Hello, I've just installed nfsen-snapshot-20070110 on a new server (I want to migrate the old collector box, because it couldn't handle the size of the netflow exports anymore), and I have to say: good job. The web interface is much easier to use and has some new nice features (like saving custom output formats and filters).
I've installed the new nfsen on a new server, and I'm trying to get my backend plugins to work. I've modified the way the plugins take in parameters to be compliant with the new nfsen and they run.... sort of. I have 2 custom built plugins, one called 'floodsearch' and the second 'prefixStats'. prefixStats was derived from floodsearch at some point in their construction. I use custom logging for both of them, and both of them run beautifully with the previous version of nfsen. When I start nfsen with both plugins listed in etc/nfsen.conf, this is what I get in /var/log/messages: Jan 23 16:02:54 hail nfsen[6518]: Startup. Version: snapshot-20070110 $Id: nfsend 60 2007-01-09 12:26:47Z peter $ Jan 23 16:02:54 hail nfsen[6520]: Comm server started: [6520] Jan 23 16:02:54 hail nfsen[6519]: nfsend: [6519] Jan 23 16:02:54 hail nfsen[6519]: Update profile live in group . Jan 23 16:02:54 hail nfsen[6520]: floodsearch BEGIN Jan 23 16:02:54 hail floodsearch: Loading plugin 'floodsearch': Success Jan 23 16:02:54 hail floodsearch: floodsearch: Init Jan 23 16:02:54 hail floodsearch: Initializing plugin 'floodsearch': Success Jan 23 16:02:54 hail floodsearch: prefixStats BEGIN Jan 23 16:02:54 hail floodsearch: Loading plugin 'prefixStats': Success Jan 23 16:02:54 hail floodsearch: prefixStats: Init Jan 23 16:02:54 hail floodsearch: Initializing plugin 'prefixStats': Success Jan 23 16:02:54 hail floodsearch: ModList: ./live - prefixStats Incidentally, this is almost the same thing I get with the old version, too: Jan 21 04:02:42 hail nfsen[11597]: Startup. Version: snapshot-20060810 $Id: nfsend 59 2006-08-10 17:47:53Z peter $ Jan 21 04:02:42 hail nfsen[18406]: Comm server started: [18406] Jan 21 04:02:42 hail nfsen[18404]: nfsend: [18404] Jan 21 04:02:42 hail nfsen[18405]: floodsearch BEGIN Jan 21 04:02:42 hail floodsearch: Loading plugin 'floodsearch': Success Jan 21 04:02:42 hail floodsearch: floodsearch: Init Jan 21 04:02:42 hail floodsearch: Initializing plugin 'floodsearch': Success Jan 21 04:02:42 hail floodsearch: prefixStats BEGIN Jan 21 04:02:42 hail floodsearch: Loading plugin 'prefixStats': Success Jan 21 04:02:42 hail floodsearch: prefixStats: Init Jan 21 04:02:42 hail floodsearch: Initializing plugin 'prefixStats': Success Jan 21 04:02:42 hail floodsearch: ModList: live - floodsearch,prefixStats With this scenario, prefixStats works as expected (the logging prooves this), but floodsearch acts very strange - the run subroutine is never reached, and after 5 minutes, the END subroutine is executed 20+ times. Here's its log output: 2007/01/23 15:41:16 INFO> floodsearch.pm:1116 floodsearch::BEGIN - starting floodsearch (version 2.0.2) 2007/01/23 15:48:24 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:40 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch 2007/01/23 15:50:19 INFO> floodsearch.pm:1124 floodsearch::END - stopping floodsearch I've noticed that in /var/log/messages, I see a message coming from floodsearch saying that prefixStats is ok, and apparently 'ModList: ./live - prefixStats' says only prefixStats is running correctly.... I guess I made some mistakes when writing the backend scripts, but they ran fine on the older nfsen... However, starting nfsen with only floodsearch loaded, I can get floodsearch to run: 2007/01/23 16:09:31 INFO> floodsearch.pm:1134 floodsearch::BEGIN - starting floodsearch (version 2.0.2) 2007/01/23 16:09:31 DEBUG> floodsearch.pm:1115 floodsearch::Init - Running Init 2007/01/23 16:10:31 DEBUG> floodsearch.pm:199 floodsearch::run - Profile: live, Time: 200701231605 2007/01/23 16:10:31 DEBUG> floodsearch.pm:609 floodsearch::run - Nothing interesting left to do. 2007/01/23 16:10:31 INFO> floodsearch.pm:1142 floodsearch::END - stopping floodsearch 2007/01/23 16:15:31 DEBUG> floodsearch.pm:199 floodsearch::run - Profile: live, Time: 200701231610 2007/01/23 16:15:31 DEBUG> floodsearch.pm:609 floodsearch::run - Nothing interesting left to do. 2007/01/23 16:15:31 INFO> floodsearch.pm:1142 floodsearch::END - stopping floodsearch (however, the END function wasn't called in the older nfsen version every 5 minutes...) Do you have any idea why this is happening? Any tips on how I could fix it? Thank you a lot! Adrian Popa ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
