Having no time to wait for a suggestion from you, I've set out to try to
make it work, and I have managed, but only in a crude way...
Here's how:
* The plugins section only activates one plugin (in my case
floodsearch).
* I've modified floodsearch so that when run() ends it will call the
second module (using the bin/testPlugin script)
* I've modified testPlugin, because it seems to me it wasn't updated
to run new types of plugins
Here's what I modified in testPlugin:
I've added
*use lib "/data/nfsen/plugins";*
in the
/# Configuration:
# The only parameter to set:
/section. This because it was complaining it couldn't find my module (it
wasn't included in @INC).
I've added
*use NfProfile;*
to the use section, because otherwise it would complain about not
finding NfProfile::ProfileExists
I've also changed this part at the end of this file from:
*print "Run plugin '$plugin' with profile '$profile' at '$timeslot'\n";
my $sub = "${plugin}::run";
no strict 'refs';
&$sub($profile, $timeslot);
use strict 'refs';
*to:
*print "Run plugin '$plugin' with profile '$profile' at '$timeslot'\n";
my $sub = "${plugin}::run";
my $arguments={'profile' => $profile,
'profilegroup' => ".",
'timeslot' =>$timeslot
};
no strict 'refs';
&$sub($arguments);
use strict 'refs';
*
This change was needed because the plugin got its parameters using the
old convention. Now it uses a hash ref as a parameter.
By doing these changes I've managed to get both plugins running. I
realize this is a hack (quite crude, actually), but I had no choice. I
don't recommend that you use this, but Peter, you might find some
changes useful for the testPlugin script.
Although the problem is partially solved, I'm still looking for a
'conventional' solution for this problem.
If anyone needs logs or anything else, let me know.
Thanks,
Adrian Popa
PS. The mailing list hasn't sent me emails since November last year, so
I'm checking the web interface... Please, reply to my address too, not
only to the mailing list. Thank you.
Adrian Popa wrote:
Assuming that there is something wrong with my plugins, I have tried
the following test:
I've made a copy of the demoplugin (and called it demoplugin2). I have
made the necessary modifications in demoplugin2 so that it looks like
a standalone plugin (added package demoplugin2 and openlog(
"demoplugin2", "", "local0" ), and changed demoplugin to demoplugin2
in every output).
I've added both plugins to the plugin list like this:
@plugins = (
# profile # module
# [ 'live', 'prefixStats' ],
# [ 'live', 'floodsearch' ]
[ 'live', 'demoplugin' ],
[ 'live', 'demoplugin2' ]
);
I've started nfsen, and this is the log I get:
Jan 24 10:14:40 hail gpm[2614]: *** info [client.c(275)]:
Jan 24 10:14:40 hail gpm[2614]: Request on 6 (console 0)
Jan 24 10:14:40 hail gpm[2614]: *** info [client.c(284)]:
Jan 24 10:14:40 hail gpm[2614]: Closing
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18330]: Standard
setsockopt, SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18330]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18332]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18333]: Standard
setsockopt, SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18333]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18335]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18336]: Standard
setsockopt, SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18336]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18338]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18339]: Standard
setsockopt, SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18339]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18341]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18342]: Standard
setsockopt, SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18342]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18344]: Startup.
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18345]: Standard
setsockopt, SO_RCVBUF is 135168 Requested length is 200000 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18345]: System set
setsockopt, SO_RCVBUF to 262142 bytes
Jan 24 10:14:40 hail /usr/local/bin/nfcapd[18347]: Startup.
Jan 24 10:14:41 hail nfsen[18348]: Startup. Version: snapshot-20070110
$Id: nfsend 60 2007-01-09 12:26:47Z peter $
Jan 24 10:14:41 hail nfsen[18350]: Comm server started: [18350]
Jan 24 10:14:41 hail nfsen[18350]: Frontend module 'demoplugin.php' found
Jan 24 10:14:41 hail nfsen[18349]: nfsend: [18349]
Jan 24 10:14:41 hail nfsen[18350]: demoplugin BEGIN
Jan 24 10:14:41 hail demoplugin: Loading plugin 'demoplugin': Success
Jan 24 10:14:41 hail demoplugin: demoplugin: Init
Jan 24 10:14:41 hail demoplugin: Initializing plugin 'demoplugin':
Success
Jan 24 10:14:41 hail demoplugin: demoplugin2 BEGIN
Jan 24 10:14:41 hail demoplugin2: Loading plugin 'demoplugin2': Success
Jan 24 10:14:41 hail demoplugin2: demoplugin2: Init
Jan 24 10:14:41 hail demoplugin2: Initializing plugin 'demoplugin2':
Success
Jan 24 10:14:41 hail demoplugin2: ModList: ./live - demoplugin2
Jan 24 10:14:41 hail nfsen[18349]: Update profile live in group .
Jan 24 10:14:41 hail nfsen[18349]: Update profile Dusting in group .
Jan 24 10:14:42 hail nfsen[18349]: Run expire at Wed Jan 24 10:10:00 2007
Jan 24 10:14:42 hail nfsen[18349]: Expire profile live group . low
water mark: 0.9%
Jan 24 10:14:42 hail nfsen[18349]: Expire profile Dusting group . low
water mark: 0.9%
Jan 24 10:14:42 hail nfsen[18349]: *** ERROR *** Attempt to set tstart
= 0 in 'Dusting'
Jan 24 10:14:42 hail nfsen[18349]: End expire at Wed Jan 24 10:10:00 2007
Jan 24 10:14:42 hail gpm[2614]: *** info [client.c(137)]:
Jan 24 10:14:42 hail gpm[2614]: Connecting at fd 6
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18332]: Ident: '7304bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18335]: Ident: '7304bb2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18338]: Ident: 'GSRtest'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18341]: Ident: '12410bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18344]: Ident: '7606_2_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:20 hail /usr/local/bin/nfcapd[18347]: Ident: '7606_1_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:15:30 hail nfsen[18349]: Update profile live in group .
Jan 24 10:15:30 hail nfsen[18349]: Update profile Dusting in group .
Jan 24 10:15:31 hail demoplugin2: comm server started: 18375
Jan 24 10:15:31 hail demoplugin2: Plugin Cycle: Time: 200701241010,
Profile: live, Group: ., Module: demoplugin2,
Jan 24 10:15:31 hail nfsen[18349]: Run expire at Wed Jan 24 10:15:00 2007
Jan 24 10:15:31 hail nfsen[18349]: Expire profile live group . low
water mark: 0.9%
Jan 24 10:15:31 hail nfsen[18349]: Expire profile Dusting group . low
water mark: 0.9%
Jan 24 10:15:31 hail nfsen[18349]: *** ERROR *** Attempt to set tstart
= 0 in 'Dusting'
Jan 24 10:15:31 hail nfsen[18349]: End expire at Wed Jan 24 10:15:00 2007
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18332]: Ident: '7304bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18335]: Ident: '7304bb2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18338]: Ident: 'GSRtest'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18341]: Ident: '12410bcnt2'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18344]: Ident: '7606_2_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:20 hail /usr/local/bin/nfcapd[18347]: Ident: '7606_1_Lab'
Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Jan 24 10:20:30 hail nfsen[18349]: Update profile live in group .
Jan 24 10:20:30 hail nfsen[18349]: Update profile Dusting in group .
Jan 24 10:20:31 hail demoplugin2: comm server started: 18402
Jan 24 10:20:31 hail demoplugin2: Plugin Cycle: Time: 200701241015,
Profile: live, Group: ., Module: demoplugin2,
Jan 24 10:20:31 hail nfsen[18349]: Run expire at Wed Jan 24 10:20:00 2007
Jan 24 10:20:31 hail nfsen[18349]: Expire profile live group . low
water mark: 0.9%
Jan 24 10:20:31 hail nfsen[18349]: Expire profile Dusting group . low
water mark: 0.9%
Jan 24 10:20:31 hail nfsen[18349]: *** ERROR *** Attempt to set tstart
= 0 in 'Dusting'
Jan 24 10:20:31 hail nfsen[18349]: End expire at Wed Jan 24 10:20:00 2007
It seems that in this case too, only the second plugin is run
periodically.
Peter, do you have any idea why this happends (and how to fix it)?
Thank you for your support,
Adrian Popa
Adrian Popa wrote:
Hello,
I've just installed nfsen-snapshot-20070110 on a new server (I want
to migrate the old collector box, because it couldn't handle the size
of the netflow exports anymore), and I have to say: good job. The web
interface is much easier to use and has some new nice features (like
saving custom output formats and filters).
I've installed the new nfsen on a new server, and I'm trying to get
my backend plugins to work.
I've modified the way the plugins take in parameters to be compliant
with the new nfsen and they run.... sort of.
I have 2 custom built plugins, one called 'floodsearch' and the
second 'prefixStats'. prefixStats was derived from floodsearch at
some point in their construction.
I use custom logging for both of them, and both of them run
beautifully with the previous version of nfsen.
When I start nfsen with both plugins listed in etc/nfsen.conf, this
is what I get in /var/log/messages:
Jan 23 16:02:54 hail nfsen[6518]: Startup. Version: snapshot-20070110
$Id: nfsend 60 2007-01-09 12:26:47Z peter $
Jan 23 16:02:54 hail nfsen[6520]: Comm server started: [6520]
Jan 23 16:02:54 hail nfsen[6519]: nfsend: [6519]
Jan 23 16:02:54 hail nfsen[6519]: Update profile live in group .
Jan 23 16:02:54 hail nfsen[6520]: floodsearch BEGIN
Jan 23 16:02:54 hail floodsearch: Loading plugin 'floodsearch': Success
Jan 23 16:02:54 hail floodsearch: floodsearch: Init
Jan 23 16:02:54 hail floodsearch: Initializing plugin 'floodsearch':
Success
Jan 23 16:02:54 hail floodsearch: prefixStats BEGIN
Jan 23 16:02:54 hail floodsearch: Loading plugin 'prefixStats': Success
Jan 23 16:02:54 hail floodsearch: prefixStats: Init
Jan 23 16:02:54 hail floodsearch: Initializing plugin 'prefixStats':
Success
Jan 23 16:02:54 hail floodsearch: ModList: ./live - prefixStats
Incidentally, this is almost the same thing I get with the old
version, too:
Jan 21 04:02:42 hail nfsen[11597]: Startup. Version:
snapshot-20060810 $Id: nfsend 59 2006-08-10 17:47:53Z peter $
Jan 21 04:02:42 hail nfsen[18406]: Comm server started: [18406]
Jan 21 04:02:42 hail nfsen[18404]: nfsend: [18404]
Jan 21 04:02:42 hail nfsen[18405]: floodsearch BEGIN
Jan 21 04:02:42 hail floodsearch: Loading plugin 'floodsearch': Success
Jan 21 04:02:42 hail floodsearch: floodsearch: Init
Jan 21 04:02:42 hail floodsearch: Initializing plugin 'floodsearch':
Success
Jan 21 04:02:42 hail floodsearch: prefixStats BEGIN
Jan 21 04:02:42 hail floodsearch: Loading plugin 'prefixStats': Success
Jan 21 04:02:42 hail floodsearch: prefixStats: Init
Jan 21 04:02:42 hail floodsearch: Initializing plugin 'prefixStats':
Success
Jan 21 04:02:42 hail floodsearch: ModList: live -
floodsearch,prefixStats
With this scenario, prefixStats works as expected (the logging
prooves this), but floodsearch acts very strange - the run subroutine
is never reached, and after 5 minutes, the END subroutine is executed
20+ times. Here's its log output:
2007/01/23 15:41:16 INFO> floodsearch.pm:1116 floodsearch::BEGIN -
starting floodsearch (version 2.0.2)
2007/01/23 15:48:24 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:48:25 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:40 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:49:41 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:18 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
2007/01/23 15:50:19 INFO> floodsearch.pm:1124 floodsearch::END -
stopping floodsearch
I've noticed that in /var/log/messages, I see a message coming from
floodsearch saying that prefixStats is ok, and apparently 'ModList:
./live - prefixStats' says only prefixStats is running correctly....
I guess I made some mistakes when writing the backend scripts, but
they ran fine on the older nfsen...
However, starting nfsen with only floodsearch loaded, I can get
floodsearch to run:
2007/01/23 16:09:31 INFO> floodsearch.pm:1134 floodsearch::BEGIN -
starting floodsearch (version 2.0.2)
2007/01/23 16:09:31 DEBUG> floodsearch.pm:1115 floodsearch::Init -
Running Init
2007/01/23 16:10:31 DEBUG> floodsearch.pm:199 floodsearch::run -
Profile: live, Time: 200701231605
2007/01/23 16:10:31 DEBUG> floodsearch.pm:609 floodsearch::run -
Nothing interesting left to do.
2007/01/23 16:10:31 INFO> floodsearch.pm:1142 floodsearch::END -
stopping floodsearch
2007/01/23 16:15:31 DEBUG> floodsearch.pm:199 floodsearch::run -
Profile: live, Time: 200701231610
2007/01/23 16:15:31 DEBUG> floodsearch.pm:609 floodsearch::run -
Nothing interesting left to do.
2007/01/23 16:15:31 INFO> floodsearch.pm:1142 floodsearch::END -
stopping floodsearch
(however, the END function wasn't called in the older nfsen version
every 5 minutes...)
Do you have any idea why this is happening? Any tips on how I could
fix it?
Thank you a lot!
Adrian Popa
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
