I found the problem, in case anyone is still interested. The reason nfcapd is not seeing netflow records is because I am send netflow to the server's secondary eth interface which has a private ip configured.
and from ubuntu 8.04, it seems by default it won't take private ip traffic. in order to disable this feature, you need edit /etc/sysctl.conf, /etc/sysctl.d/10-network-security.conf and change default rp_filter=1 to =0 You would think ubuntu will give some sort of logs for this type of behavior..but it does not... On Thu, Jun 25, 2009 at 12:19 PM, Till Dörges <[email protected]> wrote: > On 18.06.2009 18:05, fedora fedora wrote: > > > No, nfcapd is the only process listening on that port, see the output > below. > [...] > > The server i am using is running 64bit ubuntu 8.10 > > server edition, and > > netflow traffic is being sent over on port 10001. > [...] > > btw, I am sure the netflow traffic is being sent to this > > port, i run a > > tcpdump on port 10001 and the catpured file was > > succefully recognized by > > wireshark as netflow v5 data. > > > > What might be wrong? why nfsen sees no netflow traffic > > at all? > > You also said that it's working correctly on a 32 bit platform? Then > perhaps > something is wrong with the nfcapd binary or any of the libraries on the 64 > bit system? > > For checking this, try 'ldd /path/to/nfcapd'. > > Another idea might be to use 'strace' to see what nfcapd is actually doing. > > HTH -- Till > -- > Dipl.-Inform. Till Dörges [email protected] > > PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH > Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 > Till Dörges Jürgen Sander Axel Theilmann > >
------------------------------------------------------------------------------
_______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
