
> > An HTML attachment was scrubbed...
> >
> > --
> >
> > 
> --
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >
> >
> >  Regards,
> >
> >  Brian.
>
>
> Mit freundlichen Grüßen / kind regards
>
> Thomas Rottig
> 
> 
>
>
> Zentrale: +49 (0) 6321 959781-0
> Fax:  +49 (0) 6321 959781-19
> Mobil: +49 (0) 173 315 3877
> Web:[http://www.sysm.de](http://www.sysm.de/)
>
> Deutschland: SYSM – Systemmanagement Service & Konzepte GmbH, Am
> Stentenwehr 33, 67435 Neustadt
> Schweiz: SYSM AG, Tiefenaustrasse , CH-3048 Worblaufen
>
>
> 
> 
> SYSM - Systemmanagement Service & Konzepte GmbH
> Geschäftsführer: Michael Schwab
> Firmensitz: Am Stentenwehr 33, 67435 Neustadt
> Registergericht: Amtsgericht Neustadt a.d. Weinstraße, HRB 2561
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen/ --commit-profile fails

2017-12-27 Thread Thomas Rottig 
Hi Brian,
thanks for the feedback.
I could read the mail just fine but happy to send again as plain text :)
Many thanks,
regards,
Thomas

--
Hi everybody,


just started dabbling with nfsen and netflow in general in order to display 
VMWare dvSwitch data in librenms.

I have successfully integrated the base data flow from the switch into librenms 
and now wanted to filter more relevant data.

I use this script 
(http://www.linuxscrew.com/2012/03/15/nfsen-traffic-classification-breakdown/) 
to generate the commands:


Unfortunatly I hit errors while commiting the profile:

ERR Error GenGraph: Profile: vcenter, packets-day: don't understand 
'datahttp-out,-1,*'

This is triggered by  libexec/NfSenRRD.pm  line 287 (call to RRDs::graph)


From my understanding and debug attempts I understand that the syntax of the 
CDEF line should be like

CDEF:http-out=datahttp-out,-1,*

It seems to be different (datahttp-out,-1,*( unless RRD::graph only pushed back 
part of it.


The following is a stripped down command set to replicate

/data/nfsen/bin/nfsen -a Breakdown/vcenter shadow=1
/data/nfsen/bin/nfsen --add-channel Breakdown/vcenter8/http-out 
sourcelist="VMdvswitch" filter="(src net 0.0.0.0/0) and ((dst port 80 and proto 
tcp) or (dst port 80 and proto udp) or (dst port 443 and proto tcp) or (dst 
port 443 and proto udp))" colour="#FF" sign=- order=1
/data/nfsen/bin/nfsen --commit-profile Breakdown/vcenter



Does anyone have an idea why this might happen?

I have

/usr/src/nfsen-1.3.6p1

/usr/bin/nfdump: Version: 1.6.12

RRDtool 1.5.5  Copyright by Tobias Oetiker Compiled 
2016-03-23 10:46:12


Thanks a lot,

regards,

Thomas

---






> Brian Candler  hat am 27. Dezember 2017 um 11:05 
> geschrieben:
> 
>  Please send your mail again without HTML.  All that came through was:
>  
> 
> Date: Sun, 24 Dec 2017 16:14:58 +0100 (CET)
> From: Thomas Rottig thomas.rot...@sysm.de
> To: nfsen-discuss@lists.sourceforge.net
> Subject: [Nfsen-discuss] nfsen/ --commit-profile fails
> Message-ID: 1713045567.45617.1514128498...@email.1und1.de
> Content-Type: text/plain; charset="us-ascii"
> 
> An HTML attachment was scrubbed...
> 
> --
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> 
>  
>  Regards,
>  
>  Brian.


Mit freundlichen Grüßen / kind regards

Thomas Rottig



Zentrale: +49 (0) 6321 959781-0
Fax:          +49 (0) 6321 959781-19
Mobil: +49 (0) 173 315 3877
Web:    [http://www.sysm.de](http://www.sysm.de/)

Deutschland: SYSM – Systemmanagement Service & Konzepte GmbH, Am Stentenwehr 
33, 67435 Neustadt
Schweiz: SYSM AG, Tiefenaustrasse , CH-3048 Worblaufen 



SYSM - Systemmanagement Service & Konzepte GmbH
Geschäftsführer: Michael Schwab
Firmensitz: Am Stentenwehr 33, 67435 Neustadt
Registergericht: Amtsgericht Neustadt a.d. Weinstraße, HRB 2561

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen giving huge values to Fortigate flows

2017-12-18 Thread Brian Candler 

My conclusion is that I've set up netflow on my Fortigate incorrectly, can
anyone advise me as to how I should have it set?


No, there is a known problem with processing flows from Fortigate.  If 
you want to help debug it, please head over to


https://github.com/phaag/nfdump/issues/77
or
https://github.com/phaag/nfdump/issues/65

and provide some additional pcap files with flow data.  (I guess those 
two tickets should be merged really)


Regards,

Brian.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen problem with Fortigate.

2017-12-13 Thread Brian Candler 

On 13/12/2017 09:39, Brian Candler wrote:
Look in your firewall settings to see if there is one to change the 
template sending interval, and crank it down to 5 minutes. 


You can find the settings here: it's "template-tx-timeout" you're 
looking for.


https://github.com/phaag/nfdump/issues/77

|config system netflow set collector-ip x.x.x.x set collector-port  
set active-flow-timeout 10 set template-tx-timeout 10 end|


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen problem with Fortigate.

2017-12-13 Thread Brian Candler 

On 13/12/2017 08:36, nfsen-discuss-requ...@lists.sourceforge.net wrote:

nfsen problem with Fortigate.



WHen i check with tcpdump i got the following lines streaming


Can you try with wireshark (tshark) as well:

# tshark -i eth0 -nnV -s0 -d udp.port==9995,cflow udp port 9995

Initially you should see undecoded packets, but after a while it should start 
decoding (when the template info is received).

Look in your firewall settings to see if there is one to change the template 
sending interval, and crank it down to 5 minutes.



But there is no data collecting.
I can see sflow and netflow collectors on ps -ef..


Are they listening on the right ports?

# netstat -naup

Also, what if you attach strace to one of those processes (strace -p ) 
while data is coming in?

Note: once you get this working, please see
https://github.com/phaag/nfdump/issues/65
if you see bad flow sizes, and then you can capture some traffic to help debug.

Regards,

Brian.


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen problem with Fortigate.

2017-12-13 Thread José Manuel Agudo Cuesta 
I dont know if nfsen/nfdump can process netflow v9 templated payload. Last
time I tried cant do it.



El mié., 13 dic. 2017 a las 9:39, Adrian Popa ()
escribió:

> I don't know about sflow, sorry...
>
> On Wed, Dec 13, 2017 at 10:35 AM, Oguzhan Kayhan 
> wrote:
>
>> Thank you adrian.
>> It's been about 10 hours. and still no data.
>> For netflow template packet might be expected (not normal to receive in
>> that long time)  what about sflow?
>> Does it need also?
>> I am listening on two protocols to get smting useful
>>
>>
>> On Wed, Dec 13, 2017 at 11:19 AM, Adrian Popa 
>> wrote:
>>
>>> Since Netflow v9 uses a templated payload, the collector needs to
>>> receive a packet describing the template format (what fields are exported).
>>> After this packet is received, data is processed and saved. You will see
>>> the same thing with wireshark - when you try to decode the payload with the
>>> cflow dissector - until a template packet is received, the payload can't be
>>> decoded.
>>>
>>> Normally template packets should be sent out periodically, but it may
>>> depend on the volume of data being exported.
>>>
>>> On Tue, Dec 12, 2017 at 5:16 PM, Oguzhan Kayhan 
>>> wrote:
>>>
 Hello all,
 I'M trying to get nfsen information from fortigate 100D.
 for test purposes, i enabled both sflow and netflow on fortigate

 Wan port config is as :

 --
 config system interface
 edit "wan1"
 set vdom "root"
 set mode pppoe
 set allowaccess ping
 set type physical
 set netflow-sampler both
 set sflow-sampler enable
 set sample-rate 512
 set polling-interval 30
 
 config system sflow
 set collector-ip 10.1.1.13
 set collector-port 9994
 set source-ip 10.1.3.2
 end
 config system netflow
 set collector-ip 10.1.1.13
 set collector-port 9995
 set source-ip 10.1.3.2
 set active-flow-timeout 1
 end
 ---



 WHen i check with tcpdump i got the following lines streaming

 tcpdump -i any -n udp port 9995 -T cnfp
 tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
 listening on any, link-type LINUX_SLL (Linux cooked), capture size
 65535 bytes
 17:10:37.819012 IP 10.1.3.2.2614 > 10.1.1.13.9995: NetFlow v9,
 2921178.370 uptime, 1513091437.00115,  1 recs


 and

 tcpdump -i any -n udp port 9994 -T cnfp
 tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
 listening on any, link-type LINUX_SLL (Linux cooked), capture size
 65535 bytes
 17:13:21.684219 IP 10.1.3.2.2349 > 10.1.1.13.9994: NetFlow v0, 0.001
 uptime, 167838466.0,  5 recs
   started 0.001, last 0.512
 0.0.55.41:32 > 174.32.37.22:13312 >> 0.0.0.1
 0 tos 0, 184 (4121 octets)
   started 2423041.105, last 3117853.792
 0.0.0.1:46687 > 0.0.0.144:14226 >> 0.0.0.1
 17 tos 0, 4 (128 octets)
   started 803098.648, last 2206.628
 64.0.57.6:0 > 234.87.195.175:5891 >> 227.25.78.189
 17 tos 151, 3437380716 <(343)%20738-0716> (3899816432 octets)

 ---

 My nfsen.conf file is:

 'peer1'=> { 'port' => '9995', 'IP' => '10.1.3.2',
 'col'=>'#ff','type'=>'netflow' },


 'peer2'=> { 'port' => '9994', 'IP' => '10.1.3.2',
 'col'=>'#cf','type'=>'sflow' },





 But there is no data collecting..
 I can see sflow and netflow collectors on ps -ef..
 but on folder there is only 276 bytes of data for both peers.

 Any ideas??


 Thank you


 --
 Check out the vibrant tech community on one of the world's most
 engaging tech sites, Slashdot.org! http://sdm.link/slashdot
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


>>>
>>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
-- 
JOSE MANUEL AGUDO CUESTA
Ingeniero de Redes y Seguridad
Servicios Informáticos - C.P.D.
Universidad de Salamanca
+34 923 294 500 ext. 1398
--
Check out the vibrant tech

Re: [Nfsen-discuss] nfsen problem with Fortigate.

2017-12-13 Thread Adrian Popa 
I don't know about sflow, sorry...

On Wed, Dec 13, 2017 at 10:35 AM, Oguzhan Kayhan 
wrote:

> Thank you adrian.
> It's been about 10 hours. and still no data.
> For netflow template packet might be expected (not normal to receive in
> that long time)  what about sflow?
> Does it need also?
> I am listening on two protocols to get smting useful
>
>
> On Wed, Dec 13, 2017 at 11:19 AM, Adrian Popa 
> wrote:
>
>> Since Netflow v9 uses a templated payload, the collector needs to receive
>> a packet describing the template format (what fields are exported). After
>> this packet is received, data is processed and saved. You will see the same
>> thing with wireshark - when you try to decode the payload with the cflow
>> dissector - until a template packet is received, the payload can't be
>> decoded.
>>
>> Normally template packets should be sent out periodically, but it may
>> depend on the volume of data being exported.
>>
>> On Tue, Dec 12, 2017 at 5:16 PM, Oguzhan Kayhan 
>> wrote:
>>
>>> Hello all,
>>> I'M trying to get nfsen information from fortigate 100D.
>>> for test purposes, i enabled both sflow and netflow on fortigate
>>>
>>> Wan port config is as :
>>>
>>> --
>>> config system interface
>>> edit "wan1"
>>> set vdom "root"
>>> set mode pppoe
>>> set allowaccess ping
>>> set type physical
>>> set netflow-sampler both
>>> set sflow-sampler enable
>>> set sample-rate 512
>>> set polling-interval 30
>>> 
>>> config system sflow
>>> set collector-ip 10.1.1.13
>>> set collector-port 9994
>>> set source-ip 10.1.3.2
>>> end
>>> config system netflow
>>> set collector-ip 10.1.1.13
>>> set collector-port 9995
>>> set source-ip 10.1.3.2
>>> set active-flow-timeout 1
>>> end
>>> ---
>>>
>>>
>>>
>>> WHen i check with tcpdump i got the following lines streaming
>>>
>>> tcpdump -i any -n udp port 9995 -T cnfp
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
>>> bytes
>>> 17:10:37.819012 IP 10.1.3.2.2614 > 10.1.1.13.9995: NetFlow v9,
>>> 2921178.370 uptime, 1513091437.00115,  1 recs
>>>
>>>
>>> and
>>>
>>> tcpdump -i any -n udp port 9994 -T cnfp
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
>>> bytes
>>> 17:13:21.684219 IP 10.1.3.2.2349 > 10.1.1.13.9994: NetFlow v0, 0.001
>>> uptime, 167838466.0,  5 recs
>>>   started 0.001, last 0.512
>>> 0.0.55.41:32 > 174.32.37.22:13312 >> 0.0.0.1
>>> 0 tos 0, 184 (4121 octets)
>>>   started 2423041.105, last 3117853.792
>>> 0.0.0.1:46687 > 0.0.0.144:14226 >> 0.0.0.1
>>> 17 tos 0, 4 (128 octets)
>>>   started 803098.648, last 2206.628
>>> 64.0.57.6:0 > 234.87.195.175:5891 >> 227.25.78.189
>>> 17 tos 151, 3437380716 <(343)%20738-0716> (3899816432 octets)
>>>
>>> ---
>>>
>>> My nfsen.conf file is:
>>>
>>> 'peer1'=> { 'port' => '9995', 'IP' => '10.1.3.2',
>>> 'col'=>'#ff','type'=>'netflow' },
>>>
>>>
>>> 'peer2'=> { 'port' => '9994', 'IP' => '10.1.3.2',
>>> 'col'=>'#cf','type'=>'sflow' },
>>>
>>>
>>>
>>>
>>>
>>> But there is no data collecting..
>>> I can see sflow and netflow collectors on ps -ef..
>>> but on folder there is only 276 bytes of data for both peers.
>>>
>>> Any ideas??
>>>
>>>
>>> Thank you
>>>
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> ___
>>> Nfsen-discuss mailing list
>>> Nfsen-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>
>>>
>>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen problem with Fortigate.

2017-12-13 Thread Adrian Popa 
Since Netflow v9 uses a templated payload, the collector needs to receive a
packet describing the template format (what fields are exported). After
this packet is received, data is processed and saved. You will see the same
thing with wireshark - when you try to decode the payload with the cflow
dissector - until a template packet is received, the payload can't be
decoded.

Normally template packets should be sent out periodically, but it may
depend on the volume of data being exported.

On Tue, Dec 12, 2017 at 5:16 PM, Oguzhan Kayhan 
wrote:

> Hello all,
> I'M trying to get nfsen information from fortigate 100D.
> for test purposes, i enabled both sflow and netflow on fortigate
>
> Wan port config is as :
>
> --
> config system interface
> edit "wan1"
> set vdom "root"
> set mode pppoe
> set allowaccess ping
> set type physical
> set netflow-sampler both
> set sflow-sampler enable
> set sample-rate 512
> set polling-interval 30
> 
> config system sflow
> set collector-ip 10.1.1.13
> set collector-port 9994
> set source-ip 10.1.3.2
> end
> config system netflow
> set collector-ip 10.1.1.13
> set collector-port 9995
> set source-ip 10.1.3.2
> set active-flow-timeout 1
> end
> ---
>
>
>
> WHen i check with tcpdump i got the following lines streaming
>
> tcpdump -i any -n udp port 9995 -T cnfp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
> bytes
> 17:10:37.819012 IP 10.1.3.2.2614 > 10.1.1.13.9995: NetFlow v9, 2921178.370
> uptime, 1513091437.00115,  1 recs
>
>
> and
>
> tcpdump -i any -n udp port 9994 -T cnfp
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535
> bytes
> 17:13:21.684219 IP 10.1.3.2.2349 > 10.1.1.13.9994: NetFlow v0, 0.001
> uptime, 167838466.0,  5 recs
>   started 0.001, last 0.512
> 0.0.55.41:32 > 174.32.37.22:13312 >> 0.0.0.1
> 0 tos 0, 184 (4121 octets)
>   started 2423041.105, last 3117853.792
> 0.0.0.1:46687 > 0.0.0.144:14226 >> 0.0.0.1
> 17 tos 0, 4 (128 octets)
>   started 803098.648, last 2206.628
> 64.0.57.6:0 > 234.87.195.175:5891 >> 227.25.78.189
> 17 tos 151, 3437380716 <(343)%20738-0716> (3899816432 octets)
>
> ---
>
> My nfsen.conf file is:
>
> 'peer1'=> { 'port' => '9995', 'IP' => '10.1.3.2',
> 'col'=>'#ff','type'=>'netflow' },
>
>
> 'peer2'=> { 'port' => '9994', 'IP' => '10.1.3.2',
> 'col'=>'#cf','type'=>'sflow' },
>
>
>
>
>
> But there is no data collecting..
> I can see sflow and netflow collectors on ps -ef..
> but on folder there is only 276 bytes of data for both peers.
>
> Any ideas??
>
>
> Thank you
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen-1.3.8 released - SECURITY FIX

2017-01-25 Thread James Stahr 
On 01/25/2017 4:55 AM, Alexei Pastuchov wrote:
> quick&&  insecure solution:
> rm -t in NfProfile.pm line 3026.
>


That didn't work for me, but I did this crude hack for addressing the 
taint issues with the vairables returned by ProfilePath.  Use at your 
own risk until a permanent fix has been released as it does *not* 
sanitize the input as it really should.


[foo@bar  libexec]# diff -c NfProfile.pm.ORIG NfProfile.pm
*** NfProfile.pm.ORIG   2017-01-25 13:18:48.443703130 -0600
--- NfProfile.pm2017-01-25 13:10:26.418745710 -0600
***
*** 142,147 
--- 142,149 
   sub ProfilePath {
 my $profile  = shift;
 my $profilegroup = shift;
+   $profile =~ /(.*)/ && ($profile = $1);
+   $profilegroup =~ /(.*)/ && ($profilegroup = $1);

 if ( !defined $profilegroup || $profilegroup eq '.' ) {
 return "$profile";


-James

> 3026: $args .= "-t $_t "  if defined $profileinfo{'expire'};
>
>
>> On 25 January 2017 at 10:17 Giles Coochey  wrote:
>> I ran the upgrade and receive the following error when trying to restart
>> NFsen:
>>
>> Insecure dependency in sysopen while running with -T switch at
>> /opt/nfsen/libexec/NfProfile.pm line 836
>>
>> Any ideas?
>>
>> -- 
>> Regards,
>>
>> Giles Coochey
>> +44 (0) 7584 634 135
>> +44 (0) 1803 529 451
>> gi...@coochey.net
>>
>>
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! 
>> http://sdm.link/slashdot___
>> Nfsen-discuss mailing list
>> Nfsen-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>  
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
>


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen-1.3.8 released - SECURITY FIX

2017-01-25 Thread Alexei Pastuchov 
quick && insecure solution:
rm -t in NfProfile.pm line 3026.

3026:   $args .= "-t $_t "  if defined $profileinfo{'expire'};

> On 25 January 2017 at 10:17 Giles Coochey  wrote:
> I ran the upgrade and receive the following error when trying to restart 
> NFsen:
> 
> Insecure dependency in sysopen while running with -T switch at 
> /opt/nfsen/libexec/NfProfile.pm line 836
> 
> Any ideas?
> 
> -- 
> Regards,
> 
> Giles Coochey
> +44 (0) 7584 634 135
> +44 (0) 1803 529 451
> gi...@coochey.net
> 
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! 
> http://sdm.link/slashdot___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen-1.3.8 released - SECURITY FIX

2017-01-25 Thread Giles Coochey 



On 24/01/17 18:40, Peter Haag wrote:

Hi list,
nfsen-1.3.8 is out. It fixes a security vulnerability, which allows a remote
attacker with access to the web interface to execute arbitrary commands on
the host operating system. All users are encouraged to update to nfsen-1.3.8.

Nfsen currently undergoes a major upgrade. New features are not integrated
in 1.3.8. Compatibility issues have been fixed. It supports rrdtool 1.5

nfsen will also migrate to Github. However, 1.3.8 still is published for now
on sf.net https://sourceforge.net/projects/nfsen/

Thanks

- Peter
I ran the upgrade and receive the following error when trying to restart 
NFsen:


Insecure dependency in sysopen while running with -T switch at 
/opt/nfsen/libexec/NfProfile.pm line 836


Any ideas?

--
Regards,

Giles Coochey
+44 (0) 7584 634 135
+44 (0) 1803 529 451
gi...@coochey.net




smime.p7s
Description: S/MIME Cryptographic Signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen data retention issue

2016-11-02 Thread Mark D. Nagel 
On 11/2/2016 11:16 AM, Satish Patel wrote:
> I have 3 option in 'Stats' tab, What numbers should i use here?  I
> have put following number but not sure how to relate them in 7 days
> retention policy
>
> Size: 3G
> Max. Size: 3G
> Expire:  7d

The first is informational only (current size on disk).  Second says expire to 
keep at or
below 3G (which seems to be working for you).  The last says do not keep data 
older than 7
days, which (I believe) overrides the max size if 7 days is smaller than 3G.  I 
usually
only set max size.

Regards,
Mark

-- 
Mark D. Nagel, CCIE #3177 Emeritus 
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 714-844-4698

** For faster support response time, please
** email supp...@willingminds.com or call 714-495-4000


--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen issues with PHP7.0

2016-05-23 Thread Ralf Hildebrandt 
* Ralf Hildebrandt :
> I made an update to xenial the other day, and nfsen doesn't generate
> the detail grpahs at all. error_log is being filled with:
> 
> 
> May 23 17:12:47 netflow nfsen[6278]: connection on UNIX socket
> May 23 17:12:47 netflow nfsen[6278]: comm server started: 6781
> May 23 17:12:47 netflow nfsen[6781]: Cmd Decode: get-detailsgraph
> May 23 17:12:47 netflow nfsen[6781]: Error generating details graph: garbage 
> in RPN: 'PREV(datafwm-cvk),1,*': Arg: 'live', 
> 'fwm-cvk:fwm-cbf:rouextdfn:rouccb2:rouccb1:coredebug:roucbfvivantes:rouvpntunnel:roucvkst1:roucvkst2:rouccmmed:rouccmdvh:roucbfpav:roucbftk:roucbfeg:roubrain:rouxwin',
>  'any', 'flows', '1463501700', '1463927700', '1464014100', '1463970300', 
> '1463970300', '288', '100', '1', '0', '0'
> May 23 17:12:47 netflow nfsen[6278]: comm child[6781] terminated with no exit 
> value
> 
> # rrdtool -v
> RRDtool 1.5.5  Copyright by Tobias Oetiker 
>Compiled 2016-03-23 10:46:12
> 
> PREV(datafwm-cvk),1,*
> is seen as garbage, but why?

Found it:
v1.5.6 has "make vname nameing rules more liberal and more in line with 1.4"

The "-" in the name is the problem here. Trying to rebuild 1.5.6 and
install over 1.5.5 :/

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
http://www.charite.de  Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

--
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen error "PANIC nfsend dies: RRD version '1.5001' not yet supported!"

2016-03-03 Thread Ivan Beveridge 
This was asked a month ago:

https://sourceforge.net/p/nfsen/mailman/message/34811400/

It looks like there wasn't a response though.

I do seem to remember some other response about rrdtool 1.5, so your
best bet would be to take a look at the mailing list archives to see if
there is an answer that suits.

One thing to consider about your issue is that the nfsen coders are not
necessarily involved in the OS packaging. In this case you probably want
to speak to whomever packaged the nfsen port for FreeBSD, as it looks
like assumptions may have been made (ie that a later rrdtool would work).

Cheers

Ivan

On 03/03/2016 16:55, Ewald Jenisch wrote:
> Hi,
> 
> Today I upgraded my system (FreeBSD 10.3) including all installed
> packages. After the upgrade, that went smooth btw, I get the following
> error upon trying to start nfsen:
> 
> PANIC nfsend dies: RRD version '1.5001' not yet supported!
> 
> That's esp. weird, since according to the package information for
> nfsen it seems to depend on rrdtool-1.5.5:
> 
> # pkg info -d  nfsen
> nfsen-1.3.7:
> php56-session-5.6.18
> perl5-5.20.3_8
> php56-5.6.18
> p5-Socket6-0.25_2
> php56-sockets-5.6.18
> nfdump-1.6.13_1
> p5-Mail-Tools-2.14
> rrdtool-1.5.5_1
> #
> 
> Well, so on one hand nfsen doesn't obviously doesn't work with
> rrdtool-1.5.5 - on the other hand this package(version) is required.
> 
> Here are my questions:
> 
> o) Has anybody out there seen this before?
> 
> o) Anything that can be done against it?
> 
> Thanks much in advance for any clue,
> -ewald


-- 
Ivan Beveridge   VP Operations, LiveJournal
e:  ; w: http://livejournal.com/

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151=/4140
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen is not showing the propper traffic value. (SOLVED)

2015-12-10 Thread Adrian Popa 
Glad to hear you sorted it out! What does -B stand for (I haven't used
fprobe)? UDP buffer?

On Thu, Dec 10, 2015 at 4:32 PM, Leandro  wrote:

> Adrian, finally I got it working properly.
> Reading the man page for fprobe I founded the following:
>
> Reasonable configuration to run under heavy load:
> fprobe -fip -B4096 -r2 -q1 -t1:1000 localhost:2055
>
> After applying the B , r and q parameters I got the complete traffic shape.
> Also at fprobe server , any performance parameter showed some increment so
> I think it is working
>
> Thanks for your advice.
> Leandro.
>
>
> On 05/12/15 04:28, Adrian Popa wrote:
>
> Hmm, if the source machine doesn't have enough resources to export the
> flows, you should see things like - a core being used 100% by fprobe or udp
> packets being dropped because of too small buffers in the output of netstat
> -s (check on both source and destination). You could use iptables to count
> packets leaving the source vs packets arriving at the destination to rule
> out network drops in between with something like
> iptables -A OUTPUT -m udp --dport 9995 -j ACCEPT
> iptables -A INPUT -m udp --dport 9995 -j ACCEPT
> And check stats with
> iptables -l -n -v
>
> But it's difficult to troubleshoot...
> On 4 Dec 2015 15:09, "Leandro" < ingrog...@gmail.com>
> wrote:
>
>> Adrian , thanks for your response.
>> About sampling ... Im not sure what is it but im running the fprobe just
>> with the line:
>>
>> /usr/local/sbin/fprobe -i eth3 -fip -n7 172.24.3.12:9995
>>
>> Which in a case o a traffic bellow than 1gbps works great.
>> In my case the message you are describing "Sequence errors or bad packets"
>> Apears many times in the collector log file, so there is some problem
>> ,but;
>> How can I confirm if the problem is on the nfcapd or the fprobe side ?
>> Can I modify on  something on any side to properly export more than 1.4Gbps
>> ?
>> Both machine where they are running are very powerfull machines.
>>
>> I can provide more info
>> Thanks in advance!!!
>> Leo.
>>
>>
>> On 04/12/15 04:37, Adrian Popa wrote:
>>
>> If you're using sampling you should see differences between netflow
>> traffic and real traffic. If not, check that:
>>
>> 1. you're not losing UDP packets - if you lose packets you should see
>> something like this:
>> Dec  4 09:35:00 localhost nfcapd[13268]: Ident: 'MyRouter' Flows: 11763,
>> Packets: 930064, Bytes: 731126982, Sequence Errors: 0, Bad Packets: 0
>>
>> Sequence errors or bad packets will indicate something's wrong on the
>> network side.
>>
>> 2. your router has enough capacity (TCAM memory) to export all the flows
>> If you get errors in your router's log that TCAM memory is nearly
>> exhausted, then the router will stop producing flows for a while and you
>> get those drops at higher traffic.
>>
>>
>> On Thu, Dec 3, 2015 at 9:48 PM, Leandro  wrote:
>>
>>> Hi , guys.
>>> It is very strange but , my nfsen is showing a maximun traffic value of
>>> 1.2 gbps when the traffic showed on cacti is 2gbps(also meassured on the
>>> router).
>>> Traffic shape is ok , minimun values mathes on both tools.
>>> Any ideas about it ? Is there something to tune on fprobe, nfcapd or
>>> nfsen ?
>>>
>>> Regards,
>>> Leandro.
>>>
>>>
>>>
>>> --
>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>> Use one codebase in this all-in-one HTML5 development environment.
>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple
>>> OSs.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741911=/4140
>>> ___
>>> Nfsen-discuss mailing list
>>> Nfsen-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>
>>
>>
>>
>
--
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen is not showing the propper traffic value. (SOLVED)

2015-12-10 Thread Leandro 

Adrian:
B is :
-B Kernel capture buffer size [0]
In my opinion, it  means that fprobe will take:
B packets of S length before processing and sending as netflow data.
If it is ok , it is the packets queue length.
Also you have the "q" flag , witch in my opinion is the queue length for 
a traffic/data burst.



It would be great if someone can clarify this.
Regards,
Leo.



On 10/12/15 16:53, Adrian Popa wrote:
Glad to hear you sorted it out! What does -B stand for (I haven't used 
fprobe)? UDP buffer?


On Thu, Dec 10, 2015 at 4:32 PM, Leandro > wrote:


Adrian, finally I got it working properly.
Reading the man page for fprobe I founded the following:

 Reasonable configuration to run under heavy load:
 fprobe -fip -B4096 -r2 -q1 -t1:1000 localhost:2055

After applying the B , r and q parameters I got the complete
traffic shape.
Also at fprobe server , any performance parameter showed some
increment so I think it is working

Thanks for your advice.
Leandro.


On 05/12/15 04:28, Adrian Popa wrote:


Hmm, if the source machine doesn't have enough resources to
export the flows, you should see things like - a core being used
100% by fprobe or udp packets being dropped because of too small
buffers in the output of netstat -s (check on both source and
destination). You could use iptables to count packets leaving the
source vs packets arriving at the destination to rule out network
drops in between with something like
iptables -A OUTPUT -m udp --dport 9995 -j ACCEPT
iptables -A INPUT -m udp --dport 9995 -j ACCEPT
And check stats with
iptables -l -n -v

But it's difficult to troubleshoot...

On 4 Dec 2015 15:09, "Leandro" > wrote:

Adrian , thanks for your response.
About sampling ... Im not sure what is it but im running the
fprobe just with the line:

/usr/local/sbin/fprobe -i eth3 -fip -n7 172.24.3.12:9995


Which in a case o a traffic bellow than 1gbps works great.
In my case the message you are describing "Sequence errors or
bad packets"
Apears many times in the collector log file, so there is some
problem ,but;
How can I confirm if the problem is on the nfcapd or the
fprobe side ? Can I modify on  something on any side to
properly export more than 1.4Gbps ?
Both machine where they are running are very powerfull machines.

I can provide more info
Thanks in advance!!!
Leo.


On 04/12/15 04:37, Adrian Popa wrote:

If you're using sampling you should see differences between
netflow traffic and real traffic. If not, check that:

1. you're not losing UDP packets - if you lose packets you
should see something like this:
Dec  4 09:35:00 localhost nfcapd[13268]: Ident: 'MyRouter'
Flows: 11763, Packets: 930064, Bytes: 731126982, Sequence
Errors: 0, Bad Packets: 0

Sequence errors or bad packets will indicate something's
wrong on the network side.

2. your router has enough capacity (TCAM memory) to export
all the flows
If you get errors in your router's log that TCAM memory is
nearly exhausted, then the router will stop producing flows
for a while and you get those drops at higher traffic.


On Thu, Dec 3, 2015 at 9:48 PM, Leandro > wrote:

Hi , guys.
It is very strange but , my nfsen is showing a maximun
traffic value of
1.2 gbps when the traffic showed on cacti is 2gbps(also
meassured on the
router).
Traffic shape is ok , minimun values mathes on both tools.
Any ideas about it ? Is there something to tune on
fprobe, nfcapd or
nfsen ?

Regards,
Leandro.



--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with
Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development
environment.
Design, debug & build mobile apps & 2D/3D high-impact
games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911=/4140
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen is not showing the propper traffic value. (SOLVED)

2015-12-10 Thread Adrian Popa 
If it's in kilobytes it must be total buffer size (= packet_size *
number_of_packets). I had heard of similar problems but on the receiving
length - the UDP buffer size has to be big enough to accomodate lots of
incoming packets (in case the kernel has better things to do than process
them). An alternative solution might be to increase fprobe's priority with
nice so it gets more CPU time...

On Thu, Dec 10, 2015 at 10:46 PM, Leandro  wrote:

> Adrian:
> B is :
> -B Kernel capture buffer size [0]
> In my opinion, it  means that fprobe will take:
> B packets of S length before processing and sending as netflow data.
> If it is ok , it is the packets queue length.
> Also you have the "q" flag , witch in my opinion is the queue length for a
> traffic/data burst.
>
>
> It would be great if someone can clarify this.
> Regards,
> Leo.
>
>
>
>
> On 10/12/15 16:53, Adrian Popa wrote:
>
> Glad to hear you sorted it out! What does -B stand for (I haven't used
> fprobe)? UDP buffer?
>
> On Thu, Dec 10, 2015 at 4:32 PM, Leandro  wrote:
>
>> Adrian, finally I got it working properly.
>> Reading the man page for fprobe I founded the following:
>>
>> Reasonable configuration to run under heavy load:
>> fprobe -fip -B4096 -r2 -q1 -t1:1000 localhost:2055
>>
>> After applying the B , r and q parameters I got the complete traffic
>> shape.
>> Also at fprobe server , any performance parameter showed some increment
>> so I think it is working
>>
>> Thanks for your advice.
>> Leandro.
>>
>>
>> On 05/12/15 04:28, Adrian Popa wrote:
>>
>> Hmm, if the source machine doesn't have enough resources to export the
>> flows, you should see things like - a core being used 100% by fprobe or udp
>> packets being dropped because of too small buffers in the output of netstat
>> -s (check on both source and destination). You could use iptables to count
>> packets leaving the source vs packets arriving at the destination to rule
>> out network drops in between with something like
>> iptables -A OUTPUT -m udp --dport 9995 -j ACCEPT
>> iptables -A INPUT -m udp --dport 9995 -j ACCEPT
>> And check stats with
>> iptables -l -n -v
>>
>> But it's difficult to troubleshoot...
>> On 4 Dec 2015 15:09, "Leandro"  wrote:
>>
>>> Adrian , thanks for your response.
>>> About sampling ... Im not sure what is it but im running the fprobe just
>>> with the line:
>>>
>>> /usr/local/sbin/fprobe -i eth3 -fip -n7 172.24.3.12:9995
>>>
>>> Which in a case o a traffic bellow than 1gbps works great.
>>> In my case the message you are describing "Sequence errors or bad
>>> packets"
>>> Apears many times in the collector log file, so there is some problem
>>> ,but;
>>> How can I confirm if the problem is on the nfcapd or the fprobe side ?
>>> Can I modify on  something on any side to properly export more than 1.4Gbps
>>> ?
>>> Both machine where they are running are very powerfull machines.
>>>
>>> I can provide more info
>>> Thanks in advance!!!
>>> Leo.
>>>
>>>
>>> On 04/12/15 04:37, Adrian Popa wrote:
>>>
>>> If you're using sampling you should see differences between netflow
>>> traffic and real traffic. If not, check that:
>>>
>>> 1. you're not losing UDP packets - if you lose packets you should see
>>> something like this:
>>> Dec  4 09:35:00 localhost nfcapd[13268]: Ident: 'MyRouter' Flows: 11763,
>>> Packets: 930064, Bytes: 731126982, Sequence Errors: 0, Bad Packets: 0
>>>
>>> Sequence errors or bad packets will indicate something's wrong on the
>>> network side.
>>>
>>> 2. your router has enough capacity (TCAM memory) to export all the flows
>>> If you get errors in your router's log that TCAM memory is nearly
>>> exhausted, then the router will stop producing flows for a while and you
>>> get those drops at higher traffic.
>>>
>>>
>>> On Thu, Dec 3, 2015 at 9:48 PM, Leandro < 
>>> ingrog...@gmail.com> wrote:
>>>
 Hi , guys.
 It is very strange but , my nfsen is showing a maximun traffic value of
 1.2 gbps when the traffic showed on cacti is 2gbps(also meassured on the
 router).
 Traffic shape is ok , minimun values mathes on both tools.
 Any ideas about it ? Is there something to tune on fprobe, nfcapd or
 nfsen ?

 Regards,
 Leandro.



 --
 Go from Idea to Many App Stores Faster with Intel(R) XDK
 Give your users amazing mobile app experiences with Intel(R) XDK.
 Use one codebase in this all-in-one HTML5 development environment.
 Design, debug & build mobile apps & 2D/3D high-impact games for
 multiple OSs.
 http://pubads.g.doubleclick.net/gampad/clk?id=254741911=/4140
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

>>>
>>>
>>>
>>
>
>

Re: [Nfsen-discuss] Nfsen is not showing the propper traffic value. (SOLVED)

2015-12-10 Thread Leandro 

Adrian, finally I got it working properly.
Reading the man page for fprobe I founded the following:

Reasonable configuration to run under heavy load:
fprobe -fip -B4096 -r2 -q1 -t1:1000 localhost:2055

After applying the B , r and q parameters I got the complete traffic shape.
Also at fprobe server , any performance parameter showed some increment 
so I think it is working


Thanks for your advice.
Leandro.


On 05/12/15 04:28, Adrian Popa wrote:


Hmm, if the source machine doesn't have enough resources to export the 
flows, you should see things like - a core being used 100% by fprobe 
or udp packets being dropped because of too small buffers in the 
output of netstat -s (check on both source and destination). You could 
use iptables to count packets leaving the source vs packets arriving 
at the destination to rule out network drops in between with something 
like

iptables -A OUTPUT -m udp --dport 9995 -j ACCEPT
iptables -A INPUT -m udp --dport 9995 -j ACCEPT
And check stats with
iptables -l -n -v

But it's difficult to troubleshoot...

On 4 Dec 2015 15:09, "Leandro" > wrote:


Adrian , thanks for your response.
About sampling ... Im not sure what is it but im running the
fprobe just with the line:

/usr/local/sbin/fprobe -i eth3 -fip -n7 172.24.3.12:9995


Which in a case o a traffic bellow than 1gbps works great.
In my case the message you are describing "Sequence errors or bad
packets"
Apears many times in the collector log file, so there is some
problem ,but;
How can I confirm if the problem is on the nfcapd or the fprobe
side ? Can I modify on  something on any side to properly export
more than 1.4Gbps ?
Both machine where they are running are very powerfull machines.

I can provide more info
Thanks in advance!!!
Leo.


On 04/12/15 04:37, Adrian Popa wrote:

If you're using sampling you should see differences between
netflow traffic and real traffic. If not, check that:

1. you're not losing UDP packets - if you lose packets you should
see something like this:
Dec  4 09:35:00 localhost nfcapd[13268]: Ident: 'MyRouter' Flows:
11763, Packets: 930064, Bytes: 731126982, Sequence Errors: 0, Bad
Packets: 0

Sequence errors or bad packets will indicate something's wrong on
the network side.

2. your router has enough capacity (TCAM memory) to export all
the flows
If you get errors in your router's log that TCAM memory is nearly
exhausted, then the router will stop producing flows for a while
and you get those drops at higher traffic.


On Thu, Dec 3, 2015 at 9:48 PM, Leandro > wrote:

Hi , guys.
It is very strange but , my nfsen is showing a maximun
traffic value of
1.2 gbps when the traffic showed on cacti is 2gbps(also
meassured on the
router).
Traffic shape is ok , minimun values mathes on both tools.
Any ideas about it ? Is there something to tune on fprobe,
nfcapd or
nfsen ?

Regards,
Leandro.



--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development
environment.
Design, debug & build mobile apps & 2D/3D high-impact games
for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911=/4140
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/nfsen-discuss






--
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen is not showing the propper traffic value.

2015-12-04 Thread Leandro 

Adrian , thanks for your response.
About sampling ... Im not sure what is it but im running the fprobe just 
with the line:


/usr/local/sbin/fprobe -i eth3 -fip -n7 172.24.3.12:9995

Which in a case o a traffic bellow than 1gbps works great.
In my case the message you are describing "Sequence errors or bad packets"
Apears many times in the collector log file, so there is some problem ,but;
How can I confirm if the problem is on the nfcapd or the fprobe side ? 
Can I modify on  something on any side to properly export more than 
1.4Gbps ?

Both machine where they are running are very powerfull machines.

I can provide more info
Thanks in advance!!!
Leo.


On 04/12/15 04:37, Adrian Popa wrote:
If you're using sampling you should see differences between netflow 
traffic and real traffic. If not, check that:


1. you're not losing UDP packets - if you lose packets you should see 
something like this:
Dec  4 09:35:00 localhost nfcapd[13268]: Ident: 'MyRouter' Flows: 
11763, Packets: 930064, Bytes: 731126982, Sequence Errors: 0, Bad 
Packets: 0


Sequence errors or bad packets will indicate something's wrong on the 
network side.


2. your router has enough capacity (TCAM memory) to export all the flows
If you get errors in your router's log that TCAM memory is nearly 
exhausted, then the router will stop producing flows for a while and 
you get those drops at higher traffic.



On Thu, Dec 3, 2015 at 9:48 PM, Leandro > wrote:


Hi , guys.
It is very strange but , my nfsen is showing a maximun traffic
value of
1.2 gbps when the traffic showed on cacti is 2gbps(also meassured
on the
router).
Traffic shape is ok , minimun values mathes on both tools.
Any ideas about it ? Is there something to tune on fprobe, nfcapd or
nfsen ?

Regards,
Leandro.



--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for
multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911=/4140
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/nfsen-discuss




--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741911=/4140___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] [nfsen] request information about implementation of a plugin for Android

2015-10-18 Thread Peter Haag 
Ciao Michele,
If I understand you correct, you want to have something in order to look at 
NfSen on an Android device.
If so, this can not be achieved by simply writing a plugin. You would need to 
write an own frontend
compatible for Android, which accesses the normal NfSen backend. I would say, 
this is a lot of work.

Cheers

- Peter

On 13.10.15 11:16, Michele Lasaponara wrote:
> Hello nfsen users, I want some informations about the possibility to 
> implement a
> nfsen's plugin(already existing) for Android for thesis project in a
> Italian University. Is it achievable? I want to know from  that point to
> start and if there are some shrewdness to take. Thanks for your time
> spent.Regards. Michele.
> 
> 
> 
> --
> 
> 
> 
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
> 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

--
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] [nfsen] request information about implementation of a plugin for Android

2015-10-14 Thread Adrian Popa 
You can always create a custom Android App that emulates the web interface
(and makes the same requests for the backend information). Running the
server on android is overkill.

On Tue, Oct 13, 2015 at 6:59 PM, Michele Lasaponara 
wrote:

> I'm understanding the structure of nfsen connected with nfdump, but I'm
> starting a thesis for create an application mobile in Android for Network
> Administrator of Università di Bari. Perhaps, I choose another strategy to
> solve the problem. Regards .
>
> 2015-10-13 14:06 GMT+02:00 Adrian Popa :
>
>> Nfsen plugins are implemented in perl (backend plugins) and run on the
>> nfsen server.
>>
>> Do you want to run the nfsen server on android? It is doable, if you run
>> a linux chroot on android, but... it would mean receiving flows (possibly
>> tens of Mbps) on an android (embedded) device. What would be the benefit of
>> this?
>>
>> On Tue, Oct 13, 2015 at 12:16 PM, Michele Lasaponara <
>> mikele@gmail.com> wrote:
>>
>>> Hello nfsen users, I want some informations about the possibility to 
>>> implement a
>>> nfsen's plugin(already existing) for Android for thesis project in a
>>> Italian University. Is it achievable? I want to know from  that point to
>>> start and if there are some shrewdness to take. Thanks for your time 
>>> spent.Regards. Michele.
>>>
>>>
>>>
>>> --
>>>
>>> ___
>>> Nfsen-discuss mailing list
>>> Nfsen-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>
>>>
>>
>
--
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] [nfsen] request information about implementation of a plugin for Android

2015-10-13 Thread Adrian Popa 
Nfsen plugins are implemented in perl (backend plugins) and run on the
nfsen server.

Do you want to run the nfsen server on android? It is doable, if you run a
linux chroot on android, but... it would mean receiving flows (possibly
tens of Mbps) on an android (embedded) device. What would be the benefit of
this?

On Tue, Oct 13, 2015 at 12:16 PM, Michele Lasaponara 
wrote:

> Hello nfsen users, I want some informations about the possibility to 
> implement a
> nfsen's plugin(already existing) for Android for thesis project in a
> Italian University. Is it achievable? I want to know from  that point to
> start and if there are some shrewdness to take. Thanks for your time 
> spent.Regards. Michele.
>
>
>
> --
>
> ___
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
--
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen (nfcapd) don`t accept netflow data from sources on nol-local subnet

2015-08-24 Thread Roman Mavrichev 
Another workaround, what I found - make remote NetFlow sources routable. I
dont know why, but disabling RP_filter has no effect on NFCAPD.
Thx Adrian for this.

2015-08-21 19:05 GMT+03:00 Roman Mavrichev roman.mavric...@gmail.com:

 NFCAPD is listening for all configured sources, but don`t write any data.
 I make reconfiguration about 2 hours ago. :

 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/SPB-c3945-PE1/2015/08/21/nfcapd.201508211850
 Date first seen  Duration Proto  Src IP Addr:Port  Dst
 IP Addr:Port   PacketsBytes Flows
 No matched flows
 root@msk-nms-1:/home/rmavrichev#
 root@msk-nms-1:/home/rmavrichev#
 root@msk-nms-1:/home/rmavrichev# netstat -ap | grep nfcapd
 udp0  0 *:9996  *:*
   1310/nfcapd
 udp0  0 *:9997  *:*
   1353/nfcapd
 udp0  0 *:9998  *:*
   1261/nfcapd
 unix  2  [ ] DGRAM108571310/nfcapd

 unix  2  [ ] DGRAM108931353/nfcapd

 unix  2  [ ] DGRAM100951261/nfcapd

 root@msk-nms-1:/home/rmavrichev#

 2015-08-21 16:55 GMT+03:00 Adrian Popa adrian.popa...@gmail.com:

 Then check that NFCAPD processes are listening on ports 9996 and 9997,
 and also, if you've recently reconfigured your netflow sources you need to
 wait a bit for them to send a template packet to describe the data format
 they are sending. I found this can take up to 30 minutes sometimes...

 On Fri, Aug 21, 2015 at 3:47 PM, Roman Mavrichev 
 roman.mavric...@gmail.com wrote:

 I tryed to disable rp_filter on interface, that recives flow`s, and
 again use non-local ip as source, but without success.

 I can see recieved traffic:
 root@msk-nms-1:/home/rmavrichev# tcpdump -i eth0.152  udp port 9996 or
 9997 or 9998
 tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
 listening on eth0.152, link-type EN10MB (Ethernet), capture size 65535
 bytes
 15:39:19.065175 IP 10.78.19.1.57893  10.77.27.12.9996: UDP, length 1416
 15:39:20.077726 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
 15:39:22.077653 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
 15:39:22.657511 IP 10.77.19.3.4  10.77.27.12.9998: UDP, length 1316
 15:39:23.077736 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416

 rp_filter for eth0/152 is disabled:
 root@msk-nms-1:/home/rmavrichev# sysctl -a | grep 152.rp_filter
 net.ipv4.conf.eth0/152.rp_filter = 0

 But nfcapd write emty files after reconfiguration:
 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211525
 Date first seen  Duration Proto  Src IP Addr:Port
  Dst IP Addr:Port   PacketsBytes Flows
 No matched flows

 Before reconfiguration, all was ok:
 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211500
 | tail -n 10
 2015-08-21 15:04:41.752 0.000 TCP 109.232.108.94:65083 -
 5.45.249.59:443  1   40 1
 2015-08-21 15:04:41.920 0.000 TCP 109.232.108.94:65086 -
 87.250.247.193:443  1   40 1
 2015-08-21 15:04:41.944 0.000 TCP 109.232.108.94:65085 -
 87.250.247.193:443  1   40 1
 2015-08-21 15:04:50.476 5.008 TCP   185.3.142.64:80-
 109.232.108.94:51590   1719040 1
 2015-08-21 15:04:50.476 5.036 TCP   185.3.142.64:80-
 109.232.108.94:51591   3545774 1
 2015-08-21 15:04:50.476 5.424 TCP   185.3.142.64:80-
 109.232.108.94:51593  105   149712 1
 Summary: total flows: 11241, total bytes: 75457199, total packets:
 121691, avg bps: 1692074, avg pps: 341, avg bpp: 620
 Time window: 2015-08-21 14:58:59 - 2015-08-21 15:04:55
 Total flows processed: 11241, Blocks skipped: 0, Bytes read: 719528
 Sys: 0.083s flows/second: 135410.9   Wall: 0.081s flows/second: 137120.5




 2015-08-21 14:03 GMT+03:00 Adrian Popa adrian.popa...@gmail.com:

 If your server doesn't have routes in the routing table back to the
 subnets of the source ips, then most likely the packets are dropped by
 Linux's rp_filter protection mechanism. You can disable rp_filter on all
 interfaces and see if there are any differences.

 On Fri, Aug 21, 2015 at 11:37 AM, Roman Mavrichev 
 roman.mavric...@gmail.com wrote:

 The are workaround exists - for example, I set up on my routers /32
 adresses on Loopback`s from same subnet, where nfsen located, as source 
 for
 netflow traffic.




 --

 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss






--
___
Nfsen-discuss

Re: [Nfsen-discuss] Nfsen (nfcapd) don`t accept netflow data from sources on nol-local subnet

2015-08-24 Thread Adrian Popa 
Might be some other protection that can be disabled through proc... But
adding null routes should do the trick...

On Mon, Aug 24, 2015 at 11:17 AM, Roman Mavrichev roman.mavric...@gmail.com
 wrote:

 Another workaround, what I found - make remote NetFlow sources routable. I
 dont know why, but disabling RP_filter has no effect on NFCAPD.
 Thx Adrian for this.

 2015-08-21 19:05 GMT+03:00 Roman Mavrichev roman.mavric...@gmail.com:

 NFCAPD is listening for all configured sources, but don`t write any data.
 I make reconfiguration about 2 hours ago. :

 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/SPB-c3945-PE1/2015/08/21/nfcapd.201508211850
 Date first seen  Duration Proto  Src IP Addr:Port
  Dst IP Addr:Port   PacketsBytes Flows
 No matched flows
 root@msk-nms-1:/home/rmavrichev#
 root@msk-nms-1:/home/rmavrichev#
 root@msk-nms-1:/home/rmavrichev# netstat -ap | grep nfcapd
 udp0  0 *:9996  *:*
   1310/nfcapd
 udp0  0 *:9997  *:*
   1353/nfcapd
 udp0  0 *:9998  *:*
   1261/nfcapd
 unix  2  [ ] DGRAM108571310/nfcapd

 unix  2  [ ] DGRAM108931353/nfcapd

 unix  2  [ ] DGRAM100951261/nfcapd

 root@msk-nms-1:/home/rmavrichev#

 2015-08-21 16:55 GMT+03:00 Adrian Popa adrian.popa...@gmail.com:

 Then check that NFCAPD processes are listening on ports 9996 and 9997,
 and also, if you've recently reconfigured your netflow sources you need to
 wait a bit for them to send a template packet to describe the data format
 they are sending. I found this can take up to 30 minutes sometimes...

 On Fri, Aug 21, 2015 at 3:47 PM, Roman Mavrichev 
 roman.mavric...@gmail.com wrote:

 I tryed to disable rp_filter on interface, that recives flow`s, and
 again use non-local ip as source, but without success.

 I can see recieved traffic:
 root@msk-nms-1:/home/rmavrichev# tcpdump -i eth0.152  udp port 9996 or
 9997 or 9998
 tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
 listening on eth0.152, link-type EN10MB (Ethernet), capture size 65535
 bytes
 15:39:19.065175 IP 10.78.19.1.57893  10.77.27.12.9996: UDP, length 1416
 15:39:20.077726 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
 15:39:22.077653 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
 15:39:22.657511 IP 10.77.19.3.4  10.77.27.12.9998: UDP, length 1316
 15:39:23.077736 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416

 rp_filter for eth0/152 is disabled:
 root@msk-nms-1:/home/rmavrichev# sysctl -a | grep 152.rp_filter
 net.ipv4.conf.eth0/152.rp_filter = 0

 But nfcapd write emty files after reconfiguration:
 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211525
 Date first seen  Duration Proto  Src IP Addr:Port
  Dst IP Addr:Port   PacketsBytes Flows
 No matched flows

 Before reconfiguration, all was ok:
 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211500
 | tail -n 10
 2015-08-21 15:04:41.752 0.000 TCP 109.232.108.94:65083 -
 5.45.249.59:443  1   40 1
 2015-08-21 15:04:41.920 0.000 TCP 109.232.108.94:65086 -
 87.250.247.193:443  1   40 1
 2015-08-21 15:04:41.944 0.000 TCP 109.232.108.94:65085 -
 87.250.247.193:443  1   40 1
 2015-08-21 15:04:50.476 5.008 TCP   185.3.142.64:80-
 109.232.108.94:51590   1719040 1
 2015-08-21 15:04:50.476 5.036 TCP   185.3.142.64:80-
 109.232.108.94:51591   3545774 1
 2015-08-21 15:04:50.476 5.424 TCP   185.3.142.64:80-
 109.232.108.94:51593  105   149712 1
 Summary: total flows: 11241, total bytes: 75457199, total packets:
 121691, avg bps: 1692074, avg pps: 341, avg bpp: 620
 Time window: 2015-08-21 14:58:59 - 2015-08-21 15:04:55
 Total flows processed: 11241, Blocks skipped: 0, Bytes read: 719528
 Sys: 0.083s flows/second: 135410.9   Wall: 0.081s flows/second: 137120.5




 2015-08-21 14:03 GMT+03:00 Adrian Popa adrian.popa...@gmail.com:

 If your server doesn't have routes in the routing table back to the
 subnets of the source ips, then most likely the packets are dropped by
 Linux's rp_filter protection mechanism. You can disable rp_filter on all
 interfaces and see if there are any differences.

 On Fri, Aug 21, 2015 at 11:37 AM, Roman Mavrichev 
 roman.mavric...@gmail.com wrote:

 The are workaround exists - for example, I set up on my routers /32
 adresses on Loopback`s from same subnet, where nfsen located, as source 
 for
 netflow traffic.




 --

 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net

Re: [Nfsen-discuss] Nfsen (nfcapd) don`t accept netflow data from sources on nol-local subnet

2015-08-21 Thread Adrian Popa 
Then check that NFCAPD processes are listening on ports 9996 and 9997, and
also, if you've recently reconfigured your netflow sources you need to wait
a bit for them to send a template packet to describe the data format they
are sending. I found this can take up to 30 minutes sometimes...

On Fri, Aug 21, 2015 at 3:47 PM, Roman Mavrichev roman.mavric...@gmail.com
wrote:

 I tryed to disable rp_filter on interface, that recives flow`s, and again
 use non-local ip as source, but without success.

 I can see recieved traffic:
 root@msk-nms-1:/home/rmavrichev# tcpdump -i eth0.152  udp port 9996 or
 9997 or 9998
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 listening on eth0.152, link-type EN10MB (Ethernet), capture size 65535
 bytes
 15:39:19.065175 IP 10.78.19.1.57893  10.77.27.12.9996: UDP, length 1416
 15:39:20.077726 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
 15:39:22.077653 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
 15:39:22.657511 IP 10.77.19.3.4  10.77.27.12.9998: UDP, length 1316
 15:39:23.077736 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416

 rp_filter for eth0/152 is disabled:
 root@msk-nms-1:/home/rmavrichev# sysctl -a | grep 152.rp_filter
 net.ipv4.conf.eth0/152.rp_filter = 0

 But nfcapd write emty files after reconfiguration:
 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211525
 Date first seen  Duration Proto  Src IP Addr:Port  Dst
 IP Addr:Port   PacketsBytes Flows
 No matched flows

 Before reconfiguration, all was ok:
 root@msk-nms-1:/home/rmavrichev# nfdump -r
 /srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211500
 | tail -n 10
 2015-08-21 15:04:41.752 0.000 TCP 109.232.108.94:65083 -
 5.45.249.59:443  1   40 1
 2015-08-21 15:04:41.920 0.000 TCP 109.232.108.94:65086 -
 87.250.247.193:443  1   40 1
 2015-08-21 15:04:41.944 0.000 TCP 109.232.108.94:65085 -
 87.250.247.193:443  1   40 1
 2015-08-21 15:04:50.476 5.008 TCP   185.3.142.64:80-
 109.232.108.94:51590   1719040 1
 2015-08-21 15:04:50.476 5.036 TCP   185.3.142.64:80-
 109.232.108.94:51591   3545774 1
 2015-08-21 15:04:50.476 5.424 TCP   185.3.142.64:80-
 109.232.108.94:51593  105   149712 1
 Summary: total flows: 11241, total bytes: 75457199, total packets: 121691,
 avg bps: 1692074, avg pps: 341, avg bpp: 620
 Time window: 2015-08-21 14:58:59 - 2015-08-21 15:04:55
 Total flows processed: 11241, Blocks skipped: 0, Bytes read: 719528
 Sys: 0.083s flows/second: 135410.9   Wall: 0.081s flows/second: 137120.5




 2015-08-21 14:03 GMT+03:00 Adrian Popa adrian.popa...@gmail.com:

 If your server doesn't have routes in the routing table back to the
 subnets of the source ips, then most likely the packets are dropped by
 Linux's rp_filter protection mechanism. You can disable rp_filter on all
 interfaces and see if there are any differences.

 On Fri, Aug 21, 2015 at 11:37 AM, Roman Mavrichev 
 roman.mavric...@gmail.com wrote:

 The are workaround exists - for example, I set up on my routers /32
 adresses on Loopback`s from same subnet, where nfsen located, as source for
 netflow traffic.




 --

 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss




--
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen (nfcapd) don`t accept netflow data from sources on nol-local subnet

2015-08-21 Thread Roman Mavrichev 
I tryed to disable rp_filter on interface, that recives flow`s, and again
use non-local ip as source, but without success.

I can see recieved traffic:
root@msk-nms-1:/home/rmavrichev# tcpdump -i eth0.152  udp port 9996 or 9997
or 9998
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.152, link-type EN10MB (Ethernet), capture size 65535 bytes
15:39:19.065175 IP 10.78.19.1.57893  10.77.27.12.9996: UDP, length 1416
15:39:20.077726 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
15:39:22.077653 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416
15:39:22.657511 IP 10.77.19.3.4  10.77.27.12.9998: UDP, length 1316
15:39:23.077736 IP 10.77.19.1.61026  10.77.27.12.9997: UDP, length 1416

rp_filter for eth0/152 is disabled:
root@msk-nms-1:/home/rmavrichev# sysctl -a | grep 152.rp_filter
net.ipv4.conf.eth0/152.rp_filter = 0

But nfcapd write emty files after reconfiguration:
root@msk-nms-1:/home/rmavrichev# nfdump -r
/srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211525
Date first seen  Duration Proto  Src IP Addr:Port  Dst
IP Addr:Port   PacketsBytes Flows
No matched flows

Before reconfiguration, all was ok:
root@msk-nms-1:/home/rmavrichev# nfdump -r
/srv/nfsen/profiles-data/live/MSK-c3945-PE1/2015/08/21/nfcapd.201508211500
| tail -n 10
2015-08-21 15:04:41.752 0.000 TCP 109.232.108.94:65083 -
5.45.249.59:443  1   40 1
2015-08-21 15:04:41.920 0.000 TCP 109.232.108.94:65086 -
87.250.247.193:443  1   40 1
2015-08-21 15:04:41.944 0.000 TCP 109.232.108.94:65085 -
87.250.247.193:443  1   40 1
2015-08-21 15:04:50.476 5.008 TCP   185.3.142.64:80-
109.232.108.94:51590   1719040 1
2015-08-21 15:04:50.476 5.036 TCP   185.3.142.64:80-
109.232.108.94:51591   3545774 1
2015-08-21 15:04:50.476 5.424 TCP   185.3.142.64:80-
109.232.108.94:51593  105   149712 1
Summary: total flows: 11241, total bytes: 75457199, total packets: 121691,
avg bps: 1692074, avg pps: 341, avg bpp: 620
Time window: 2015-08-21 14:58:59 - 2015-08-21 15:04:55
Total flows processed: 11241, Blocks skipped: 0, Bytes read: 719528
Sys: 0.083s flows/second: 135410.9   Wall: 0.081s flows/second: 137120.5




2015-08-21 14:03 GMT+03:00 Adrian Popa adrian.popa...@gmail.com:

 If your server doesn't have routes in the routing table back to the
 subnets of the source ips, then most likely the packets are dropped by
 Linux's rp_filter protection mechanism. You can disable rp_filter on all
 interfaces and see if there are any differences.

 On Fri, Aug 21, 2015 at 11:37 AM, Roman Mavrichev 
 roman.mavric...@gmail.com wrote:

 The are workaround exists - for example, I set up on my routers /32
 adresses on Loopback`s from same subnet, where nfsen located, as source for
 netflow traffic.




 --

 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



--
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen e-mail alerts with sendmail / localhost

2015-05-05 Thread Sean 
Nothing, outside of the my direct tests with sendmail via the command line - 
`sendmail g...@mail.com  email.txt`, etc. nfsen doesn’t seem to be hitting 
sendmail at all. 

From:  Adrian Popa
Date:  Monday, May 4, 2015 at 11:03 PM
To:  Sean
Cc:  NFSen-Discuss
Subject:  Re: [Nfsen-discuss] nfsen e-mail alerts with sendmail / localhost

What does /var/log/maillog have to say?

On Tue, May 5, 2015 at 1:08 AM, Sean spedersen.li...@gmail.com wrote:
Hi all,

I’m at my wit’s end. Previously, nfsen was set up to use an external SMTP relay 
(Postfix) and it worked fine. I installed sendmail locally, tested and 
confirmed that it was functional, then switched over the $SMTP_SERVER to 
‘localhost’. Once the change was made, nfsen could no longer send e-mails. 

Ex.

$MAIL_FROM = ‘r...@host.example.com’;
$SMTP_SERVER = ‘localhost’;

I’ve tried multiple variations of the hostname, domain name, even replacing 
localhost with the FQDN of the host itself.

sendmail is set up to allow connections from the local machine by default:

Connect:localhost RELAY
GreetPause:localhost 0
ClientRate:localhost 0
ClientConn:localhost 0
Connect:127 RELAY
GreetPause:127 0
ClientRate:127 0
ClientConn:127 0

/etc/hosts should be correct:

127.0.0.1 localhost
127.0.1.1 example.com host

I get an extremely generic failure message via /var/log/syslog:

May  4 14:45:18 flowtool nfsen[799]: Alert 'test_alert' condition == true, 
condition counter: 1
May  4 14:45:18 flowtool nfsen[799]: Alert 'test_alert' execute action
May  4 14:45:18 flowtool nfsen[799]: alert 'test_alert' Send email to: 
t...@example.com
May  4 14:45:19 flowtool nfsen[799]: alert 'test_alert' : Failed to send alert 
email to: t...@example.com
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Status: 5.
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Blocks: 0.
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Info  : .
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' done.

Looking at my sendmail logs, nfsen (and by extension, nfAlert.pm) is not even 
hitting sendmail. It’s failing somewhere else, but I can’t get any detailed 
logs to help me along. I tried to redirect STDOUT in nfAlert.pm, but no output 
was generated. I know outbound e-mail works since it’s fine with the external 
postfix box. I must be missing something stupid, but I can’t find anything to 
help me along in the mailing list archives or in general via Google.

I was hoping someone here might have some past experience with nfsen and 
sendmail that would be willing to give me a hint.

Thanks!


--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen e-mail alerts with sendmail / localhost

2015-05-05 Thread Adrian Popa 
What does /var/log/maillog have to say?

On Tue, May 5, 2015 at 1:08 AM, Sean spedersen.li...@gmail.com wrote:

 Hi all,

 I’m at my wit’s end. Previously, nfsen was set up to use an external SMTP
 relay (Postfix) and it worked fine. I installed sendmail locally, tested
 and confirmed that it was functional, then switched over the $SMTP_SERVER
 to ‘localhost’. Once the change was made, nfsen could no longer send
 e-mails.

 Ex.

 $MAIL_FROM = ‘r...@host.example.com’;
 $SMTP_SERVER = ‘localhost’;


 I’ve tried multiple variations of the hostname, domain name, even
 replacing localhost with the FQDN of the host itself.

 sendmail is set up to allow connections from the local machine by default:

 Connect:localhost RELAY
 GreetPause:localhost 0
 ClientRate:localhost 0
 ClientConn:localhost 0

 Connect:127 RELAY
 GreetPause:127 0
 ClientRate:127 0
 ClientConn:127 0


 /etc/hosts should be correct:

 127.0.0.1 localhost
 127.0.1.1 example.com host


 I get an extremely generic failure message via /var/log/syslog:

 May  4 14:45:18 flowtool nfsen[799]: Alert 'test_alert' condition == true,
 condition counter: 1
 May  4 14:45:18 flowtool nfsen[799]: Alert 'test_alert' execute action
 May  4 14:45:18 flowtool nfsen[799]: alert 'test_alert' Send email to:
 t...@example.com
 May  4 14:45:19 flowtool nfsen[799]: alert 'test_alert' : Failed to send
 alert email to: t...@example.com
 May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Status: 5.
 May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Blocks: 0.
 May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Info  : .
 May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' done.


 Looking at my sendmail logs, nfsen (and by extension, nfAlert.pm) is not
 even hitting sendmail. It’s failing somewhere else, but I can’t get any
 detailed logs to help me along. I tried to redirect STDOUT in nfAlert.pm,
 but no output was generated. I know outbound e-mail works since it’s fine
 with the external postfix box. I must be missing something stupid, but I
 can’t find anything to help me along in the mailing list archives or in
 general via Google.

 I was hoping someone here might have some past experience with nfsen and
 sendmail that would be willing to give me a hint.

 Thanks!



 --
 One dashboard for servers and applications across Physical-Virtual-Cloud
 Widest out-of-the-box monitoring support with 50+ applications
 Performance metrics, stats and reports that give you Actionable Insights
 Deep dive visibility with transaction tracing using APM Insight.
 http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen e-mail alerts with sendmail / localhost

2015-05-05 Thread Sean 
I kept plugging away and slowly but surely realized that nfsen needs a full 
stop/start in order to re-read the configuration file changes. (FYI – an nfsen 
reconfig doesn’t work) 

So…there you have it.

dunce.jpg

From:  Adrian Popa
Date:  Monday, May 4, 2015 at 11:03 PM
To:  Sean
Cc:  NFSen-Discuss
Subject:  Re: [Nfsen-discuss] nfsen e-mail alerts with sendmail / localhost

What does /var/log/maillog have to say?

On Tue, May 5, 2015 at 1:08 AM, Sean spedersen.li...@gmail.com wrote:
Hi all,

I’m at my wit’s end. Previously, nfsen was set up to use an external SMTP relay 
(Postfix) and it worked fine. I installed sendmail locally, tested and 
confirmed that it was functional, then switched over the $SMTP_SERVER to 
‘localhost’. Once the change was made, nfsen could no longer send e-mails. 

Ex.

$MAIL_FROM = ‘r...@host.example.com’;
$SMTP_SERVER = ‘localhost’;

I’ve tried multiple variations of the hostname, domain name, even replacing 
localhost with the FQDN of the host itself.

sendmail is set up to allow connections from the local machine by default:

Connect:localhost RELAY
GreetPause:localhost 0
ClientRate:localhost 0
ClientConn:localhost 0
Connect:127 RELAY
GreetPause:127 0
ClientRate:127 0
ClientConn:127 0

/etc/hosts should be correct:

127.0.0.1 localhost
127.0.1.1 example.com host

I get an extremely generic failure message via /var/log/syslog:

May  4 14:45:18 flowtool nfsen[799]: Alert 'test_alert' condition == true, 
condition counter: 1
May  4 14:45:18 flowtool nfsen[799]: Alert 'test_alert' execute action
May  4 14:45:18 flowtool nfsen[799]: alert 'test_alert' Send email to: 
t...@example.com
May  4 14:45:19 flowtool nfsen[799]: alert 'test_alert' : Failed to send alert 
email to: t...@example.com
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Status: 5.
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Blocks: 0.
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' Info  : .
May  4 14:45:19 flowtool nfsen[799]: Alert 'test_alert' done.

Looking at my sendmail logs, nfsen (and by extension, nfAlert.pm) is not even 
hitting sendmail. It’s failing somewhere else, but I can’t get any detailed 
logs to help me along. I tried to redirect STDOUT in nfAlert.pm, but no output 
was generated. I know outbound e-mail works since it’s fine with the external 
postfix box. I must be missing something stupid, but I can’t find anything to 
help me along in the mailing list archives or in general via Google.

I was hoping someone here might have some past experience with nfsen and 
sendmail that would be willing to give me a hint.

Thanks!


--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



--
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen | Permission Denied

2015-04-03 Thread Adrian Popa 
Check for selinux and the permissions of the nfsen socket (I don't remember
where it's saved, but should be under /home/netflow/var/run/nfsen.comm). If
selinux is diabled (or permissive), permissions should look like this:

srw-rw 1 netflow apache 0 Mar 16 08:58 nfsen.comm


On Fri, Apr 3, 2015 at 7:28 AM, Laurent Dumont ad...@coldnorthadmin.com
wrote:

  Hi gents,

 I'm running into the dreaded error :
 ERROR: nfsend connect() error: Permission denied!  ERROR: nfsend -
 connection failed!!  ERROR: Can not initialize globals!

 Here is the environnement  - Centos 6.6

 #Should allow read/write for both the 'netflow' user and anyone in the
 'apache' group.
 srw-rw 1 netflow apache 0 Apr  3 00:12 /home/netflow/var/run/nfsen.comm

 #The netflow user is in the Apache group
 apache:x:48:sylvain,netflow

 #The Nfsen process user is corretly set as netflow.
 $USER= netflow;

 #The web process is run under the 'apache' user
 $WWWUSER  = apache;
 $WWWGROUP = apache;


 netflow  28372  0.1  1.1 117648 22940 ?Ss   00:12   0:00
 /usr/bin/perl -w /home/netflow/bin/nfsend
 netflow  28373  0.0  0.7 114688 15388 ?Ss   00:12   0:00
 /home/netflow/bin/nfsend-comm

 I remember solving that puzzle a while back but it's escaping me right
 now..




 --
 Dive into the World of Parallel Programming The Go Parallel Website,
 sponsored
 by Intel and developed in partnership with Slashdot Media, is your hub for
 all
 things parallel software development, from weekly thought leadership blogs
 to
 news, videos, case studies, tutorials and more. Take a look and join the
 conversation now. http://goparallel.sourceforge.net/
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen-discuss Digest, Vol 103, Issue 6

2015-01-27 Thread ein 
On Jan 26, 2015, at 4:38 PM, Tom Sutherland wrote:
 All seems to be well in general, but seeing very large traffic (bps) spikes 
 that exceed the interface capacity.  The spikes do not appear to be real 
 traffic and exceed the physical capacity of the interfaces.
 Check your flow lifetime configuration. It should be shorter than the nfsen 
 processing interval, which is 5 minutes. Otherwise, a flow lasting for 
 several intervals will be reported when it expires, and often all the data 
 gets accounted as belonging to the last time slot.
300s, that's correct. I've found out that my drafts behave correctly if
I set timeout interval for active flows to 90s.


Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords  protects your account.
Check it out at http://mysecurelogon.com/manager



--
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen on mobile devices (Android)

2015-01-07 Thread Adrian Popa 
About the format save button: as far as I know there is some session cache
issue - if you visit the page from a different browser it should show you
the format.

On Tue, Jan 6, 2015 at 10:32 PM, Piotr Kmietowicz kmie...@wp.pl wrote:

 Hello all,

 Something went wrong when sending the previous mail and the text has gone.
 I hope that now it will show up :)

 I have been using nfsen (1.3.7) for about a week, and yesterday I also
 tried to use it on android (4.4.2) with chrome browser (with javascript
 enabled). When in single timeslot mode, i can tap on the time axis and the
 marker moves to that place, however in time window mode it is not possible
 to move the markers. To solve this problem, i have added additional buttons
 below the graph (see screenshot) to details.php file. Single arrow button
 moves the corresponding marker by 5 minutes, and double
 arrow button, by 30 minutes.
 I have also noticed an interesting issue with the output format save
 button. It doesn't work on PC neither in firefox, chrome or IE. It only
 asks for a name, but the format isn't saved. On android however, it works
 as expected. Does anyone know how to make it work on a PC?


 Happy New Year to all!
 Piotr Kmietowicz


 --
 Dive into the World of Parallel Programming! The Go Parallel Website,
 sponsored by Intel and developed in partnership with Slashdot Media, is
 your
 hub for all things parallel software development, from weekly thought
 leadership blogs to news, videos, case studies, tutorials and more. Take a
 look and join the conversation now. http://goparallel.sourceforge.net
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen on mobile devices (Android)

2015-01-07 Thread Piotr Kmietowicz 
I tried using 3 different browsers (Chrome, Firefox and IE) and the result was 
always the same, also after cleaning the cache. I have noticed, that the custom 
format isn't even saved in /data/nfsen/var/fmt directory when using browser on 
PC. When saving the format using Chrome on Android, it shows up in that 
directory and is also visible in the output format list. Interestingly, it is 
then also visible on that list in PC browser.
Does anyone have similar issues with saving custom output format?
By the way, i am using custom output format also for passing additional command 
line arguments to nfdump (like '-t' or '-O').

Piotr

Dnia Środa, 7 Stycznia 2015 12:22 Adrian Popa adrian.popa...@gmail.com 
napisał(a)
 About the format save button: as far as I know there is some session cache 
 issue - if you visit the page from a different browser it should show you the 
 format.
 On Tue, Jan 6, 2015 at 10:32 PM, Piotr Kmietowicz kmie...@wp.pl wrote:
  Hello all,
   
   Something went wrong when sending the previous mail and the text has gone. 
  I hope that now it will show up :)
   
   I have been using nfsen (1.3.7) for about a week, and yesterday I also 
  tried to use it on android (4.4.2) with chrome browser (with javascript 
  enabled). When in single timeslot mode, i can tap on the time axis and the 
  marker moves to that place, however in time window mode it is not possible 
  to move the markers. To solve this problem, i have added additional buttons 
  below the graph (see screenshot) to details.php file. Single arrow button 
  moves the corresponding marker by 5 minutes, and 
double
   arrow button, by 30 minutes.
   I have also noticed an interesting issue with the output format save 
  button. It doesn't work on PC neither in firefox, chrome or IE. It only 
  asks for a name, but the format isn't saved. On android however, it works 
  as expected. Does anyone know how to make it work on a PC?
   
   
   Happy New Year to all!
   Piotr Kmietowicz
   
  --
   Dive into the World of Parallel Programming! The Go Parallel Website,
   sponsored by Intel and developed in partnership with Slashdot Media, is 
  your
   hub for all things parallel software development, from weekly thought
   leadership blogs to news, videos, case studies, tutorials and more. Take a
   look and join the conversation now. http://goparallel.sourceforge.net
  ___
   Nfsen-discuss mailing list
   Nfsen-discuss@lists.sourceforge.net
   https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
 


 




--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen install error

2014-11-20 Thread Duddilla, Srikanth 
I ran into another issue when tried to start nfsen.

First attempt
#pwd
#/usr/src/nfsen-1.3.6p1
-bash: /usr/bin/nfsen: %%PERL%%: bad interpreter: No such file or directory

Second attempt
At this point For testing I hardcoded the first line nfsen script with 
following line instead of (#!%%PERL%% -w). I also copied libexec directory to 
/usr/local/share/perl5
#!/usr/bin/perl -w
Now it gave me this error.
Can't locate NfConf.pm in @INC (@INC contains: %%LIBEXECDIR%% 
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl 
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./nfsen 
line 55.
BEGIN failed--compilation aborted at ./nfsen line 55.

I appreciate your help.

From: Duddilla, Srikanth
Sent: Wednesday, November 19, 2014 8:07 PM
To: 'nfsen-discuss@lists.sourceforge.net'
Subject: RE: nfsen install error

Thank You Miguel and Ivan. Your suggestion to change color in nfsen.conf file 
worked with GenGraph Error.
Finished install process.




This communication is the property of CenturyLink and may contain confidential 
or privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful. If you have received this communication in 
error, please immediately notify the sender by reply e-mail and destroy all 
copies of the communication and any attachments.
--
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration  more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751iu=/4140/ostg.clktrk___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen install error

2014-11-19 Thread Miguel Ángel 

Hi everyone,

As Ivan said you need to assign a value to the color parameter. Try to 
change the following lines:


%sources = (

'upstream1'= { 'port' = '9995', 'col' = '#ff', 'type' = 
'netflow' },


*'peer1'= { 'port' = '9996', 'IP' = '172.16.17.18' },***

**

*'peer2'= { 'port' = '9996', 'IP' = '172.16.17.19' },*

'Linux-Host-eth1'   = { 'port' = '23456', 'col' = '#ff', 
'type' = 'netflow' },


);

by:

%sources = (

'upstream1'= { 'port' = '9995', 'col' = '#ff', 'type' = 
'netflow' },


*'peer1'= { 'port' = '9996', 'IP' = '172.16.17.18', 'col' = 
'#ff', 'type' = 'netflow' },***


**

*'peer2'= { 'port' = '9996', 'IP' = '172.16.17.19', 'col' 
= '#00', 'type' = 'netflow' },*


'Linux-Host-eth1'   = { 'port' = '23456', 'col' = '#ff', 
'type' = 'netflow' },


);

On 11/19/2014 07:40 AM, Иван Стрельников wrote:

Hello!
i think, that you didn't use the col parametr for your peer1 and 
peer2 sources.


'peer1'= { 'port' = '9996', 'IP' = '172.16.17.18' 
},'peer2'= { 'port' = '9996', 'IP' = '172.16.17.19' },


Try to get it like in manual.

Sorry for my English, by the way.


BW, Ivan

19.11.2014 2:20, Duddilla, Srikanth пишет:


Additional information I gathered. There are some .rrd files I found

[AB11213@netflow-proc1 src]$ ls -l /data/nfsen/profiles-stat/live

total 10516

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 Linux-Host-eth1.rrd

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 peer1.rrd

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 peer2.rrd

-rw-rw-r-- 1 netflow www 323 Nov 18 14:44 profile.dat

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 upstream1.rrd

Also this is first time set up of nfsen on this server.

Just thought of sharing above information

*From:*Duddilla, Srikanth
*Sent:* Tuesday, November 18, 2014 4:12 PM
*To:* 'nfsen-discuss@lists.sourceforge.net'
*Subject:* nfsen install error

I am new to nfsen. I was installing nfsen an found following  errors 
“unable to create graph”.


Can someone provide what was the issue and fix for this?

I would appreciate your help. I have included nfsen.conf file contents.



[root@netflow-proc1 nfsen-1.3.6p1]# ./install.pl etc/nfsen.conf

Check for required Perl modules: All modules found.

Setup NfSen:

Version: 1.3.6p1: $Id: install.pl 53 2012-01-23 16:36:02Z peter $

Perl to use: [/usr/bin/perl]

Found /usr/local/bin/nfdump: Version: 1.6.1p1 $LastChangedDate: 
2010-03-05 07:50:35 +0100 (Fri, 05 Mar 2010) $


Setup php and html files.

Copy NfSen dirs etc bin libexec plugins doc ...

Copy config file 'etc/nfsen.conf'

In directory: /data/nfsen/libexec ...

Update script: AbuseWhois.pm

Update script: Log.pm

Update script: Lookup.pm

Update script: NfAlert.pm

Update script: Nfcomm.pm

Update script: NfConf.pm

Update script: NfProfile.pm

Update script: NfSen.pm

Update script: NfSenRC.pm

Update script: NfSenRRD.pm

Update script: NfSenSim.pm

Update script: Nfsources.pm

Update script: Nfsync.pm

Update script: Notification.pm

In directory: /data/nfsen/bin ...

Update script: nfsen

Update script: nfsend

Update script: RebuildHierarchy.pl

Update script: testPlugin

Cleanup old files ...

Setup diretories:

Use UID/GID 511 512

Creating: mkdir /data/nfsen/var

/data/nfsen/var

Creating: mkdir /data/nfsen/var/tmp

/data/nfsen/var/tmp

Creating: mkdir /data/nfsen/var/run

/data/nfsen/var/run

Creating: mkdir /data/nfsen/var/filters

/data/nfsen/var/filters

Creating: mkdir /data/nfsen/var/fmt

/data/nfsen/var/fmt

Creating: mkdir /data/nfsen/profiles-stat

/data/nfsen/profiles-stat

Creating: mkdir /data/nfsen/profiles-stat/live

/data/nfsen/profiles-stat/live

Creating: mkdir /data/nfsen/profiles-data

/data/nfsen/profiles-data

Creating: mkdir /data/nfsen/profiles-data/live

/data/nfsen/profiles-data/live

Profile live: spool directories:

Creating: mkdir /data/nfsen/profiles-data/live/Linux-Host-eth1

Linux-Host-eth1

Creating: mkdir /data/nfsen/profiles-data/live/peer2

peer2

Creating: mkdir /data/nfsen/profiles-data/live/upstream1

upstream1

Creating: mkdir /data/nfsen/profiles-data/live/peer1

peer1

Rename gif RRDfiles ... done.

Create profile info for profile 'live'

Rebuilding profile stats for './live'

*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 337.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 346.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 356.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm

Re: [Nfsen-discuss] nfsen install error

2014-11-18 Thread Duddilla, Srikanth 
Additional information I gathered. There are some .rrd files I found

[AB11213@netflow-proc1 src]$ ls -l /data/nfsen/profiles-stat/live
total 10516
-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 Linux-Host-eth1.rrd
-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 peer1.rrd
-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 peer2.rrd
-rw-rw-r-- 1 netflow www 323 Nov 18 14:44 profile.dat
-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 upstream1.rrd

Also this is first time set up of nfsen on this server.
Just thought of sharing above information

From: Duddilla, Srikanth
Sent: Tuesday, November 18, 2014 4:12 PM
To: 'nfsen-discuss@lists.sourceforge.net'
Subject: nfsen install error

I am new to nfsen. I was installing nfsen an found following  errors unable to 
create graph.
Can someone provide what was the issue and fix for this?
I would appreciate your help. I have included nfsen.conf file contents.


[root@netflow-proc1 nfsen-1.3.6p1]# ./install.pl etc/nfsen.conf
Check for required Perl modules: All modules found.
Setup NfSen:
Version: 1.3.6p1: $Id: install.pl 53 2012-01-23 16:36:02Z peter $

Perl to use: [/usr/bin/perl]
Found /usr/local/bin/nfdump: Version: 1.6.1p1 $LastChangedDate: 2010-03-05 
07:50:35 +0100 (Fri, 05 Mar 2010) $
Setup php and html files.

Copy NfSen dirs etc bin libexec plugins doc ...
Copy config file 'etc/nfsen.conf'

In directory: /data/nfsen/libexec ...
Update script: AbuseWhois.pm
Update script: Log.pm
Update script: Lookup.pm
Update script: NfAlert.pm
Update script: Nfcomm.pm
Update script: NfConf.pm
Update script: NfProfile.pm
Update script: NfSen.pm
Update script: NfSenRC.pm
Update script: NfSenRRD.pm
Update script: NfSenSim.pm
Update script: Nfsources.pm
Update script: Nfsync.pm
Update script: Notification.pm
In directory: /data/nfsen/bin ...
Update script: nfsen
Update script: nfsend
Update script: RebuildHierarchy.pl
Update script: testPlugin

Cleanup old files ...

Setup diretories:

Use UID/GID 511 512
Creating: mkdir /data/nfsen/var
/data/nfsen/var
Creating: mkdir /data/nfsen/var/tmp
/data/nfsen/var/tmp
Creating: mkdir /data/nfsen/var/run
/data/nfsen/var/run
Creating: mkdir /data/nfsen/var/filters
/data/nfsen/var/filters
Creating: mkdir /data/nfsen/var/fmt
/data/nfsen/var/fmt
Creating: mkdir /data/nfsen/profiles-stat
/data/nfsen/profiles-stat
Creating: mkdir /data/nfsen/profiles-stat/live
/data/nfsen/profiles-stat/live
Creating: mkdir /data/nfsen/profiles-data
/data/nfsen/profiles-data
Creating: mkdir /data/nfsen/profiles-data/live
/data/nfsen/profiles-data/live

Profile live: spool directories:
Creating: mkdir /data/nfsen/profiles-data/live/Linux-Host-eth1
Linux-Host-eth1
Creating: mkdir /data/nfsen/profiles-data/live/peer2
peer2
Creating: mkdir /data/nfsen/profiles-data/live/upstream1
upstream1
Creating: mkdir /data/nfsen/profiles-data/live/peer1
peer1
Rename gif RRDfiles ... done.
Create profile info for profile 'live'

Rebuilding profile stats for './live'
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, traffic-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 337.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, traffic-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 346.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, traffic-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 356.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, traffic-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 366.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, flows-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 337.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, flows-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 346.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, flows-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 356.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, flows-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 366.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, packets-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 337.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, packets-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 346.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, packets-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 356.
Unable to create graph: No such file or directory
Error GenGraph: Profile: live, packets-day: Legend set but no color: peer2 at 
libexec/NfSenRRD.pm line 366.
Rebuilding profile stats for './live'
Unable to create graph: No such file or

Re: [Nfsen-discuss] nfsen install error

2014-11-18 Thread Иван Стрельников 

Hello!
i think, that you didn't use the col parametr for your peer1 and peer2 
sources.


'peer1'= { 'port' = '9996', 'IP' = '172.16.17.18' },
'peer2'= { 'port' = '9996', 'IP' = '172.16.17.19' },


Try to get it like in manual.

Sorry for my English, by the way.


BW, Ivan

19.11.2014 2:20, Duddilla, Srikanth пишет:


Additional information I gathered. There are some .rrd files I found

[AB11213@netflow-proc1 src]$ ls -l /data/nfsen/profiles-stat/live

total 10516

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 Linux-Host-eth1.rrd

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 peer1.rrd

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 peer2.rrd

-rw-rw-r-- 1 netflow www 323 Nov 18 14:44 profile.dat

-rw-rw-r-- 1 netflow www 2687848 Nov 18 14:44 upstream1.rrd

Also this is first time set up of nfsen on this server.

Just thought of sharing above information

*From:*Duddilla, Srikanth
*Sent:* Tuesday, November 18, 2014 4:12 PM
*To:* 'nfsen-discuss@lists.sourceforge.net'
*Subject:* nfsen install error

I am new to nfsen. I was installing nfsen an found following  errors 
“unable to create graph”.


Can someone provide what was the issue and fix for this?

I would appreciate your help. I have included nfsen.conf file contents.



[root@netflow-proc1 nfsen-1.3.6p1]# ./install.pl etc/nfsen.conf

Check for required Perl modules: All modules found.

Setup NfSen:

Version: 1.3.6p1: $Id: install.pl 53 2012-01-23 16:36:02Z peter $

Perl to use: [/usr/bin/perl]

Found /usr/local/bin/nfdump: Version: 1.6.1p1 $LastChangedDate: 
2010-03-05 07:50:35 +0100 (Fri, 05 Mar 2010) $


Setup php and html files.

Copy NfSen dirs etc bin libexec plugins doc ...

Copy config file 'etc/nfsen.conf'

In directory: /data/nfsen/libexec ...

Update script: AbuseWhois.pm

Update script: Log.pm

Update script: Lookup.pm

Update script: NfAlert.pm

Update script: Nfcomm.pm

Update script: NfConf.pm

Update script: NfProfile.pm

Update script: NfSen.pm

Update script: NfSenRC.pm

Update script: NfSenRRD.pm

Update script: NfSenSim.pm

Update script: Nfsources.pm

Update script: Nfsync.pm

Update script: Notification.pm

In directory: /data/nfsen/bin ...

Update script: nfsen

Update script: nfsend

Update script: RebuildHierarchy.pl

Update script: testPlugin

Cleanup old files ...

Setup diretories:

Use UID/GID 511 512

Creating: mkdir /data/nfsen/var

/data/nfsen/var

Creating: mkdir /data/nfsen/var/tmp

/data/nfsen/var/tmp

Creating: mkdir /data/nfsen/var/run

/data/nfsen/var/run

Creating: mkdir /data/nfsen/var/filters

/data/nfsen/var/filters

Creating: mkdir /data/nfsen/var/fmt

/data/nfsen/var/fmt

Creating: mkdir /data/nfsen/profiles-stat

/data/nfsen/profiles-stat

Creating: mkdir /data/nfsen/profiles-stat/live

/data/nfsen/profiles-stat/live

Creating: mkdir /data/nfsen/profiles-data

/data/nfsen/profiles-data

Creating: mkdir /data/nfsen/profiles-data/live

/data/nfsen/profiles-data/live

Profile live: spool directories:

Creating: mkdir /data/nfsen/profiles-data/live/Linux-Host-eth1

Linux-Host-eth1

Creating: mkdir /data/nfsen/profiles-data/live/peer2

peer2

Creating: mkdir /data/nfsen/profiles-data/live/upstream1

upstream1

Creating: mkdir /data/nfsen/profiles-data/live/peer1

peer1

Rename gif RRDfiles ... done.

Create profile info for profile 'live'

Rebuilding profile stats for './live'

*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 337.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 346.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 356.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, traffic-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 366.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, flows-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 337.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, flows-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 346.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, flows-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 356.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, flows-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 366.*


*Unable to create graph: No such file or directory*

*Error GenGraph: Profile: live, packets-day: Legend set but no color: 
peer2 at libexec/NfSenRRD.pm line 337.*


*Unable to create graph: No such file or directory*

*Error GenGraph:

Re: [Nfsen-discuss] Nfsen-discuss Digest, Vol 100, Issue 2

2014-10-08 Thread Borja Marcos 

On Oct 8, 2014, at 12:05 PM, Oliver Lagni wrote:

 Hi Giles, 
 
 Thanks for your help. 
 
 Actually TOS values on NFSEN are from 1 to 255 so I guess I could filter with 
 same decimal value of DSCP, but it's not. 
 The only TOS filter that works is TOS 0 ;)
 
 At the moment I'm using this filter:  tos 0xb8 or tos 184 or tos 5  but I 
 can't see anything. 

It is working for me, seeing best effort at tos=0 and making tos comparisons. 

Check your flows source, maybe it's not sending the information properly, my 
flows come from Juniper M and MX routers.




Borja.


--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen-discuss Digest, Vol 100, Issue 2

2014-10-08 Thread Oliver Lagni 
I've found this: 

http://www.first.org/conference/2006/papers/haag-peter-papers.pdf page 5 
chapter 1.5

They talk about nfdump and long format to have TOS bites, but I use the nfcapd 
instead of nfdump. 
Not sure that in my flow I get TOS bite detail when data get to NFSEN. 



-Original Message-
From: nfsen-discuss-requ...@lists.sourceforge.net 
[mailto:nfsen-discuss-requ...@lists.sourceforge.net] 
Sent: martedì 7 ottobre 2014 14:32
To: nfsen-discuss@lists.sourceforge.net
Subject: Nfsen-discuss Digest, Vol 100, Issue 2

Send Nfsen-discuss mailing list submissions to
nfsen-discuss@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
or, via email, send a message with subject or body 'help' to
nfsen-discuss-requ...@lists.sourceforge.net

You can reach the person managing the list at
nfsen-discuss-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific than Re: 
Contents of Nfsen-discuss digest...


Today's Topics:

   1. Re: Filter TOS with NFSEN (Giles Coochey)
   2. Re: Filter TOS with NFSEN (Giles Coochey)


--

Message: 1
Date: Tue, 07 Oct 2014 13:29:28 +0100
From: Giles Coochey gi...@coochey.net
Subject: Re: [Nfsen-discuss] Filter TOS with NFSEN
To: nfsen-discuss@lists.sourceforge.net
Message-ID: 5433dca8.6050...@coochey.net
Content-Type: text/plain; charset=windows-1252

On 07/10/2014 13:14, Oliver Lagni wrote:

 Hello all,

 I?m setting the DSCP on some traffic going out and getting in on my 
 firewall.

 With NFSEN I collect traffic from both segments, LAN and WAN Firewall 
 sides.

 On my firewall I set DSCP to 101110 for real-time traffic and I 
 clearly see it on Nprobe server on both segments, as soon as I filter 
 with TCPDump:

 tcpdump -i eth2 -vvv -n ip and ip[1]=0xb8

 0xb8 is 184 in HEX.. and I see this on eth2 (WAN) and eth3 (LAN):

 14:21:23.236494 IP (*tos 0xb8*, ttl 126, id 4388, offset 0, flags 
 [DF], proto TCP (6), length 450)

 217.xx.xx.xx.47460  64.xx.xx.xx.https: Flags [P.], cksum 0x5af4 
 (correct), seq 949:1359, ack 84, win 256, length 410

 But as soon as I filter on NFSEN with syntax Tos 184 or tos 0xb8 I 
 don?t see anything.

 Is there any reason? Can someone help me a bit on this?


I am not sure, but I think the tos value you filter with is the 3 most 
significant bits, so a value between 0-7

0 = 000xx
1 = 001xx
2 = 010xx
3 = 011xx
4 = 100xx
5 = 101xx
6 = 110xx
7 = 111xx

So tos 1 filter matches your priority packets?

--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net

-- next part --
An HTML attachment was scrubbed...
-- next part --
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6454 bytes
Desc: S/MIME Cryptographic Signature

--

Message: 2
Date: Tue, 07 Oct 2014 13:31:55 +0100
From: Giles Coochey gi...@coochey.net
Subject: Re: [Nfsen-discuss] Filter TOS with NFSEN
To: nfsen-discuss@lists.sourceforge.net
Message-ID: 5433dd3b.8090...@coochey.net
Content-Type: text/plain; charset=windows-1252

On 07/10/2014 13:29, Giles Coochey wrote:
 On 07/10/2014 13:14, Oliver Lagni wrote:

 On my firewall I set DSCP to 101110 for real-time traffic and I 
 clearly see it on Nprobe server on both segments, as soon as I filter 
 with TCPDump:


 I am not sure, but I think the tos value you filter with is the 3 most 
 significant bits, so a value between 0-7

 0 = 000xx
 1 = 001xx
 2 = 010xx
 3 = 011xx
 4 = 100xx
 5 = 101xx
 6 = 110xx
 7 = 111xx

 So tos 1 filter matches your priority packets?

Argh... binary, 0xb8 should be tos 5

 --
 Regards,

 Giles Coochey, CCNP, CCNA, CCNAS
 NetSecSpec Ltd
 +44 (0) 8444 780677
 +44 (0) 7584 634135
 http://www.coochey.net
 http://www.netsecspec.co.uk
 gi...@coochey.net


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net

-- next part --
An HTML attachment was scrubbed...
-- next part --
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6454 bytes
Desc: S/MIME Cryptographic Signature

--

--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 
3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready 
for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 
Requirement 10 and 11.5 with EventLog Analyzer

Re: [Nfsen-discuss] Nfsen-discuss Digest, Vol 100, Issue 2

2014-10-08 Thread Giles Coochey 

On 08/10/2014 11:15, Borja Marcos wrote:

On Oct 8, 2014, at 12:05 PM, Oliver Lagni wrote:


Hi Giles,

Thanks for your help.

Actually TOS values on NFSEN are from 1 to 255 so I guess I could filter with 
same decimal value of DSCP, but it's not.
The only TOS filter that works is TOS 0 ;)

At the moment I'm using this filter:  tos 0xb8 or tos 184 or tos 5  but I can't 
see anything.

It is working for me, seeing best effort at tos=0 and making tos comparisons.

Check your flows source, maybe it's not sending the information properly, my 
flows come from Juniper M and MX routers.


Quite, what values are sent are set in the Netflow record, so it may be 
specific to the device that is exporting to the collector and how far it 
supports Netflow record format! I only see tos from 0-7, so I assumed 
that it was doing a pseudo-cos type conversion in Nfsen, but it's 
probably the exporter that is doing that


--
Regards,

Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net




smime.p7s
Description: S/MIME Cryptographic Signature
--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen-discuss Digest, Vol 100, Issue 2

2014-10-08 Thread Oliver Lagni 
Hi Borja, 

I see tos 0 too. 
When I capture packets before and after nprobe I see packets with TOS on it. 
I'm sure 100%:

14:21:23.236494 IP (tos 0xb8, ttl 126, id 4388, offset 0, flags [DF], proto TCP 
(6), length 450)
217.xx.xx.xx.47460  64.xx.xx.xx.https: Flags [P.], cksum 0x5af4 (correct), 
seq 949:1359, ack 84, win 256, length 410



-Original Message-
From: Borja Marcos [mailto:bor...@sarenet.es] 
Sent: mercoledì 8 ottobre 2014 12:16
To: Oliver Lagni
Cc: nfsen-discuss@lists.sourceforge.net
Subject: Re: [Nfsen-discuss] Nfsen-discuss Digest, Vol 100, Issue 2


On Oct 8, 2014, at 12:05 PM, Oliver Lagni wrote:

 Hi Giles, 
 
 Thanks for your help. 
 
 Actually TOS values on NFSEN are from 1 to 255 so I guess I could filter with 
 same decimal value of DSCP, but it's not. 
 The only TOS filter that works is TOS 0 ;)
 
 At the moment I'm using this filter:  tos 0xb8 or tos 184 or tos 5  but I 
 can't see anything. 

It is working for me, seeing best effort at tos=0 and making tos comparisons. 

Check your flows source, maybe it's not sending the information properly, my 
flows come from Juniper M and MX routers.




Borja.


--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen-discuss Digest, Vol 100, Issue 2

2014-10-08 Thread Peter Haag 
Run nfdump on the command line with -o raw. This prints the full record with 
all information you have in your records. TOS will show up there.

- Peter

On 08/10/14 12:34, Giles Coochey wrote:
 On 08/10/2014 11:15, Borja Marcos wrote:
 On Oct 8, 2014, at 12:05 PM, Oliver Lagni wrote:

 Hi Giles,

 Thanks for your help.

 Actually TOS values on NFSEN are from 1 to 255 so I guess I could filter 
 with same decimal value of DSCP, but it's not.
 The only TOS filter that works is TOS 0 ;)

 At the moment I'm using this filter:  tos 0xb8 or tos 184 or tos 5  but I 
 can't see anything.
 It is working for me, seeing best effort at tos=0 and making tos comparisons.

 Check your flows source, maybe it's not sending the information properly, my 
 flows come from Juniper M and MX routers.


 Quite, what values are sent are set in the Netflow record, so it may be 
 specific to the device that is exporting to the collector and how far it 
 supports Netflow record format! I only see tos from 0-7, so I assumed that it 
 was doing a pseudo-cos type
 conversion in Nfsen, but it's probably the exporter that is doing that
 
 
 
 --
 Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
 Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
 Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
 Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
 http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk
 
 
 
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
 

--
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311iu=/4140/ostg.clktrk
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen not processing netflow v9

2014-08-28 Thread Adrian Popa 
You have to make sure that you leave the processes on for enough time that
your routers send a template packet that describe the netflow data. Until
nfsen receives the template, it (and wireshark as well) doesn't decode the
data. The routers can send this packet once every few seconds, up to one
every hour or so...


On Thu, Aug 28, 2014 at 12:59 PM, Juan Quintanilla 
juan.quintani...@dante.net wrote:

 Hi list,



 We have NfSen deployed in our environment for many years now.

 I am in the process of migrating from netflow v5 to v9 our Juniper devices.



 During the tests, I can see flows are reaching the server, but not
 processed – there’s not a single flow in the channel.



 We are running nfsen 1.3.6 and nfdump 1.6.6



 Config in nfsen.conf is the same as for the other devices:



 'device' = { 'port'= 'number',  'col' = '#ff' },



 Is there anything I am missing?



 Many thanks in advance for your help.



 Regards/Saludos,



 Juan




 --
 Slashdot TV.
 Video for Nerds.  Stuff that matters.
 http://tv.slashdot.org/
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen not processing netflow v9

2014-08-28 Thread Jens Hektor 
Am 28.08.2014 um 11:59 schrieb Juan Quintanilla:
 We are running nfsen 1.3.6 and nfdump 1.6.6
[...]
 Is there anything I am missing?

Maybe an update of nfdump? There is 1.6.12

-- 
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de



smime.p7s
Description: S/MIME Cryptographic Signature
--
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen - override default profile settings

2014-06-26 Thread Nikolaos Milas 
On 21/6/2014 9:36 μμ, Nikolaos Milas wrote:

 I am wondering if there is a way to configure a profile (in nfsen
 1.3.6p1) to use different default display settings in Details tab.

 ...

 Finally, I would also like to customize the graphs displayed under the
 Home and the Graphs tabs to display e.g. line and not stacked graphs
 for particular profiles.

 Is there a way to do such a customization, even by directly manipulating
 some settings file(s)?



Anyone???

Thanks,
Nick

--
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen - override default profile settings

2014-06-26 Thread Axel Fischer 
Hi Nick,

On 06/26/2014 09:53 AM, Nikolaos Milas wrote:
 On 21/6/2014 9:36 μμ, Nikolaos Milas wrote:
 
 I am wondering if there is a way to configure a profile (in nfsen
 1.3.6p1) to use different default display settings in Details tab.

 ...

 Finally, I would also like to customize the graphs displayed under the
 Home and the Graphs tabs to display e.g. line and not stacked graphs
 for particular profiles.

 Is there a way to do such a customization, even by directly manipulating
 some settings file(s)?


 
 Anyone???

In general look for details.php line 348:
snip
default  = array_key_exists('type', $detail_opts) ? $detail_opts['type'] :
'flows',
/snip
Change 'flows' to 'traffic' and you have a look on the traffic view for all
profiles by default when clicking on details.


Regards,
Axel





--
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen - override default profile settings

2014-06-26 Thread Nikolaos Milas 
On 26/6/2014 4:24 μμ, Peter Haag wrote:

 There will be an NfSen 1.3.7 in a month or so, which fixes some issues but
 only has some minor improvements. NfSen 1.4 will have a completely rewritten
 frontend with a few new features. NfSen 2.0 will have a rewritten backend and
 many more customisable features.

Sounds very interesting. Any roadmap available (approx. release dates)?

Thank you Peter for listening to my visual customization requests.

In any case, thank you for nfsen, a truly great piece of software.

All the best,
Nick

--
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen not profiling history

2014-04-28 Thread Borja Marcos 

On Mar 26, 2014, at 9:27 PM, Peter Haag wrote:

 Hi all,
 Find appended a patch, which fixes the problem for not profiling the history 
 data correctly. The bug is triggered, when
 setting ZIPprofile to 1 in nfsen.conf. A new NfSen release, which fixes some 
 more issues, especially Perl compatibility,
 will be released soon.

Rejoice, for the  problem has been solved for me. Please accept my apologies, I 
was supposed to set up an accessible system for you and I really forgot. Brain 
fried, sometimes :)

Curiously, I don't use the ZIPprofiles option. I use ZFS with compression 
enabled and I always disable ZIPprofiles. Or is the problem caused by having 
had ZIPprofiles once, a long time ago, in a far away galaxy?

Anyway, thank you!





Borja.


--
Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free.
http://p.sf.net/sfu/SauceLabs
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen not profiling history

2014-04-28 Thread Peter Haag 
On 28.04.14 12:13, Borja Marcos wrote:
 
 On Mar 26, 2014, at 9:27 PM, Peter Haag wrote:
 
 Hi all,
 Find appended a patch, which fixes the problem for not profiling the history 
 data correctly. The bug is triggered, when
 setting ZIPprofile to 1 in nfsen.conf. A new NfSen release, which fixes some 
 more issues, especially Perl compatibility,
 will be released soon.
 
 Rejoice, for the  problem has been solved for me. Please accept my apologies, 
 I was supposed to set up an accessible system for you and I really forgot. 
 Brain fried, sometimes :)
 
 Curiously, I don't use the ZIPprofiles option. I use ZFS with compression 
 enabled and I always disable ZIPprofiles. Or is the problem caused by having 
 had ZIPprofiles once, a long time ago, in a far away galaxy?

No - compression is transparent. Therefor old compressed profiles are perfectly 
fine!
For not compressing files, leave ZIPprofiles empty or apply the patch.

- Peter
 
 Anyway, thank you!
 
 
 
 
 
 Borja.
 
 
 --
 Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
 Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
 unparalleled scalability from the best Selenium testing platform available.
 Simple to use. Nothing to install. Get started now for free.
 http://p.sf.net/sfu/SauceLabs
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

--
Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free.
http://p.sf.net/sfu/SauceLabs
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen not profiling history

2014-04-28 Thread Borja Marcos 

On Apr 28, 2014, at 12:41 PM, Borja Marcos wrote:

 
 On Apr 28, 2014, at 12:31 PM, Peter Haag wrote:
 
 Curiously, I don't use the ZIPprofiles option. I use ZFS with compression 
 enabled and I always disable ZIPprofiles. Or is the problem caused by 
 having had ZIPprofiles once, a long time ago, in a far away galaxy?
 
 No - compression is transparent. Therefor old compressed profiles are 
 perfectly fine!
 For not compressing files, leave ZIPprofiles empty or apply the patch.
 
 Then it's curious. Although I wasn't using ZIPprofiles, the bug was affecting 
 me. After patching it works perfectly.

Or wait. I had it set to zero, not empty.




Borja.


--
Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free.
http://p.sf.net/sfu/SauceLabs
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] NfSen not profiling history

2014-04-17 Thread Christian Kildau 
Hi Peter,

this sounds like the bug we run into.
Sadly your patch doesn't fix it for me. Shadow profile data sill stays
empty.

Any idea when the updated version of nfsen will be released?

Best regards
Chris

On 3/26/14 9:27 PM, Peter Haag wrote:
 Hi all,
 Find appended a patch, which fixes the problem for not profiling the history 
 data correctly. The bug is triggered, when
 setting ZIPprofile to 1 in nfsen.conf. A new NfSen release, which fixes some 
 more issues, especially Perl compatibility,
 will be released soon.
 
 Thanks Wim for your support!
 
   Cheers
 
   - Peter
 
 
 
 
 --
 Learn Graph Databases - Download FREE O'Reilly Book
 Graph Databases is the definitive new guide to graph databases and their
 applications. Written by three acclaimed leaders in the field,
 this first edition is now available. Download your free book today!
 http://p.sf.net/sfu/13534_NeoTech
 
 
 
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
 

--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen FHS'd on Debian Jessie

2014-03-27 Thread Peter Haag 
There will be an NfSen update, which fixes the Perl issues as well as
other bugs. It should be ready by the end of the month.

Use optarg for nfcapd args, as already pointed out by Borja

Regards

- Peter

On 03/24/2014 04:44 PM, Alfredo Sola wrote:
 
   Good day,
 
   I have been using now and then nfsen/nfdump for some years, but I don't 
 claim to be an expert.
 
   As a platform for detecting trouble early (we could call that VEDA, 
 yes? Very Early DDoS Alert :) it is as good as things can conceivably be, in 
 my opinion. It is also a very convenient way to peek on network traffic. I'd 
 say that it fulfills those design goals quite nicely.
 
   In my latest implementation, I am struggling with two things: Make it 
 work with a directory layout as FHS as possible, and script some early 
 response when trouble comes down the pipes.
 
   As for the first question, I have 'apt-get nfdump' and that works, but 
 have been unable to make nfsen work. It does start nfcapd among some 
 complains about Perl (which is at version 5.18.2, which I understand should 
 work) and I can nfdump stuff out of the nfcapd files, but the web page says, 
 Frontend - Backend version missmatch! and No data available!. I have been 
 searching this list in particular and the web in general, and applied the 
 session patch, but nothing helped.
 
   I noticed there was at one point a mentoring request on Debian to pack 
 nfsen up, but it was withdrawn. Lack of interest? I'd love to be able to 
 apt-get install nfsen and have things just work, and I'm willing to put down 
 some resources towards that.
 
   Regarding the second question, I notice that there is currently no way 
 to have nfsen start nfcapd with custom args. I want to start nfcapd with -x 
 /usr/local/bin/somescript %d/%f so that I can run a custom nfdump analysis as 
 soon as a five-minute period is done, but for that the only solution is to 
 either edit NfSenRC.pm (and therefore when updating one needs to remember 
 patching it up again), or use something like incron. So I'd like to make that 
 a feature request, to provide support for a -x parameter or custom additional 
 parameters in nfsen.conf.
 
   Thanks for any pointers, answers, ideas and cluebaits.
 
   System information:
 
 8
 $ dpkg -l librrds-perl
 Desired=Unknown/Install/Remove/Purge/Hold
 | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
 |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
 ||/ Name   VersionArchitecture   
 Description
 +++-==-==-==-=
 ii  librrds-perl   1.4.7-2.1  amd64  
 time-series data storage and display system (Perl interfa
 8
 $ nfdump -V
 nfdump: Version: 1.6.8p1 $Date: 2012-11-10 12:40:54 +0100 (Sat, 10 Nov 2012) $
 8
 root@monitor1:~# nfsen -V
 Subroutine Lookup::pack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
  at /usr/local/bin/libexec/Lookup.pm line 43.
 Subroutine Lookup::unpack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
  at /usr/local/bin/libexec/Lookup.pm line 43.
 Subroutine Lookup::sockaddr_in6 redefined at /usr/share/perl/5.18/Exporter.pm 
 line 66.
  at /usr/local/bin/libexec/Lookup.pm line 43.
 Subroutine AbuseWhois::pack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
  at /usr/local/bin/libexec/AbuseWhois.pm line 42.
 Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
  at /usr/local/bin/libexec/AbuseWhois.pm line 42.
 Subroutine AbuseWhois::sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
  at /usr/local/bin/libexec/AbuseWhois.pm line 42.
 Subroutine AbuseWhois::pack_sockaddr_in6 redefined at 
 /usr/local/bin/libexec/AbuseWhois.pm line 44.
 Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at 
 /usr/local/bin/libexec/AbuseWhois.pm line 44.
 Subroutine AbuseWhois::sockaddr_in6 redefined at 
 /usr/local/bin/libexec/AbuseWhois.pm line 44.
 /usr/local/bin/nfsen: 1.3.6p1 $Id: nfsen 53 2012-01-23 16:36:02Z peter $
 8
 $ egrep -v '(^#|^$)' /etc/nfsen/nfsen.conf
 $BASEDIR = /var/cache/nfdump;
 $BINDIR=/usr/local/bin;
 $LIBEXECDIR=${BINDIR}/libexec;
 $CONFDIR=/etc/nfsen;
 $HTMLDIR= /srv/mynicenfsenweb;
 $DOCDIR=${HTMLDIR}/doc;
 $VARDIR=${BASEDIR}/var;
 $PIDDIR=/run/nfsen;
 $PROFILESTATDIR=${BASEDIR}/profiles-stat;
 $PROFILEDATADIR=${BASEDIR}/profiles-data;
 $BACKEND_PLUGINDIR=${BASEDIR}/plugins;
 $FRONTEND_PLUGINDIR=${HTMLDIR}/plugins;
 $PREFIX  = '/usr/bin';
 $USER= www-data;
 $WWWUSER  = www-data;

Re: [Nfsen-discuss] nfsen FHS'd on Debian Jessie

2014-03-26 Thread Alfredo Sola 

 The problem is, software with compile time options is completely unsuitable 
 for that packaging. For nfsen to work, that package must be built with 
 nfprofile. 

 To prevent trouble (and because I run several different instances on the same 
 server and I use nginx with php-fpm instead of using Apache with a PHP 
 module) I always prefer to build from source. It's really straightforward, 
 even on FreeBSD.

Yes, that's how I have been doing it; what I was hoping for is to avoid 
some repetitive tasks (unpacking, configuring, customizing...) as well as 
placing things on FHS directories. But unless there is some further 
suggestions, I'll have to stick with the classic way. The tool is great and if 
it takes a little bit of work to install it each time, so be it.

 There's an option for custom nfcapd parameters, a parameter called optarg.

I must have been blind when I looked at it... Thanks for the hint, 
that's exactly what I needed.

-- 
Alfredo Sola
http://www.tecnocratica.net/





--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen FHS'd on Debian Jessie

2014-03-25 Thread Alfredo Sola 

Hi, thanks for your answer.

 rrdtool -v

Well the rrdtool binary wasn't installed, I only had the Perl modules, 
which don't depend on it. I installed it (apt-get install rrdtool) and tried 
again (restarting nfsen just in case it helped) and waited a few nfcapd 
intervals but got to the same point. Here is rrdtool -v :

RRDtool 1.4.7  Copyright 1997-2012 by Tobias Oetiker t...@oetiker.ch
   Compiled Jan 28 2014 16:25:51

Usage: rrdtool [options] command command_options
Valid commands: create, update, updatev, graph, graphv,  dump, restore,
last, lastupdate, first, info, fetch, tune,
resize, xport, flushcached

RRDtool is distributed under the Terms of the GNU General
Public License Version 2. (www.gnu.org/copyleft/gpl.html)

For more information read the RRD manpages

 and the file and directory permissions are all ok in the $*DIR variables, 
 mainly in: 

They seem ok to me:

 $VARDIR=${BASEDIR}/var;

drwxrwxr-x 1 www-data www-data 26 Mar 22 10:47 /var/cache/nfdump/var

 $PROFILESTATDIR=${BASEDIR}/profiles-stat;

drwxrwxr-x 1 www-data www-data 26 Mar 23 15:11 /var/cache/nfdump/profiles-stat/

 $PROFILEDATADIR=${BASEDIR}/profiles-data;

drwxrwxr-x 1 www-data www-data 16 Mar 23 15:11 /var/cache/nfdump/profiles-data/

 And also in:
 /var/cache/nfdump/profiles-data/live ?

alfredo@monitor1:~$ find /var/cache/nfdump/profiles-data -type d -exec ls -ld 
{} \;
drwxrwxr-x 1 www-data www-data 16 Mar 23 15:11 /var/cache/nfdump/profiles-data
drwxrwxr-x 1 www-data www-data 4 Mar 23 14:46 
/var/cache/nfdump/profiles-data/live
drwxrwxr-x 1 www-data www-data 50 Mar 25 11:06 
/var/cache/nfdump/profiles-data/live/r1
drwxr-xr-x 1 www-data www-data 4 Mar 22 21:10 
/var/cache/nfdump/profiles-data/live/r1/2014
drwxr-xr-x 1 www-data www-data 16 Mar 25 00:05 
/var/cache/nfdump/profiles-data/live/r1/2014/03
drwxr-xr-x 1 www-data www-data 1292 Mar 23 00:00 
/var/cache/nfdump/profiles-data/live/r1/2014/03/22
drwxr-xr-x 1 www-data www-data 10754 Mar 24 00:00 
/var/cache/nfdump/profiles-data/live/r1/2014/03/23
drwxr-xr-x 1 www-data www-data 10944 Mar 25 00:00 
/var/cache/nfdump/profiles-data/live/r1/2014/03/24
drwxr-xr-x 1 www-data www-data 5092 Mar 25 11:06 
/var/cache/nfdump/profiles-data/live/r1/2014/03/25
drwxrwxr-x 1 www-data www-data 6 Mar 23 15:11 
/var/cache/nfdump/profiles-data/~pps
drwxrwxr-x 1 www-data www-data 14 Mar 25 11:05 
/var/cache/nfdump/profiles-data/~pps/pps

 On 24/03/2014, at 12:44, Alfredo Sola alfr...@solucionesdinamicas.net 
 wrote:
 
 
   Good day,
 
   I have been using now and then nfsen/nfdump for some years, but I don't 
 claim to be an expert.
 
   As a platform for detecting trouble early (we could call that VEDA, yes? 
 Very Early DDoS Alert :) it is as good as things can conceivably be, in my 
 opinion. It is also a very convenient way to peek on network traffic. I'd 
 say that it fulfills those design goals quite nicely.
 
   In my latest implementation, I am struggling with two things: Make it work 
 with a directory layout as FHS as possible, and script some early response 
 when trouble comes down the pipes.
 
   As for the first question, I have 'apt-get nfdump' and that works, but 
 have been unable to make nfsen work. It does start nfcapd among some 
 complains about Perl (which is at version 5.18.2, which I understand should 
 work) and I can nfdump stuff out of the nfcapd files, but the web page says, 
 Frontend - Backend version missmatch! and No data available!. I have 
 been searching this list in particular and the web in general, and applied 
 the session patch, but nothing helped.
 
   I noticed there was at one point a mentoring request on Debian to pack 
 nfsen up, but it was withdrawn. Lack of interest? I'd love to be able to 
 apt-get install nfsen and have things just work, and I'm willing to put down 
 some resources towards that.
 
   Regarding the second question, I notice that there is currently no way to 
 have nfsen start nfcapd with custom args. I want to start nfcapd with -x 
 /usr/local/bin/somescript %d/%f so that I can run a custom nfdump analysis 
 as soon as a five-minute period is done, but for that the only solution is 
 to either edit NfSenRC.pm (and therefore when updating one needs to remember 
 patching it up again), or use something like incron. So I'd like to make 
 that a feature request, to provide support for a -x parameter or custom 
 additional parameters in nfsen.conf.
 
   Thanks for any pointers, answers, ideas and cluebaits.
 
   System information:
 
 8
 $ dpkg -l librrds-perl
 Desired=Unknown/Install/Remove/Purge/Hold
 | 
 Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
 |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
 ||/ Name   VersionArchitecture   
 Description

Re: [Nfsen-discuss] nfsen FHS'd on Debian Jessie

2014-03-25 Thread Borja Marcos 

On Mar 24, 2014, at 4:44 PM, Alfredo Sola wrote:

 
   Good day,
 
   I have been using now and then nfsen/nfdump for some years, but I don't 
 claim to be an expert.
 
   As a platform for detecting trouble early (we could call that VEDA, 
 yes? Very Early DDoS Alert :) it is as good as things can conceivably be, in 
 my opinion. It is also a very convenient way to peek on network traffic. I'd 
 say that it fulfills those design goals quite nicely.
 
   In my latest implementation, I am struggling with two things: Make it 
 work with a directory layout as FHS as possible, and script some early 
 response when trouble comes down the pipes.
 
   As for the first question, I have 'apt-get nfdump' and that works, but 
 have been unable to make nfsen work. It does start nfcapd among some 
 complains about Perl (which is at version 5.18.2, which I understand should 
 work) and I can nfdump stuff out of the nfcapd files, but the web page says, 
 Frontend - Backend version missmatch! and No data available!. I have been 
 searching this list in particular and the web in general, and applied the 
 session patch, but nothing helped.

The problem is, software with compile time options is completely unsuitable for 
that packaging. For nfsen to work, that package must be built with nfprofile. 

To prevent trouble (and because I run several different instances on the same 
server and I use nginx with php-fpm instead of using Apache with a PHP module) 
I always prefer to build from source. It's really straightforward, even on 
FreeBSD.

   I noticed there was at one point a mentoring request on Debian to pack 
 nfsen up, but it was withdrawn. Lack of interest? I'd love to be able to 
 apt-get install nfsen and have things just work, and I'm willing to put down 
 some resources towards that.
 
   Regarding the second question, I notice that there is currently no way 
 to have nfsen start nfcapd with custom args. I want to start nfcapd with -x 
 /usr/local/bin/somescript %d/%f so that I can run a custom nfdump analysis as 
 soon as a five-minute period is done, but for that the only solution is to 
 either edit NfSenRC.pm (and therefore when updating one needs to remember 
 patching it up again), or use something like incron. So I'd like to make that 
 a feature request, to provide support for a -x parameter or custom additional 
 parameters in nfsen.conf.

There's an option for custom nfcapd parameters, a parameter called optarg.

Examples from one of my nfsen.etc files:

%sources = (
'ROUTER1' = {'port' = '2061', 'col' = '#ff', 'type' = 'netflow', 
'optarg' = '-T all' },
..
'ROUTERN' = {'port' = '2070', 'col' = '#ff99ff', 'type' = 'netflow', 
'optarg' = '-T all'},

);






Borja.




--
Learn Graph Databases - Download FREE O'Reilly Book
Graph Databases is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen FHS'd on Debian Jessie

2014-03-24 Thread Alex Moura 
Hello,

Just to be sure: what is the output of:

rrdtool -v

and the file and directory permissions are all ok in the $*DIR variables, 
mainly in: 

$VARDIR=${BASEDIR}/var;

$PROFILESTATDIR=${BASEDIR}/profiles-stat;

$PROFILEDATADIR=${BASEDIR}/profiles-data;

And also in:
/var/cache/nfdump/profiles-data/live ?

Regards,
Alex

 On 24/03/2014, at 12:44, Alfredo Sola alfr...@solucionesdinamicas.net wrote:
 
 
Good day,
 
I have been using now and then nfsen/nfdump for some years, but I don't 
 claim to be an expert.
 
As a platform for detecting trouble early (we could call that VEDA, yes? 
 Very Early DDoS Alert :) it is as good as things can conceivably be, in my 
 opinion. It is also a very convenient way to peek on network traffic. I'd say 
 that it fulfills those design goals quite nicely.
 
In my latest implementation, I am struggling with two things: Make it work 
 with a directory layout as FHS as possible, and script some early response 
 when trouble comes down the pipes.
 
As for the first question, I have 'apt-get nfdump' and that works, but 
 have been unable to make nfsen work. It does start nfcapd among some 
 complains about Perl (which is at version 5.18.2, which I understand should 
 work) and I can nfdump stuff out of the nfcapd files, but the web page says, 
 Frontend - Backend version missmatch! and No data available!. I have been 
 searching this list in particular and the web in general, and applied the 
 session patch, but nothing helped.
 
I noticed there was at one point a mentoring request on Debian to pack 
 nfsen up, but it was withdrawn. Lack of interest? I'd love to be able to 
 apt-get install nfsen and have things just work, and I'm willing to put down 
 some resources towards that.
 
Regarding the second question, I notice that there is currently no way to 
 have nfsen start nfcapd with custom args. I want to start nfcapd with -x 
 /usr/local/bin/somescript %d/%f so that I can run a custom nfdump analysis as 
 soon as a five-minute period is done, but for that the only solution is to 
 either edit NfSenRC.pm (and therefore when updating one needs to remember 
 patching it up again), or use something like incron. So I'd like to make that 
 a feature request, to provide support for a -x parameter or custom additional 
 parameters in nfsen.conf.
 
Thanks for any pointers, answers, ideas and cluebaits.
 
System information:
 
 8
 $ dpkg -l librrds-perl
 Desired=Unknown/Install/Remove/Purge/Hold
 | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
 |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
 ||/ Name   VersionArchitecture   
 Description
 +++-==-==-==-=
 ii  librrds-perl   1.4.7-2.1  amd64  
 time-series data storage and display system (Perl interfa
 8
 $ nfdump -V
 nfdump: Version: 1.6.8p1 $Date: 2012-11-10 12:40:54 +0100 (Sat, 10 Nov 2012) $
 8
 root@monitor1:~# nfsen -V
 Subroutine Lookup::pack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
 at /usr/local/bin/libexec/Lookup.pm line 43.
 Subroutine Lookup::unpack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
 at /usr/local/bin/libexec/Lookup.pm line 43.
 Subroutine Lookup::sockaddr_in6 redefined at /usr/share/perl/5.18/Exporter.pm 
 line 66.
 at /usr/local/bin/libexec/Lookup.pm line 43.
 Subroutine AbuseWhois::pack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
 at /usr/local/bin/libexec/AbuseWhois.pm line 42.
 Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
 at /usr/local/bin/libexec/AbuseWhois.pm line 42.
 Subroutine AbuseWhois::sockaddr_in6 redefined at 
 /usr/share/perl/5.18/Exporter.pm line 66.
 at /usr/local/bin/libexec/AbuseWhois.pm line 42.
 Subroutine AbuseWhois::pack_sockaddr_in6 redefined at 
 /usr/local/bin/libexec/AbuseWhois.pm line 44.
 Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at 
 /usr/local/bin/libexec/AbuseWhois.pm line 44.
 Subroutine AbuseWhois::sockaddr_in6 redefined at 
 /usr/local/bin/libexec/AbuseWhois.pm line 44.
 /usr/local/bin/nfsen: 1.3.6p1 $Id: nfsen 53 2012-01-23 16:36:02Z peter $
 8
 $ egrep -v '(^#|^$)' /etc/nfsen/nfsen.conf
 $BASEDIR = /var/cache/nfdump;
 $BINDIR=/usr/local/bin;
 $LIBEXECDIR=${BINDIR}/libexec;
 $CONFDIR=/etc/nfsen;
 $HTMLDIR= /srv/mynicenfsenweb;
 $DOCDIR=${HTMLDIR}/doc;
 $VARDIR=${BASEDIR}/var;
 $PIDDIR=/run/nfsen;
 $PROFILESTATDIR=${BASEDIR}/profiles-stat;
 $PROFILEDATADIR=${BASEDIR}/profiles-data;
 $BACKEND_PLUGINDIR=${BASEDIR}/plugins;

Re: [Nfsen-discuss] Nfsen

2014-02-17 Thread Nitin 

Hi All,

Things are working fine now

Getting the below error :


 ERROR: nfsend connect() error: Connection refused!


 ERROR: nfsend - connection failed!!


 ERROR: Can not initialize globals!


Any guidance on the above isuue will be grateful


Regards,
Nitin


On 11-02-2014 13:27, Nitin wrote:

Dear ALL,

while running ./install.pl etc/nfsen.conf getting below error :

[root@cprakash nfsen-1.3]# ./install.pl etc/nfsen.conf
Check for required Perl modules: All modules found.
RRD version '1.4008' not yet supported!


Regards,
Nitin


--
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen

2014-02-17 Thread Adrian Popa 
Make sure the nfsen process is started and it's running.


On Mon, Feb 17, 2014 at 10:21 AM, Nitin ni...@nixi.in wrote:

  Hi All,

 Things are working fine now

 Getting the below error :
 ERROR: nfsend connect() error: Connection refused! ERROR: nfsend -
 connection failed!! ERROR: Can not initialize globals!
 Any guidance on the above isuue will be grateful


 Regards,
 Nitin


 On 11-02-2014 13:27, Nitin wrote:

 Dear ALL,

 while running ./install.pl etc/nfsen.conf getting below error :

 [root@cprakash nfsen-1.3]# ./install.pl etc/nfsen.conf
 Check for required Perl modules: All modules found.
 RRD version '1.4008' not yet supported!


 Regards,
 Nitin




 --
 Android apps run on BlackBerry 10
 Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
 Now with support for Jelly Bean, Bluetooth, Mapview and more.
 Get your Android app in front of a whole new audience.  Start now.

 http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] Nfsen

2014-02-17 Thread Nitin 

Thanks Adrian for quick response.

In graphs traffic is showing too low while monitoring via MRTG same 
router is huge difference.
I want to monitor IPv6 traffic on my router but how to set filters for 
the same .


regards,
nitin



On 17-02-2014 16:35, Adrian Popa wrote:

Make sure the nfsen process is started and it's running.


On Mon, Feb 17, 2014 at 10:21 AM, Nitin ni...@nixi.in 
mailto:ni...@nixi.in wrote:


Hi All,

Things are working fine now

Getting the below error :


  ERROR: nfsend connect() error: Connection refused!


  ERROR: nfsend - connection failed!!


  ERROR: Can not initialize globals!


Any guidance on the above isuue will be grateful


Regards,
Nitin


On 11-02-2014 13:27, Nitin wrote:

Dear ALL,

while running ./install.pl http://install.pl etc/nfsen.conf
getting below error :

[root@cprakash nfsen-1.3]# ./install.pl http://install.pl
etc/nfsen.conf
Check for required Perl modules: All modules found.
RRD version '1.4008' not yet supported!


Regards,
Nitin




--
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151iu=/4140/ostg.clktrk
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
mailto:Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss




--
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471iu=/4140/ostg.clktrk___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen Time Windows Issues

2014-01-29 Thread Peter Haag 

It's most likely a time zone issue. Make sure, server and client are in the 
same time zone
Check also the time zone setting of your web server.

- Peter

On 23/1/14 9:58 AM, Royke wrote:
 Hi,
 
 t_start *2014-01-22-19-00*
 t_end *2014-01-22-20-00*
 
 
 I select time windows like above , and the run Process ,
 
 However the resulted nfdump command is not match with the time windows 
 selected above .
 
 Result :
 
 nfdump -M /usr/local/nfsen/profiles-data/live/dir1:dir2:dir3:dir4  -T  -R
 2014/01/22/nfcapd.201401222000:2014/01/22/nfcapd.201401222100 -a  -B -c 2
 
 Should it be ? :
 
 nfdump -M /usr/local/nfsen/profiles-data/live/dir1:dir2:dir3:dir4  -T  -R
 2014/01/22/nfcapd.201401221900:2014/01/22/nfcapd.201401222000 -a  -B -c 2
 
 Both files
 
 nfcapd.201401221900 and nfcapd.201401222000 exist
 
 Date and ntp setting in the box are correct and sync with ntp zone in my 
 region.
 
 How to debug ?
 
 nfdump -V
 nfdump: Version: 1.6.11 $Date: 2013-11-16 09:04:43 +0100 (Sat, 16 Nov 2013) $
 nfsen --Version
 /usr/local/nfsen/bin/nfsen: 1.3.6p1 $Id: nfsen 53 2012-01-23 16:36:02Z peter $
 
 Thanks in advance.
 
 
 
 --
 CenturyLink Cloud: The Leader in Enterprise Cloud Services.
 Learn Why More Businesses Are Choosing CenturyLink Cloud For
 Critical Workloads, Development Environments  Everything In Between.
 Get a Quote or Start a Free Trial Today. 
 http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk
 
 
 
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
 

-- 
Be nice to your netflow data. Use NfSen and nfdump :)

--
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991iu=/4140/ostg.clktrk
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen default view line graph

2014-01-22 Thread Adrian Popa 
There's a Line Graph radio button in the web interface, under the Details
tab.


On Wed, Jan 22, 2014 at 1:54 PM, Tiedemann, Arne 
arne.tiedem...@hamburg-cloud.de wrote:

  Hello @all,



 I'm new to nfsen and I'm happy with this system.

 My environment: FreeBSD 10 Server, Apache22, PHP5.4, Nfsen 1.3.6p1



 My question:

 Is this possible that all graph will be displayed as 'line graph'?



 Thanks
 Arne
  Mit freundlichen Grüßen

 i. A. Arne Tiedemann
 Sytem Engineer Microsoft Systems

 [image: IT works! Consulting GmbH]
 IT works! Consulting GmbH  Co. KG
 Schwarzer Weg 8
 22309 Hamburg

 Telefon +49 40 63705808
 Telefax +49 40 63705810
 E-Mail: arne.tiedem...@hamburg-cloud.de

 http://www.itworks-hh.de
 http://www.hamburg-cloud.de
  IT works! Consulting GmbH  Co KG, Schwarzer Weg 8, 22309 Hamburg;
 Registergericht Hamburg HRA 95064
 Persönlich haftender Gesellschafter: IT works! Consulting Verwaltungs
 GmbH; Sitz der Gesellschaft: Hamburg, Registergericht Hamburg HRB 77274
 Geschäftsführer: Christian Schroeder


 --
 CenturyLink Cloud: The Leader in Enterprise Cloud Services.
 Learn Why More Businesses Are Choosing CenturyLink Cloud For
 Critical Workloads, Development Environments  Everything In Between.
 Get a Quote or Start a Free Trial Today.

 http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments  Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen default view line graph

2014-01-22 Thread Tiedemann, Arne 
I know, I will have this for all Graph's by default.

Am 22.01.2014 um 14:12 schrieb Adrian Popa 
adrian.popa...@gmail.commailto:adrian.popa...@gmail.com:

There's a Line Graph radio button in the web interface, under the Details tab.


On Wed, Jan 22, 2014 at 1:54 PM, Tiedemann, Arne 
arne.tiedem...@hamburg-cloud.demailto:arne.tiedem...@hamburg-cloud.de wrote:
Hello @all,

I'm new to nfsen and I'm happy with this system.
My environment: FreeBSD 10 Server, Apache22, PHP5.4, Nfsen 1.3.6p1

My question:
Is this possible that all graph will be displayed as 'line graph'?

Thanks
Arne
Mit freundlichen Grüßen

i. A. Arne Tiedemann
Sytem Engineer Microsoft Systems

[IT works! Consulting GmbH]
IT works! Consulting GmbH  Co. KG
Schwarzer Weg 8
22309 Hamburg

Telefon +49 40 63705808tel:%2B49%2040%2063705808
Telefax +49 40 63705810tel:%2B49%2040%2063705810
E-Mail: arne.tiedem...@hamburg-cloud.demailto:arne.tiedem...@hamburg-cloud.de

http://www.itworks-hh.de
http://www.hamburg-cloud.de
IT works! Consulting GmbH  Co KG, Schwarzer Weg 8, 22309 Hamburg; 
Registergericht Hamburg HRA 95064
Persönlich haftender Gesellschafter: IT works! Consulting Verwaltungs GmbH; 
Sitz der Gesellschaft: Hamburg, Registergericht Hamburg HRB 77274
Geschäftsführer: Christian Schroeder

--
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments  Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.netmailto:Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss


--
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments  Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen bps any protocol graph

2013-07-11 Thread Aaron 
sampler-map sm
 random 1 out-of 512

that helps immensely!  Thanks Ron!

I see about 7 gbps on my mrtg inet graphs...
I see about 14 mbps on my nfsen graphs...
You just taught me that this is because of the sampler on my routers which is 
1/512...
14 * 512 = 7,168 

Thanks Ron

Also, is there a reason why I should use sampler 1 of 512 ?  what if I didn't 
use a sampler at all?  Would this mean I would rcv a lot more netflow samples?  
Is this a bad thing?  Am I missing out on some netflow info by sampling or does 
this just cut down on the exported netflow info via my transit network ? 

Aaron

-Original Message-
From: Ron Arsenault [mailto:qualityofserv...@gmail.com] 
Sent: Thursday, July 11, 2013 9:27 AM
To: Aaron
Cc: Vinicius Esteves; nfsen-discuss@lists.sourceforge.net
Subject: Re: [Nfsen-discuss] nfsen bps any protocol graph

Hi Aaron,

Do you have sampling configured on your netflow exporters?  Netflow apps will 
only have data for flows that they see, and sampling will reduce that value 
significantly.  For example, my aggregate inbound traffic is just shy of 20 
Gbps, but as I only sample 1-out-of-6000 random packets, my nfsen bps graph 
peaks at around 3 Mbps.

SNMP-based apps a la MRTG behave differently; since they're just graphing 
interface counters/OIDs (instead of extrapolating based on netflow samples), 
they have a better glimpse into raw bits flowing across your links.

Does this help?

Regards,

Ron

On Thu, Jul 11, 2013 at 9:41 AM, Aaron aar...@gvtc.com wrote:
 On the http://ipaddress/nfsen/nfsen.php when i click on the “Bits/s 
 any protocol” graph I see that the peak usage 21:00 – 22:00 is only 
 about 13 M (I think that means 13 Mbps)….. this is not what my mrtg 
 shows….my mrtg shows that my dual 10 gig uplinks usage is about 7 gbps 
 around that time of the night.  Is this nfsen “Bits/s any protocol” 
 graph supposed to be a literal representation of the traffic that 
 flows through those dual 10 gbps internet uplinks?  I will say this… 
 mrtg that I speak of is monitoring the same (2) 10 gig interfaces that 
 I have my netflow exporting from to nfsen….so this should be an apples 
 to apples comparison as far as I can see…. Lemme know what yall think please.





 Aaron



 From: Vinicius Esteves [mailto:vini.este...@gmail.com]
 Sent: Wednesday, July 10, 2013 7:37 PM
 To: Aaron
 Cc: nfsen-discuss@lists.sourceforge.net
 Subject: Re: [Nfsen-discuss] nfsen bps any protocol graph



 Even accounting traffic of both directions ?



 2013/7/10 Aaron aar...@gvtc.com

 Why is it that my nfsen bps any protocol graph doesn’t match anywhere 
 close to what my mrtg bps graph shows of my actual internet uplink 
 utilization ?



 Aaron


 --
  See everything from the browser to the database with 
 AppDynamics Get end-to-end visibility with application monitoring from 
 AppDynamics Isolate bottlenecks and diagnose root cause in seconds.
 Start your free trial of AppDynamics Pro today!
 http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.c
 lktrk ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss




 --
  See everything from the browser to the database with 
 AppDynamics Get end-to-end visibility with application monitoring from 
 AppDynamics Isolate bottlenecks and diagnose root cause in seconds.
 Start your free trial of AppDynamics Pro today!
 http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.c
 lktrk ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



--
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.clktrk
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen bps any protocol graph

2013-07-11 Thread Ron Arsenault 
No prob Aaron, glad to hear it's behaving as [sort-of] expected!

How much you want to sample is ultimately one of those it depends
situations.  Line-rate netflow for millions of flows will generate a
lot of data and in some cases may not be supported by the exporting
hardware itself regardless of traffic rate.  I believe the config
guide for Cisco's ASR9k line explicitly states that only sampled
netflow is supported; there is no support for full-mode sampling --
though I've never personally tested that.

You are missing out on some packet data, though.  If for example you
send a single packet across your network and it is not the one sampled
in that random-out-of-512 packet interval, you will not see data for
the flow in nfsen.  That's not a deficiency in nfsen/nfdump/etc, it's
just packet-sampling on the exporting router working as intended.
nfdump can't process what it doesn't receive to begin with. : )

One samples to get an approximation of traffic; a higher sample rate
will provide more granularity at the expense of more CPU on the
exporting router, more bandwidth used to send the flow data to the
collector, and storage space and processing burdens on the collector
(among other things I'm liable to miss).  A lower sample rate means
you miss out on some data, but you can get away with using
smaller-scale export/collector hardware.  Given enough money and
hardware, I suppose there's no limit to what could conceivably be
exported, retained, and processed, but I've personally never had the
need to design for line-rate netflow in large environments and cannot
comment authoritatively.

Regards,
Ron

On Thu, Jul 11, 2013 at 1:52 PM, Aaron aar...@gvtc.com wrote:
 sampler-map sm
  random 1 out-of 512

 that helps immensely!  Thanks Ron!

 I see about 7 gbps on my mrtg inet graphs...
 I see about 14 mbps on my nfsen graphs...
 You just taught me that this is because of the sampler on my routers which is 
 1/512...
 14 * 512 = 7,168

 Thanks Ron

 Also, is there a reason why I should use sampler 1 of 512 ?  what if I didn't 
 use a sampler at all?  Would this mean I would rcv a lot more netflow 
 samples?  Is this a bad thing?  Am I missing out on some netflow info by 
 sampling or does this just cut down on the exported netflow info via my 
 transit network ?

 Aaron

 -Original Message-
 From: Ron Arsenault [mailto:qualityofserv...@gmail.com]
 Sent: Thursday, July 11, 2013 9:27 AM
 To: Aaron
 Cc: Vinicius Esteves; nfsen-discuss@lists.sourceforge.net
 Subject: Re: [Nfsen-discuss] nfsen bps any protocol graph

 Hi Aaron,

 Do you have sampling configured on your netflow exporters?  Netflow apps will 
 only have data for flows that they see, and sampling will reduce that value 
 significantly.  For example, my aggregate inbound traffic is just shy of 20 
 Gbps, but as I only sample 1-out-of-6000 random packets, my nfsen bps graph 
 peaks at around 3 Mbps.

 SNMP-based apps a la MRTG behave differently; since they're just graphing 
 interface counters/OIDs (instead of extrapolating based on netflow samples), 
 they have a better glimpse into raw bits flowing across your links.

 Does this help?

 Regards,

 Ron

 On Thu, Jul 11, 2013 at 9:41 AM, Aaron aar...@gvtc.com wrote:
 On the http://ipaddress/nfsen/nfsen.php when i click on the “Bits/s
 any protocol” graph I see that the peak usage 21:00 – 22:00 is only
 about 13 M (I think that means 13 Mbps)….. this is not what my mrtg
 shows….my mrtg shows that my dual 10 gig uplinks usage is about 7 gbps
 around that time of the night.  Is this nfsen “Bits/s any protocol”
 graph supposed to be a literal representation of the traffic that
 flows through those dual 10 gbps internet uplinks?  I will say this…
 mrtg that I speak of is monitoring the same (2) 10 gig interfaces that
 I have my netflow exporting from to nfsen….so this should be an apples
 to apples comparison as far as I can see…. Lemme know what yall think please.





 Aaron



 From: Vinicius Esteves [mailto:vini.este...@gmail.com]
 Sent: Wednesday, July 10, 2013 7:37 PM
 To: Aaron
 Cc: nfsen-discuss@lists.sourceforge.net
 Subject: Re: [Nfsen-discuss] nfsen bps any protocol graph



 Even accounting traffic of both directions ?



 2013/7/10 Aaron aar...@gvtc.com

 Why is it that my nfsen bps any protocol graph doesn’t match anywhere
 close to what my mrtg bps graph shows of my actual internet uplink 
 utilization ?



 Aaron


 --
  See everything from the browser to the database with
 AppDynamics Get end-to-end visibility with application monitoring from
 AppDynamics Isolate bottlenecks and diagnose root cause in seconds.
 Start your free trial of AppDynamics Pro today!
 http://pubads.g.doubleclick.net/gampad/clk?id=48808831iu=/4140/ostg.c
 lktrk ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen (or maybe rrd) not draw diagram

2013-05-23 Thread Peter Haag 
Hi Eric,

On 5/23/13 W21 2:36, Eric wrote:
 if I try to rebuild the 'live' profile;
 
 [root@nfsen1 ~]# /data/nfsen/bin/nfsen -r live
 
 ERR Communication nfsend failed. Died at /data/nfsen/libexec/Nfcomm.pm line 
 1311, $nfsen_sock line 4.
 
 rebuilding other profiles were all fine.

I know, it's misleading - the rebuild process just takes a bit longer and the 
communication times out. This has no
impact on the rebuild process. You can check the status of the profile at any 
time with:

./nfsen -l live

Will be fixed in 1.3.7

- Peter

 
 
 
 
 At 2013-05-22 17:14:55,Eric eric...@163.com wrote:
 
 Hi wim  all,
 the graph still not updated although datas coming in continously.
 
 here is what I found today, if any one can help? thanks. PS: I run the 
 same command on all other profiles, and fine.
 
 [root@nfsen1 live]# /data/nfsen/bin/nfsen -l live
 namelive
 group   (nogroup)
 tcreate Tue Mar  5 17:00:00 2013
 tstart  Tue Mar  5 17:01:37 2013
 tendWed May 22 12:25:00 2013
 updated Wed May 22 12:25:00 2013
 expire  72 days 0 hours
 size0
 maxsize 50.0 GB
 typelive
 locked  0
 status  OK
 version 130
 channel EASTHQ  sign: + colour: #FF order: 1sourcelist: 
 EASTHQ   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0Size: 0
 channel CN2BJ   sign: + colour: #ff order: 2sourcelist: CN2BJ 
   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0Size: 0
 channel CN2CD   sign: + colour: #ff order: 3sourcelist: CN2CD 
   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0 Size: 0
 channel CN2GZ   sign: + colour: #00ff00 order: 4sourcelist: CN2GZ 
   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0Size: 0
 
 .
 
 
 
 
 
 
 At 2013-05-20 22:44:46,Wim Biemolt wim.biem...@surfnet.eu 
 mailto:wim.biem...@surfnet.eu wrote:
 On 20/05/2013 06:37, Eric wrote:
 
From the last screenshot, I can see there are data coming in, but not
  draw diagram (you can see the last update time attribute). Is there
  anyone can help? thanks
 
 I'm afraid I can't really help. But since you mentioned rrd in the
 subject. I performed some upgrades myself yesterday, nfdump from
 1.6.9 to 1.6.10 but also from 'rrdtool-1.4.5' to 'rrdtool-1.4.7_2'.
 After the upgrade all pictures have become empty (zero in size).
 Everything else seems to work fine. But no pictures anymore :-(
 
 Cheers,
 
 -Wim
 
 
 
 
 
 
 
 --
 Try New Relic Now  We'll Send You this Cool Shirt
 New Relic is the only SaaS-based application performance monitoring service 
 that delivers powerful full stack analytics. Optimize and monitor your
 browser, app,  servers with just a few lines of code. Try New Relic
 and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
 
 
 
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
 

-- 
--
Be nice to your netflow data

--
Try New Relic Now  We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app,  servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen (or maybe rrd) not draw diagram

2013-05-23 Thread Eric 
Hi Peter,
thanks for your reply.


I've tried run command /data/nfsen/bin/nfsen -r live, it showed ERR Error 
reading channel stat information. Missing key 'first' .


now :
1, data under profiles-data/live folder are correct, all other profiles', there 
are new data files for all sources every 5 mins the file size looks good.
2, data under other profile folder not correct, seems only a file would be 
created when service/computer restart.
3, the http://.../nfsen/nfsen.php automatically refresh every 5 mins, but the 
grahp no update , and the timeline stucked at last restart timeslot.


can you help? thanks








At 2013-05-23 21:33:40,Peter Haag ph...@users.sourceforge.net wrote:
Hi Eric,

On 5/23/13 W21 2:36, Eric wrote:
 if I try to rebuild the 'live' profile;
 
 [root@nfsen1 ~]# /data/nfsen/bin/nfsen -r live
 
 ERR Communication nfsend failed. Died at /data/nfsen/libexec/Nfcomm.pm line 
 1311, $nfsen_sock line 4.
 
 rebuilding other profiles were all fine.

I know, it's misleading - the rebuild process just takes a bit longer and the 
communication times out. This has no
impact on the rebuild process. You can check the status of the profile at any 
time with:

./nfsen -l live

Will be fixed in 1.3.7

   - Peter

 
 
 
 
 At 2013-05-22 17:14:55,Eric eric...@163.com wrote:
 
 Hi wim  all,
 the graph still not updated although datas coming in continously.
 
 here is what I found today, if any one can help? thanks. PS: I run the 
 same command on all other profiles, and fine.
 
 [root@nfsen1 live]# /data/nfsen/bin/nfsen -l live
 namelive
 group   (nogroup)
 tcreate Tue Mar  5 17:00:00 2013
 tstart  Tue Mar  5 17:01:37 2013
 tendWed May 22 12:25:00 2013
 updated Wed May 22 12:25:00 2013
 expire  72 days 0 hours
 size0
 maxsize 50.0 GB
 typelive
 locked  0
 status  OK
 version 130
 channel EASTHQ  sign: + colour: #FF order: 1sourcelist: 
 EASTHQ   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0Size: 0
 channel CN2BJ   sign: + colour: #ff order: 2sourcelist: 
 CN2BJ   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0Size: 0
 channel CN2CD   sign: + colour: #ff order: 3sourcelist: 
 CN2CD   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0 Size: 0
 channel CN2GZ   sign: + colour: #00ff00 order: 4sourcelist: 
 CN2GZ   ERR Error reading channel stat
 information. Missing key 'first'
 Files: 0Size: 0
 
 .
 
 
 
 
 
 
 At 2013-05-20 22:44:46,Wim Biemolt wim.biem...@surfnet.eu 
 mailto:wim.biem...@surfnet.eu wrote:
 On 20/05/2013 06:37, Eric wrote:
 
From the last screenshot, I can see there are data coming in, but 
 not
  draw diagram (you can see the last update time attribute). Is there
  anyone can help? thanks
 
 I'm afraid I can't really help. But since you mentioned rrd in the
 subject. I performed some upgrades myself yesterday, nfdump from
 1.6.9 to 1.6.10 but also from 'rrdtool-1.4.5' to 'rrdtool-1.4.7_2'.
 After the upgrade all pictures have become empty (zero in size).
 Everything else seems to work fine. But no pictures anymore :-(
 
 Cheers,
 
 -Wim
 
 
 
 
 
 
 
 --
 Try New Relic Now  We'll Send You this Cool Shirt
 New Relic is the only SaaS-based application performance monitoring service 
 that delivers powerful full stack analytics. Optimize and monitor your
 browser, app,  servers with just a few lines of code. Try New Relic
 and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
 
 
 
 ___
 Nfsen-discuss mailing list
 Nfsen-discuss@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
 

-- 
--
Be nice to your netflow data
--
Try New Relic Now  We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app,  servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen (or maybe rrd) not draw diagram

2013-05-22 Thread Eric 
Hi wim  all,
the graph still not updated although datas coming in continously.


here is what I found today, if any one can help? thanks. PS: I run the same 
command on all other profiles, and fine.


[root@nfsen1 live]# /data/nfsen/bin/nfsen -l live
namelive
group   (nogroup)
tcreate Tue Mar  5 17:00:00 2013
tstart  Tue Mar  5 17:01:37 2013
tendWed May 22 12:25:00 2013
updated Wed May 22 12:25:00 2013
expire  72 days 0 hours
size0
maxsize 50.0 GB
typelive
locked  0
status  OK
version 130
channel EASTHQ  sign: + colour: #FF order: 1sourcelist: EASTHQ  
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0
channel CN2BJ   sign: + colour: #ff order: 2sourcelist: CN2BJ   
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0
channel CN2CD   sign: + colour: #ff order: 3sourcelist: CN2CD   
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0
channel CN2GZ   sign: + colour: #00ff00 order: 4sourcelist: CN2GZ   
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0


.








At 2013-05-20 22:44:46,Wim Biemolt wim.biem...@surfnet.eu wrote:
On 20/05/2013 06:37, Eric wrote:

   From the last screenshot, I can see there are data coming in, but not
 draw diagram (you can see the last update time attribute). Is there
 anyone can help? thanks

I'm afraid I can't really help. But since you mentioned rrd in the
subject. I performed some upgrades myself yesterday, nfdump from
1.6.9 to 1.6.10 but also from 'rrdtool-1.4.5' to 'rrdtool-1.4.7_2'.
After the upgrade all pictures have become empty (zero in size).
Everything else seems to work fine. But no pictures anymore :-(

Cheers,

-Wim
--
Try New Relic Now  We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app,  servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen (or maybe rrd) not draw diagram

2013-05-22 Thread Eric 
if I try to rebuild the 'live' profile;



[root@nfsen1 ~]# /data/nfsen/bin/nfsen -r live

ERR Communication nfsend failed. Died at /data/nfsen/libexec/Nfcomm.pm line 
1311, $nfsen_sock line 4.


rebuilding other profiles were all fine.









At 2013-05-22 17:14:55,Eric eric...@163.com wrote:

Hi wim  all,
the graph still not updated although datas coming in continously.


here is what I found today, if any one can help? thanks. PS: I run the same 
command on all other profiles, and fine.


[root@nfsen1 live]# /data/nfsen/bin/nfsen -l live
namelive
group   (nogroup)
tcreate Tue Mar  5 17:00:00 2013
tstart  Tue Mar  5 17:01:37 2013
tendWed May 22 12:25:00 2013
updated Wed May 22 12:25:00 2013
expire  72 days 0 hours
size0
maxsize 50.0 GB
typelive
locked  0
status  OK
version 130
channel EASTHQ  sign: + colour: #FF order: 1sourcelist: EASTHQ  
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0
channel CN2BJ   sign: + colour: #ff order: 2sourcelist: CN2BJ   
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0
channel CN2CD   sign: + colour: #ff order: 3sourcelist: CN2CD   
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0
channel CN2GZ   sign: + colour: #00ff00 order: 4sourcelist: CN2GZ   
ERR Error reading channel stat information. Missing key 'first'
Files: 0Size: 0


.







At 2013-05-20 22:44:46,Wim Biemolt wim.biem...@surfnet.eu wrote:
On 20/05/2013 06:37, Eric wrote:

   From the last screenshot, I can see there are data coming in, but not
 draw diagram (you can see the last update time attribute). Is there
 anyone can help? thanks

I'm afraid I can't really help. But since you mentioned rrd in the
subject. I performed some upgrades myself yesterday, nfdump from
1.6.9 to 1.6.10 but also from 'rrdtool-1.4.5' to 'rrdtool-1.4.7_2'.
After the upgrade all pictures have become empty (zero in size).
Everything else seems to work fine. But no pictures anymore :-(

Cheers,

-Wim



--
Try New Relic Now  We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app,  servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

  1   2   3   >