Dear Peter and list members,
I found a article wrote by David Mackintosh
(http://wiki.xdroop.com/space/Linux/Installing+nfsen) which help me to
workaround on the issue, specifically in "Notes about CentOS 5".
When using the packages quoted by Dave nfsen works fine on RHEL 5.6
and CentOS 5.7, even though I got this little trouble below when
running the nfsen install.pl last:
Can't load
'/usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi/auto/RRDs/RRDs.so'
for module RRDs: librrd.so.4:
This was solved by creating a symbolic link from
"/usr/lib/librrd.so.2.0.15" to "/usr/lib/librrd.so.4"
I'm wondering around others who will try to install the combo
nfsen/nfdump, rrdtools and others dependencies, they shall passthrough
this issue if using an updated RHEL based distro, and can be rather
tough guessing version which works together.
For now I have to thank you Peter who gave me a way to find out the
issue and Dave to host the article (specially because he wrote the
detailed notes) and keep it online until right now.
[]'s
Tiago
2012/2/3 Peter Haag <ph...@users.sourceforge.net>:
> On 2/2/12 18:35, Tiago Flôres wrote:
>> Hi Peter,
>>
>> Just some considerations looking as an analytic view:
>>
>> nfcapd – Reads the netflow data from the network and _stores the data
>> into files_. Automatically rotate files every n minutes. ( typically
>> ever 5 min ) You need one nfcapd process for each netflow stream.
>>
>> Then
>>
>> nfcapd is storing files over _live_ profile directory. These files
>> will be processed and graphs created.
>>
>> nfcapd is _not_ storing files over any other _real_ profile, resulting
>> in no files to be processed and graphs created (with correct
>> timestamp) but in blank. Which mean that graphs has been created
>> perfectly.
>>
>> It might be a nfcapd issue instead of RRD ??
>
> No. nfcapd accepts flow from the network and stores them to the live
> directory spool. All other profiles are updated from nfprofile, which
> filters the flows and stores them inn the profile directories. Additionally
> it updates all RRDs for the profiles. That's why it needs RRD. If there are
> RRD binding issues , the bindary does not start at all, therefore you do
> not have any flow files in any profile.
>
> - Peter
>>
>> Regards
>>
>> Tiago
>>
>>
>> 2012/2/2 Tiago Flôres <ti...@balensiefer.com.br>:
>>> Dear Peter,
>>>
>>> First of all, thank you for paying attention in this question. I
>>> believe that isn't a nfsen/nfdump issue.
>>>
>>> I've manually put some files inside the directory profile's data and
>>> ran "nfsen -r" over the referred profiles and the ERR msg really
>>> disappeared, as you said.
>>>
>>> About the RRD binding issue...I'm working on this field....I've
>>> compiled latest version of rrdtool, but without success and also
>>> downgrading to rrtools-1.4.3 (I've already been tested with CentOS rpm
>>> version 1.4.5).
>>>
>>> This is my current rrdtool compile info (1.4.3):
>>>
>>> ./configure --prefix=/usr/local/rrdtool --enable-ruby-site-install
>>> --enable-perl-site-install --enable-lua-site-install
>>>
>>> [..]
>>>
>>> Config is DONE!
>>>
>>> With MMAP IO: yes
>>> Build rrd_getopt: no
>>> Static programs: no
>>> Perl Modules: perl_piped perl_shared
>>> Perl Binary: /usr/bin/perl
>>> Perl Version: 5.8.8
>>> Perl Options:
>>> Ruby Modules:
>>> Ruby Binary: no
>>> Ruby Options:
>>> Build Lua Bindings: no
>>> Build Tcl Bindings: no
>>> Build Python Bindings: no
>>> Build rrdcgi: yes
>>> Build librrd MT: yes
>>> Use gettext: yes
>>> With libDBI: no
>>>
>>> Libraries: -lxml2 -lcairo -lcairo -lcairo -lm -lcairo
>>> -lpng12 -lglib-2.0 -lpangocairo-1.0 -lpango-1.0 -lcairo
>>> -lgobject-2.0 -lgmodule-2.0 -ldl -lglib-2.0
>>>
>>>
>>> Some of these dependencies came from yum repositories:
>>>
>>> Feb 2 10:46:34 localhost yum: Installed:
>>> libxml2-devel-2.6.26-2.1.12.el5_7.2.i386
>>> Feb 2 10:45:28 localhost yum: Installed:
>>> pango-devel-1.14.9-8.el5.centos.3.i386
>>> Feb 2 10:45:28 localhost yum: Installed: libXft-devel-2.1.10-1.1.i386
>>> Feb 2 10:45:28 localhost yum: Installed: libXext-devel-1.0.1-2.1.i386
>>> Feb 2 10:45:28 localhost yum: Installed: glib2-devel-2.12.3-4.el5_3.1.i386
>>> Feb 2 10:44:24 localhost yum: Installed:
>>> mesa-libGL-devel-6.5.1-7.8.el5.i386
>>> Feb 2 10:44:23 localhost yum: Installed: cairo-devel-1.2.4-5.el5.i386
>>> Feb 2 10:44:20 localhost yum: Installed:
>>> 2:libpng-devel-1.2.10-7.1.el5_7.5.i386
>>>
>>> Could this be envolved with the issue ?
>>>
>>> and
>>>
>>> Why somehow live profile has correct files stored and processed graphs ?
>>>
>>> For now, the question is: Why the pcap files from others real profiles
>>> hasn't been stored in the profiles directory?
>>>
>>>
>>> Thank you again,
>>>
>>>
>>> Tiago
>>>
>>>
>>>
>>>> 2012/2/2 Peter Haag <ph...@users.sourceforge.net>:
>>>>
>>>> This message goes away as soon as you have any files in your directory.
>>>> For some reason the profiling does not produce any output file. Check your
>>>> syslog file. I'm pretty sure your nfprofile has an RRD binding issue, or
>>>> it does not file the library while binding or needs some other libraries
>>>> to resolve.
>>>>
>>>> Regards
>>>>
>>>> - Peter
>>>>
>>>> On 1/31/12 19:45, Tiago Flôres wrote:
>>>>> Hello guys,
>>>>>
>>>>> I've installed nfdump (lastest version 1.6.5) and nfsen (version
>>>>> 1.3.6p1), without any trouble during the installation.
>>>>>
>>>>> Here is some details of compilation:
>>>>>
>>>>> $ ./configure --enable-nfprofile --with-rrdpath=/usr/bin
>>>>> --prefix=/usr/local/nfsen
>>>>>
>>>>> ## --------- ##
>>>>> ## Platform. ##
>>>>> ## --------- ##
>>>>>
>>>>> hostname = localhost.localdomain
>>>>> uname -m = x86_64
>>>>> uname -r = 2.6.18-274.12.1.el5
>>>>> uname -s = Linux
>>>>> uname -v = #1 SMP Tue Nov 29 13:37:46 EST 2011
>>>>>
>>>>> And here is my live profile status:
>>>>>
>>>>> [root@localhost bin]# ./nfsen -l live
>>>>> name live
>>>>> group (nogroup)
>>>>> tcreate Tue Jan 31 15:45:00 2012
>>>>> tstart Tue Jan 31 15:50:00 2012
>>>>> tend Tue Jan 31 16:00:00 2012
>>>>> updated Tue Jan 31 16:00:00 2012
>>>>> expire 0 hours
>>>>> size 17.3 MB
>>>>> maxsize 0
>>>>> type live
>>>>> locked 0
>>>>> status OK
>>>>> version 130
>>>>> channel peer1 sign: + colour: #0055FF order: 1 sourcelist:
>>>>> peer1 Files: 3 Size: 18108416
>>>>>
>>>>> That's look fine. Reiceving and generating graph.
>>>>>
>>>>> I've created another one continous profile for testing, like that:
>>>>>
>>>>> (It is a Individual Profile "WebServer" with a Channel named "Port80",
>>>>> with in the filter rule below)
>>>>>
>>>>> proto tcp and dst port 80
>>>>>
>>>>> Here is the WebServer profile status:
>>>>>
>>>>> [root@localhost bin]# ./nfsen -l WebServer
>>>>> #
>>>>> name WebServer
>>>>> group (nogroup)
>>>>> tcreate Tue Jan 31 16:00:04 2012
>>>>> tstart Tue Jan 31 16:18:23 2012
>>>>> tend Tue Jan 31 16:18:23 2012
>>>>> updated Tue Jan 31 16:18:23 2012
>>>>> expire 60 days 0 hours
>>>>> size 0
>>>>> maxsize 10.0 GB
>>>>> type continuous
>>>>> locked 0
>>>>> status OK
>>>>> version 130
>>>>> channel Port80 sign: + colour: #33FF00 order: 1 sourcelist:
>>>>> peer1 ERR Error reading channel stat information. Missing key
>>>>> 'first'
>>>>
>>>>
>>>>> Files: 0 Size: 0
>>>>>
>>>>>
>>>>> I've been always getting the "ERR Error reading channel stat
>>>>> information. Missing key 'first'" message during the execution.
>>>>>
>>>>> I tried to find out this issue on the mailing list and over the web,
>>>>> but all articles suggest things that I've already done without any
>>>>> success.
>>>>>
>>>>> Here is my nfsen.conf
>>>>>
>>>>> ##############################
>>>>> # NfSen master config file
>>>>> ##############################
>>>>>
>>>>> $BASEDIR = "/usr/local/nfsen";
>>>>> $BINDIR = "${BASEDIR}/bin";
>>>>> $LIBEXECDIR = "${BASEDIR}/libexec";
>>>>> $CONFDIR = "${BASEDIR}/etc";
>>>>> $HTMLDIR = "/var/www/html/nfsen";
>>>>> $DOCDIR = "${HTMLDIR}/doc";
>>>>> $VARDIR = "/dados/nfsen";
>>>>> $PIDDIR = "$VARDIR/run";
>>>>> $FILTERDIR = "${VARDIR}/filters";
>>>>> $FORMATDIR = "${VARDIR}/fmt";
>>>>> $PROFILESTATDIR = "${BASEDIR}/profiles-stat";
>>>>> $PROFILEDATADIR = "${BASEDIR}/profiles-data";
>>>>> $BACKEND_PLUGINDIR = "${BASEDIR}/plugins/nfsen";
>>>>> $FRONTEND_PLUGINDIR = "${HTMLDIR}/plugins";
>>>>> $PREFIX = "/usr/local/nfsen/bin";
>>>>> $COMMSOCKET = "$PIDDIR/nfsen.comm";
>>>>> $USER = "nfsen";
>>>>> $WWWUSER = "apache";
>>>>> $WWWGROUP = "apache";
>>>>> $BUFFLEN = 200000;
>>>>> $SUBDIRLAYOUT = 1;
>>>>> $ZIPcollected = 1;
>>>>> $ZIPprofiles = 1;
>>>>> $PROFILERS = 3;
>>>>> $DISKLIMIT = 98;
>>>>>
>>>>> %sources = (
>>>>> 'peer1' => { 'port' => '63636', 'col' => '#0055FF', 'type' =>
>>>>> 'netflow' },
>>>>> );
>>>>>
>>>>> $low_water = 90;
>>>>> $syslog_facility = 'debug';
>>>>> $LogSocket = 'unix';
>>>>>
>>>>> $MAIL_FROM = 'y...@from.example.net';
>>>>> $SMTP_SERVER = 'localhost';
>>>>> $MAIL_BODY = q{
>>>>> Alert '@alert@' triggered at timeslot @timeslot@
>>>>> };
>>>>>
>>>>>
>>>>> The nfsen user account was assigned in the apache group.
>>>>>
>>>>> /etc/group:
>>>>>
>>>>> apache:x:48:apache,nfsen
>>>>>
>>>>>
>>>>>
>>>>> Here is the BASEDIR: directory and permission structure :
>>>>>
>>>>> [root@localhost nfsen]# l
>>>>> total 40
>>>>> drwxr-xr-x 9 nfsen apache 4096 Jan 31 15:49 .
>>>>> drwxr-xr-x 16 root root 4096 Jan 31 11:21 ..
>>>>> drwxr-xr-x 2 nfsen apache 4096 Jan 31 15:49 bin
>>>>> drwxr-xr-x 2 nfsen apache 4096 Jan 31 15:49 etc
>>>>> drwxr-xr-x 2 root apache 4096 Jan 31 15:49 libexec
>>>>> drwxr-xr-x 3 root apache 4096 Jan 31 15:49 plugins
>>>>> drwxrwxr-x 4 nfsen apache 4096 Jan 31 16:00 profiles-data
>>>>> drwxrwxr-x 4 nfsen apache 4096 Jan 31 16:00 profiles-stat
>>>>> drwxr-xr-x 3 nfsen apache 4096 Jan 31 15:48 share
>>>>>
>>>>>
>>>>> The data stored in profile-data directory:
>>>>>
>>>>> [root@localhost profiles-data]# du -h
>>>>> 4,0K ./WebServer/Port80
>>>>> 8,0K ./WebServer
>>>>> 48M ./live/peer1/2012/01/31
>>>>> 48M ./live/peer1/2012/01
>>>>> 48M ./live/peer1/2012
>>>>> 49M ./live/peer1
>>>>> 49M ./live
>>>>> 49M .
>>>>>
>>>>> Question:
>>>>> I don't know why but even with "real profile" in WebServer profile
>>>>> configuration any data has been stored in the profile directory. The
>>>>> data is only stored in live directory.
>>>>>
>>>>>
>>>>> Results:
>>>>>
>>>>> I have graphics being generated just in live profile.
>>>>>
>>>>> When I try to manually process some flows, (according with no data
>>>>> stored in the WebServer directory), the result is:
>>>>>
>>>>> ** nfdump -M /usr/local/nfsen/profiles-data/WebServer/Port80 -T -r
>>>>> 2012/01/31/nfcapd.201201311630 -n 10 -s ip/flows
>>>>> nfdump filter:
>>>>> any
>>>>> stat() error
>>>>> '/usr/local/nfsen/profiles-data/WebServer/Port80/2012/01/31/nfcapd.201201311630':
>>>>> File not found!
>>>>>
>>>>>
>>>>> I think there is no RRD nor dependencies envolved in this issue.
>>>>>
>>>>> I'll be very thankful with any help. Thanks in advance.
>>>>>
>>>>> Sincerely
>>>>>
>>>>> Tiago Flores
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Keep Your Developer Skills Current with LearnDevNow!
>>>>> The most comprehensive online learning library for Microsoft developers
>>>>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
>>>>> Metro Style Apps, more. Free future releases when you subscribe now!
>>>>> http://p.sf.net/sfu/learndevnow-d2d
>>>>> _______________________________________________
>>>>> Nfsen-discuss mailing list
>>>>> Nfsen-discuss@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>>
>>>> --
>>>> --
>>>> Be nice to your netflow data
>
> --
> --
> Be nice to your netflow data
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
