-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/8/10 9:35 PM, Andy Johnston wrote:
> I've had a collection and analysis sytem based on flow-tools for years now,
> but for the six months or so, I've been using ft2nfdump and nfdump for
> analysis of the collected flow data and I'm completely sold. I want to
> switch over to nfcapd a skip the ft2nfdump step and then try Nfsen out.
>
> Currently, I'm getting Netflow data from one router. It's sending the data
> to two systems. The older system is an old Solaris box running
> flow-capture. The newer system is RHEL5 where I'm trying to run nfcapd. I
> can't get the nfcapd service to collect packets. It's the same flow as the
> flow-capture system sees and I've captured the incoming Netflow data from
> the router on both systems and verified that the packets match. Nfcapd
> starts, but doesn't appear to see anything.
>
>
> The system has two network interfaces, eth0 and eth1. Eth0 is on the subnet
> with the router. Eth1 is behind a NAT looking at somethine else.
> The IP on eth0 is (munged) router.subnet.aaa.bbb. The router is directing
> netflow data to port 9990 (confirmed using tcpdump).
>
> I'm nfcapd with the command:
>
> nfcapd -z -b router.subnet.aaa.bbb -p 9990 -l /var/NetFlow -I any -S 2 -w
> -e -P /var/NetFlow/nfcapd.pid -D
yes - that's all correct. Any SE-Linux - firewall rules somewhere?
For testing: ommit -D and add -E
- Peter
>
>
> The pid file is created and the default subdirectory structure appears under
> /var/NetFlow, but nothing is entered.
>
>
> Am I submitting the command incorrectly?
>
> Thank you,
>
> - Andy Johnston
>
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
>
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBTGLSbf5AbZRALNr/AQJgPAP/bC65vCivdcx5YiRgXvJrijD9iPrATT6G
2bJzR8D0Xeu9RM7KF6t3FWlLlQSmTvnHBeceT43iyydySU4aMjotFxXtbEFsUGUx
mKUcq59eALh1j0SLHGhhsyQ3OfoiN2EmZQ3a2B6FKXH4ElktaG5lqgHZU3XjaevX
qQLh8pqjzMQ=
=mOtU
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
