just to provide more info here,
When I hook up my laptop (also runs ubuntu, but 32 bit version) to the same
cable, using the same command I see correct nfcapd files being generated.
Something wrong with the server? what should I check? thanks!
On Wed, Jun 17, 2009 at 4:55 PM, fedora fedora <[email protected]> wrote:
> Hello everyone,
>
> I have been trying a whole day to get nfcapd to capture the netflow record
> without any luck, so I figured it is time to ask...
>
> The server i am using is running 64bit ubuntu 8.10 server edition, and
> netflow traffic is being sent over on port 10001.
>
> r...@sflow5:/nfdata/# nfcapd -V
> nfcapd: Version: 1.5.8 $LastChangedDate: 2008-02-21 10:50:02 +0100 (Thu, 21
> Feb 2008) $
> $Id: nfcapd.c 9 2009-05-07 08:59:31Z haag $
>
> the command I run
>
> "nfcapd -w -D -I Test -p 10001 -S 1 -l /nfdata"
>
> The problem is, it seems that nfcapd is not seeing anything coming, all
> files generated are 276byte size without any real data inside.
>
> Jun 17 16:30:10 sflow5 /usr/local/bin/nfcapd[5387]: Ident: 'Test' Flows: 0,
> Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
>
> I also tried aother command, like
>
> "nfcapd -p 10001 -E", nothing happens,
>
> btw, I am sure the netflow traffic is being sent to this port, i run a
> tcpdump on port 10001 and the catpured file was succefully recognized by
> wireshark as netflow v5 data.
>
> What might be wrong? why nfsen sees no netflow traffic at all?
>
> Any help will be greatly appreciated!
>
> FD
>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
