Thank for the replies, but the thing is,
I don't have SELinux running, see below
r...@sflow5:/nfdata# dmesg | egrep -i selinux
[ 0.010000] SELinux: Disabled at boot.
Also right now I have on iptable firewall rules, and just to make sure, I
flush both NAT and general tables.
The result is still same, no data at all.
Why else should I check?
Thanks!
FD
On Thu, Jun 18, 2009 at 12:45 AM, Peter Haag <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> This is most likely an SElinux configuration problem. Check your SE
> policies.
> There should be some guidelines in the mailing list archive.
>
> - Peter
>
> fedora fedora wrote:
> > Hello everyone,
> >
> > I have been trying a whole day to get nfcapd to capture the netflow
> record
> > without any luck, so I figured it is time to ask...
> >
> > The server i am using is running 64bit ubuntu 8.10 server edition, and
> > netflow traffic is being sent over on port 10001.
> >
> > r...@sflow5:/nfdata/# nfcapd -V
> > nfcapd: Version: 1.5.8 $LastChangedDate: 2008-02-21 10:50:02 +0100 (Thu,
> 21
> > Feb 2008) $
> > $Id: nfcapd.c 9 2009-05-07 08:59:31Z haag $
> >
> > the command I run
> >
> > "nfcapd -w -D -I Test -p 10001 -S 1 -l /nfdata"
> >
> > The problem is, it seems that nfcapd is not seeing anything coming, all
> > files generated are 276byte size without any real data inside.
> >
> > Jun 17 16:30:10 sflow5 /usr/local/bin/nfcapd[5387]: Ident: 'Test' Flows:
> 0,
> > Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
> >
> > I also tried aother command, like
> >
> > "nfcapd -p 10001 -E", nothing happens,
> >
> > btw, I am sure the netflow traffic is being sent to this port, i run a
> > tcpdump on port 10001 and the catpured file was succefully recognized by
> > wireshark as netflow v5 data.
> >
> > What might be wrong? why nfsen sees no netflow traffic at all?
> >
> > Any help will be greatly appreciated!
> >
> > FD
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> ------------------------------------------------------------------------------
> > Crystal Reports - New Free Runtime and 30 Day Trial
> > Check out the new simplified licensing option that enables unlimited
> > royalty-free distribution of the report engine for externally facing
> > server and web deployment.
> > http://p.sf.net/sfu/businessobjects
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Nfdump-discuss mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
> - --
> _______ SWITCH - The Swiss Education and Research Network ______
> Peter Haag, Security Engineer, Member of SWITCH CERT
> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> E-mail: [email protected] Web: http://www.switch.ch/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iQCVAwUBSjnUZf5AbZRALNr/AQJduwP/XbLtfrV8CLTwicZRx7aN+I8W3v5Uc/Ej
> H9RVtgmaIepCVbRVajdH9QUiHfxWQZrfFjqSb7NQWstlD1g7nqxh+o8Kx5fXFOGh
> AVHG2SWzQvcXK/JMCmSSe470jlgud9FVgwANPBjdhVCVxndP98O3e8GVZNuZUgz7
> Lx7qEqRjoTo=
> =0wvB
> -----END PGP SIGNATURE-----
>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
