On 29/10/2020 11:35, Mostaf Faridi wrote:
I use nfdump-1.6.16_1
They installed this version of nfdump on many servers. Only on one
server, I see core dump.
Nfdump installed on FreeBSD box and traffic comes from centos OS.
Where I must run nfdump . on FreeBSD box or Centos box?
You run nfcapd on whatever server the Netflow packets arrive at. It
writes files containing the netflow data, normally one file every 5 minutes.
You run nfdump on whatever server is reading the files written by
nfcapd. It might be the same server, or a different one - e.g. if the
files are shared over NFS.
I want know which packages can make cordump. For example which package
like tcp or udp packages make core dump?
The operating system writes a core dump when a program crashes, e.g.
because it executes an illegal instruction or tries to access
out-of-bounds memory.
If I run tcpdump how I understand which packet make core dump?
tcpdump is mainly useful for capturing packets, so you can feed them
back into nfcapd or nfdump, and reproduce the problem on demand.
However with or without tcpdump, you still need to:
- compile nfdump 1.6.20 from source
- run it until it crashes
- use gdb to read the coredump
- perform a backtrace and inspect variables to work out what caused the
crash
OR
- compile nfdump 1.6.20 from source
- run it *under gdb* until it crashes
- perform a backtrace and inspect variables to work out what caused the
crash
However, this is not the list to explain how to debug C code. I suggest
you find a local system administrator and/or C programmer who can help you.
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
