On Sep 09, "Jeremy Webb" wrote: [snip]
> I have set up flow-tools in conjunction with flowscan. Everything appears > to be working correctly, other than the fact that my flow files appear to > be empty. Each one has a file size of only 108 bytes. When something like > this occurs, what usually seems to be the problem? Is it usually a problem > with the configuration of the router sending the flows, or is it usually a > problem with the flow-tools configuration not processing what it is > receiving correctly? > > This is the kind of stuff I see in my flowscan log: > > 2004/09/09 10:50:04 working on file ft-v05.2004-09-09.104500-0600... > 2004/09/09 10:50:04 flowscan-1.020 CUFlow: Cflow::find took 0 wallclock > secs ( 0.01 usr + 0.00 sys = 0.01 CPU) for 108 flow file bytes, flow hit > ratio: 0/0 > 2004/09/09 10:50:04 flowscan-1.020 CUFlow: report took 0 wallclock secs ( > 0.00 usr + 0.00 sys = 0.00 CPU) > sleep 30... > sleep 30... > > When I view tcpdump, I see a whole lot of this (moving in pretty quickly): > > 14:21:56.662608 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, > length: 1464 > 14:21:56.662813 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, > length: 1464 > 14:21:56.663306 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, > length: 1464 > 14:21:56.663593 IP 192.168.254.254.56133 > 65.105.158.157.2055: UDP, > length: 1464 > > This is my router config: > > ip flow-export version 5 peer-as > ip flow-export source-interface Loopback 0 (This was added as a > suggestion to fix our issue.) > ip flow-export destination 65.105.158.157 2055 > ip flow-cache timeout active 1 > ip route-cache flow (This was assigned to all interfaces.) > > Thanks for your help. What does sockstat -4 (freebsd) or netstat -l -4 (linux) say? Is flow-capture listening on the correct port? I got burned once because I updated the config file but forgot to restart the flow-capture process. Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
