Hi
I am having trouble receiving flows at nfcapd.
I am exporting version 5 netflows (cflow) from a juniper router. I am
export them both to my PC running Wireshark and my nfcapd on port 9996.
The interval is 5 and there is traffic on the interfaces involved.
I simultaneously send the flows to Wireshark on my pc and it decodes
them as version 5 flows properly.
However, on the nfcapd I see no data being logged. If I run "nfcapd -E
-p 9996 -I FW -l /data/nfsen/test/ -s 5" I don't see any packets logged
to STDOUT, even though I simultaneously see the packets hit the server
(tcpport port 9996) and also I get the same flows sent to my PC at the
same time.
All I get is this:
[root@ausydmon04 test]# nfcapd -E -p 9996 -I FW -l /data/nfsen/test/ -s
5
File Block Header:
NumBlocks = 0
Size = 0
id = 2
Any idea where I could be going wrong? I am running nfcapd as root.
[root@ausydmon04 test]# nfcapd -V
nfcapd: Version: 1.6.6 $Date: 2012-03-11 11:57:45 +0100 (Sun, 11 Mar
2012) $
Thanks, Nick.
_________________________________________________________________________________________
This email has been scanned by the MessageLabs Email Security System on behalf
of Medibank Health Solutions.
For more information please visit http://www.symanteccloud.com
_________________________________________________________________________________________
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
