Assuming that there is something wrong with my plugins, I have tried the
following test:
I've made a copy of the demoplugin (and called it demoplugin2). I have
made the necessary modifications in demoplugin2 so that it looks like a
standalone plugin (added package demoplugin2 and openlog( "demoplugin2",
"", "local0" ), and changed demoplugin to demoplugin2 in every output).
I've added both plugins to the plugin list like this:
@plugins = (
# profile # module
# [ 'live', 'prefixStats' ],
# [ 'live', 'floodsearch' ]
[ 'live', 'demoplugin' ],
[ 'live', 'demoplugin2' ]
);
I've started nfsen, and this is the log I get:
Jan 24 10:14:40 hail gpm[2614]: *** info [client.c(275)]:
Jan 24 10:14:40 hail gpm[2614]: Request on 6 (console 0)
Jan 24 10:14:40 hail gpm[2614]: *** info [client.c(284)]:
Jan 24 10:14:40 hail gpm[2614]: Closing
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18330]: Standard setsockopt,
SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18330]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18332]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18333]: Standard setsockopt,
SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18333]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18335]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18336]: Standard setsockopt,
SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18336]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18338]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18339]: Standard setsockopt,
SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18339]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18341]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18342]: Standard setsockopt,
SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18342]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18344]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18345]: Standard setsockopt,
SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18345]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18347]: Startup.
Jan 24 10:14:41 hail nfsen[18348]: Startup. Version: snapshot-20070110
$Id: nfsend 60 2007-01-09 12:26:47Z peter $
Jan 24 10:14:41 hail nfsen[18350]: Comm server started: [18350]
Jan 24 10:14:41 hail nfsen[18350]: Frontend module 'demoplugin.php' found
Jan 24 10:14:41 hail nfsen[18349]: nfsend: [18349]
Jan 24 10:14:41 hail nfsen[18350]: demoplugin BEGIN
Jan 24 10:14:41 hail demoplugin: Loading plugin 'demoplugin': Success
Jan 24 10:14:41 hail demoplugin: demoplugin: Init
Jan 24 10:14:41 hail demoplugin: Initializing plugin 'demoplugin': Success
Jan 24 10:14:41 hail demoplugin: demoplugin2 BEGIN
Jan 24 10:14:41 hail demoplugin2: Loading plugin 'demoplugin2': Success
Jan 24 10:14:41 hail demoplugin2: demoplugin2: Init
Jan 24 10:14:41 hail demoplugin2: Initializing plugin 'demoplugin2': Success
Jan 24 10:14:41 hail demoplugin2: ModList: ./live - demoplugin2
Jan 24 10:14:41 hail nfsen[18349]: Update profile live in group .
Jan 24 10:14:41 hail nfsen[18349]: Update profile Dusting in group .
Jan 24 10:14:42 hail nfsen[18349]: Run expire at Wed Jan 24 10:10:00 2007
Jan 24 10:14:42 hail nfsen[18349]: Expire profile live group . low water
mark: 0.9%
Jan 24 10:14:42 hail nfsen[18349]: Expire profile Dusting group . low
water mark: 0.9%
Jan 24 10:14:42 hail nfsen[18349]: *** ERROR *** Attempt to set tstart =
0 in 'Dusting'
Jan 24 10:14:42 hail nfsen[18349]: End expire at Wed Jan 24 10:10:00 2007
Jan 24 10:14:42 hail gpm[2614]: *** info [client.c(137)]:
Jan 24 10:14:42 hail gpm[2614]: Connecting at fd 6
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18332]: Ident: '7304bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18335]: Ident: '7304bb2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18338]: Ident: 'GSRtest'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18341]: Ident: '12410bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18344]: Ident: '7606_2_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18347]: Ident: '7606_1_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:30 hail nfsen[18349]: Update profile live in group .
Jan 24 10:15:30 hail nfsen[18349]: Update profile Dusting in group .
Jan 24 10:15:31 hail demoplugin2: comm server started: 18375
Jan 24 10:15:31 hail demoplugin2: Plugin Cycle: Time: 200701241010,
Profile: live, Group: ., Module: demoplugin2,
Jan 24 10:15:31 hail nfsen[18349]: Run expire at Wed Jan 24 10:15:00 2007
Jan 24 10:15:31 hail nfsen[18349]: Expire profile live group . low water
mark: 0.9%
Jan 24 10:15:31 hail nfsen[18349]: Expire profile Dusting group . low
water mark: 0.9%
Jan 24 10:15:31 hail nfsen[18349]: *** ERROR *** Attempt to set tstart =
0 in 'Dusting'
Jan 24 10:15:31 hail nfsen[18349]: End expire at Wed Jan 24 10:15:00 2007
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18332]: Ident: '7304bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18335]: Ident: '7304bb2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18338]: Ident: 'GSRtest'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18341]: Ident: '12410bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18344]: Ident: '7606_2_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18347]: Ident: '7606_1_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:30 hail nfsen[18349]: Update profile live in group .
Jan 24 10:20:30 hail nfsen[18349]: Update profile Dusting in group .
Jan 24 10:20:31 hail demoplugin2: comm server started: 18402
Jan 24 10:20:31 hail demoplugin2: Plugin Cycle: Time: 200701241015,
Profile: live, Group: ., Module: demoplugin2,
Jan 24 10:20:31 hail nfsen[18349]: Run expire at Wed Jan 24 10:20:00 2007
Jan 24 10:20:31 hail nfsen[18349]: Expire profile live group . low water
mark: 0.9%
Jan 24 10:20:31 hail nfsen[18349]: Expire profile Dusting group . low
water mark: 0.9%
Jan 24 10:20:31 hail nfsen[18349]: *** ERROR *** Attempt to set tstart =
0 in 'Dusting'
Jan 24 10:20:31 hail nfsen[18349]: End expire at Wed Jan 24 10:20:00 2007
It seems that in this case too, only the second plugin is run periodically.
Peter, do you have any idea why this happends (and how to fix it)?
Thank you for your support,
Adrian Popa
Adrian Popa wrote:
> Hello,
>
> I've just installed nfsen-snapshot-20070110 on a new server (I want to
> migrate the old collector box, because it couldn't handle the size of
> the netflow exports anymore), and I have to say: good job. The web
> interface is much easier to use and has some new nice features (like
> saving custom output formats and filters).
>
> I've installed the new nfsen on a new server, and I'm trying to get my
> backend plugins to work.
>
> I've modified the way the plugins take in parameters to be compliant
> with the new nfsen and they run.... sort of.
>
> I have 2 custom built plugins, one called 'floodsearch' and the second
> 'prefixStats'. prefixStats was derived from floodsearch at some point
> in their construction.
> I use custom logging for both of them, and both of them run
> beautifully with the previous version of nfsen.
>
> When I start nfsen with both plugins listed in etc/nfsen.conf, this is
> what I get in /var/log/messages:
>
> Jan 23 16:02:54 hail nfsen[6518]: Startup. Version: snapshot-20070110
> $Id: nfsend 60 2007-01-09 12:26:47Z peter $
> Jan 23 16:02:54 hail nfsen[6520]: Comm server started: [6520]
> Jan 23 16:02:54 hail nfsen[6519]: nfsend: [6519]
> Jan 23 16:02:54 hail nfsen[6519]: Update profile live in group .
> Jan 23 16:02:54 hail nfsen[6520]: floodsearch BEGIN
> Jan 23 16:02:54 hail floodsearch: Loading plugin 'floodsearch': Success
> Jan 23 16:02:54 hail floodsearch: floodsearch: Init
> Jan 23 16:02:54 hail floodsearch: Initializing plugin 'floodsearch':
> Success
> Jan 23 16:02:54 hail floodsearch: prefixStats BEGIN
> Jan 23 16:02:54 hail floodsearch: Loading plugin 'prefixStats': Success
> Jan 23 16:02:54 hail floodsearch: prefixStats: Init
> Jan 23 16:02:54 hail floodsearch: Initializing plugin 'prefixStats':
> Success
> Jan 23 16:02:54 hail floodsearch: ModList: ./live - prefixStats
>
>
> Incidentally, this is almost the same thing I get with the old
> version, too:
>
> Jan 21 04:02:42 hail nfsen[11597]: Startup. Version: snapshot-20060810
> $Id: nfsend 59 2006-08-10 17:47:53Z peter $
> Jan 21 04:02:42 hail nfsen[18406]: Comm server started: [18406]
> Jan 21 04:02:42 hail nfsen[18404]: nfsend: [18404]
> Jan 21 04:02:42 hail nfsen[18405]: floodsearch BEGIN
> Jan 21 04:02:42 hail floodsearch: Loading plugin 'floodsearch': Success
> Jan 21 04:02:42 hail floodsearch: floodsearch: Init
> Jan 21 04:02:42 hail floodsearch: Initializing plugin 'floodsearch':
> Success
> Jan 21 04:02:42 hail floodsearch: prefixStats BEGIN
> Jan 21 04:02:42 hail floodsearch: Loading plugin 'prefixStats': Success
> Jan 21 04:02:42 hail floodsearch: prefixStats: Init
> Jan 21 04:02:42 hail floodsearch: Initializing plugin 'prefixStats':
> Success
> Jan 21 04:02:42 hail floodsearch: ModList: live - floodsearch,prefixStats
>
>
> With this scenario, prefixStats works as expected (the logging prooves
> this), but floodsearch acts very strange - the run subroutine is never
> reached, and after 5 minutes, the END subroutine is executed 20+
> times. Here's its log output:
>
> 2007/01/23 15:41:16 INFO> floodsearch.pm:1116 floodsearch::BEGIN -
> starting floodsearch (version 2.0.2)
> 2007/01/23 15:48:24 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:40 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
> 2007/01/23 15:50:19 INFO> floodsearch.pm:1124 floodsearch::END -
> stopping floodsearch
>
> I've noticed that in /var/log/messages, I see a message coming from
> floodsearch saying that prefixStats is ok, and apparently 'ModList:
> ./live - prefixStats' says only prefixStats is running correctly....
>
> I guess I made some mistakes when writing the backend scripts, but
> they ran fine on the older nfsen...
>
> However, starting nfsen with only floodsearch loaded, I can get
> floodsearch to run:
>
> 2007/01/23 16:09:31 INFO> floodsearch.pm:1134 floodsearch::BEGIN -
> starting floodsearch (version 2.0.2)
> 2007/01/23 16:09:31 DEBUG> floodsearch.pm:1115 floodsearch::Init -
> Running Init
> 2007/01/23 16:10:31 DEBUG> floodsearch.pm:199 floodsearch::run -
> Profile: live, Time: 200701231605
> 2007/01/23 16:10:31 DEBUG> floodsearch.pm:609 floodsearch::run -
> Nothing interesting left to do.
> 2007/01/23 16:10:31 INFO> floodsearch.pm:1142 floodsearch::END -
> stopping floodsearch
> 2007/01/23 16:15:31 DEBUG> floodsearch.pm:199 floodsearch::run -
> Profile: live, Time: 200701231610
> 2007/01/23 16:15:31 DEBUG> floodsearch.pm:609 floodsearch::run -
> Nothing interesting left to do.
> 2007/01/23 16:15:31 INFO> floodsearch.pm:1142 floodsearch::END -
> stopping floodsearch
>
>
> (however, the END function wasn't called in the older nfsen version
> every 5 minutes...)
>
> Do you have any idea why this is happening? Any tips on how I could
> fix it?
>
> Thank you a lot!
>
> Adrian Popa
>
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
