Thanks a lot for the quick advice, Jakub.
So it wasn't nfdump's fault at all. The default template send period for the
ASA is 30 minutes, so all my actions were of no use. I decreased the timeout
rate to 5 minutes. This should minimize loss of flows after nfsen server
restart.
Once again a big thank you for explaining this stuff to me!
Best regards,
Evgheni Dereveanchin
From: Jakub Słociński [mailto:[email protected]]
Sent: 12 November 2012 13:36
To: Evgheni Dereveanchin
Cc: [email protected]
Subject: Re: [Nfdump-discuss] nfdump "No table for id 260" errors
Hi,
that means data record received by nfdump has ID of template table that is not
recognised (yet). Template data is exported each X minutes (depends how it is
set up on ASA), and until it's received by collector, it doesn't know what to
do with data packets (each data packet has template ID defining it's format).
That may happen up to X minutes after nfcaptd collector restart, until it gets
next template-data packet from exporter.
You can speed it up by decreasing template-data export interval on ASA.
--
Regards,
Jakub Słociński
2012/11/12 Evgheni Dereveanchin
<[email protected]<mailto:[email protected]>>
Hi everyone,
Using nfdump + nfsen to collect and analyze NetFlow data from a Cisco ASA
device.
The problem I'm facing is that after the server restart it sometimes fails to
monitor the flows and fills the logs with messages like:
Nov 12 12:33:53 mon /usr/local/bin/nfcapd[16843]: Process v9: [0] No table for
id 265 -> Skip record
Nov 12 12:33:53 mon /usr/local/bin/nfcapd[16843]: Process v9: [0] No table for
id 256 -> Skip record
Nov 12 12:33:53 mon /usr/local/bin/nfcapd[16843]: Process v9: [0] No table for
id 260 -> Skip record
Nov 12 12:33:53 mon /usr/local/bin/nfcapd[16843]: Process v9: [0] No table for
id 256 -> Skip record
Nov 12 12:33:53 mon /usr/local/bin/nfcapd[16843]: Process v9: [0] No table for
id 256 -> Skip record
Nov 12 12:33:53 mon /usr/local/bin/nfcapd[16843]: Process v9: [0] No table for
id 260 -> Skip record
Nov 12 12:33:53 mon /usr/local/bin/nfcapd[16843]: Process v9: [0] No table for
id 256 -> Skip record
Googling did not reveal anything about the cause of this error. I use
nfdump-1.5.8-2-NSEL + nfsen-1.3.6p1 on a CentOS 6 machine.
There is just one collector and one device sending logs currently. Everything
worked flawlessly for a few months, then this started to happen.
I did not upgrade nfdump the ASA. A few days ago it took me a few hours of
random service restarts to make nfdump work. Today it happened again.
Did anyone else experience similar problems? What can I try in order to fix
this?
Best regards,
Evgheni Dereveanchin
________________________________
The information in this email is confidential and may be legally privileged. It
is intended solely for the addressee. Any opinions expressed are mine and do
not necessarily represent the opinions of the Company. Emails are susceptible
to interference. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance on
it, is strictly prohibited and may be unlawful. If you have received this
message in error, do not open any attachments but please notify the EndavaIT
Support Service Desk on (+44 (0)870 423
0187<tel:%28%2B44%20%280%29870%20423%200187>), and delete this message from
your system. The sender accepts no responsibility for information, errors or
omissions in this email, or for its use or misuse, or for any act committed or
omitted in connection with this communication. If in doubt, please verify the
authenticity of the contents with the sender. Please rely on your own virus
checkers as no responsibility is taken by the sender for any damage rising out
of any bug or virus infection.
Endava Limited is a company registered in England under company number 5722669
whose registered office is at 125 Old Broad Street, London, EC2N 1AR, United
Kingdom. Endava Limited is the Endava group holding company and does not
provide any services to clients. Each of Endava Limited and its subsidiaries is
a separate legal entity and has no liability for another such entity's acts or
omissions. Please refer to the "Legal" section on our website for a list of
legal entities.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Nfdump-discuss mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_nov
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
