Hi,
I installed nfsen recently and encounter problems with the filter and path
name.
1) I encounter the following error in my Webserver error logs:
sh: /usr/local/php/bin/nfsen: No such file or directory
sh: /usr/local/php/bin/nfsen: No such file or directory
sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
sh: /usr/local/php/bin/GenGraph.pl: No such file or directory
I am not sure why nfsen GUI will look for path in "/usr/local/php". I
clearly set the path in the /usr/local/nfsen/etc/nfsen.conf as such:
#
# Required for default layout
$BASEDIR = "/usr/local/nfsen";
#
# Where to install the NfSen binaries
$BINDIR="${BASEDIR}/bin";
.....
Must I do something to my Apache webserver?
2) Anyway I bypass the above problem by creating /usr/local/php directory
and place the binary files there. The second problem, if I wish to see only
port 80 traffic what should I put in the filter box, under the "detail"
tabs.
I got the following error messages when I put in this command in the Filter
box:
/usr/local/php/bin/nfdump -R
/usr/local/nfsen/profiles/live/18csw01/nfcapd.200705181210:
nfcapd.200705181410
Error Messages:
ERROR: Filter syntax: usage /usr/local/php/bin/nfdump [options] ["filter"]
-h this text you see right here -V Print version and exit. -a Aggregate
netflow data. -A [/net] How to aggregate: ',' sep list of 'srcip dstip
srcport dstport' or subnet aggregation: srcip4/24, srcip6/64. -r read input
from file -w write output to file -f read netflow filter from file -n Define
number of top N. -c Limit number of records to display -S Generate netflow
statistics info. -s [/] Generate statistics for : srcip, dstip, ip, srcport,
dstport, port, srcas, dstas, as, inif, outif, proto and ordered by :
packets, bytes, flows, bps pps and bpp. -q Quiet: Do not print the header
and bottom stat lines. -z Zero flows - dumpfile contains only statistics
record. -l Set limit on packets for line and packed output format. -K Anonymize
IP addressses using CryptoPAn with key . key: 32 character string or 64
digit hex string starting with 0x. -L Set limit on bytes for line and packed
output format. -M Read input from multiple directories. -I Print netflow
summary statistics info from file, specified by -r. /dir/dir1:dir2:dir3 Read
the same files from '/dir/dir1' '/dir/dir2' and '/dir/dir3'. reqquests
either -r filename or -R firstfile:lastfile without pathnames -m Print
netflow data date sorted. Only useful with -M -R Read input from sequence of
files. /any/dir Read all files in that directory. /dir/file Read all files
beginning with 'file'. /dir/file1:file2: Read all files from 'file1' to
file2. -o Use to print out netflow records: raw Raw record dump. line
Standard output line format. long Standard output line format with
additional fields. extended Even more information. pipe '|' separated,
machine parseable output format. mode may be extended by '6' for full IPv6
listing. e.g.long6, extended6. -X Dump Filtertable and exit (debug option).
-Z Check filter syntax and exit. -t time window for filtering packets
yyyy/MM/dd.hh:mm:ss[-yyyy/MM/dd.hh:mm:s! Please advice, thanks in advance.
Andy
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
