Re: [Nfsen-discuss] nfsen FHS'd on Debian Jessie

Alex Moura Mon, 24 Mar 2014 18:10:26 -0700

Hello,

Just to be sure: what is the output of:


rrdtool -v

and the file and directory permissions are all ok in the $*DIR variables, 
mainly in: 

$VARDIR="${BASEDIR}/var";

$PROFILESTATDIR="${BASEDIR}/profiles-stat";

$PROFILEDATADIR="${BASEDIR}/profiles-data";

And also in:
/var/cache/nfdump/profiles-data/live ?

Regards,
Alex

> On 24/03/2014, at 12:44, Alfredo Sola <alfr...@solucionesdinamicas.net> wrote:
> 
> 
>    Good day,
> 
>    I have been using now and then nfsen/nfdump for some years, but I don't 
> claim to be an expert.
> 
>    As a platform for detecting trouble early (we could call that VEDA, yes? 
> Very Early DDoS Alert :) it is as good as things can conceivably be, in my 
> opinion. It is also a very convenient way to peek on network traffic. I'd say 
> that it fulfills those design goals quite nicely.
> 
>    In my latest implementation, I am struggling with two things: Make it work 
> with a directory layout as FHS as possible, and script some early response 
> when trouble comes down the pipes.
> 
>    As for the first question, I have 'apt-get nfdump' and that works, but 
> have been unable to make nfsen work. It does start nfcapd among some 
> complains about Perl (which is at version 5.18.2, which I understand should 
> work) and I can nfdump stuff out of the nfcapd files, but the web page says, 
> "Frontend - Backend version missmatch!" and "No data available!". I have been 
> searching this list in particular and the web in general, and applied the 
> session patch, but nothing helped.
> 
>    I noticed there was at one point a mentoring request on Debian to pack 
> nfsen up, but it was withdrawn. Lack of interest? I'd love to be able to 
> apt-get install nfsen and have things just work, and I'm willing to put down 
> some resources towards that.
> 
>    Regarding the second question, I notice that there is currently no way to 
> have nfsen start nfcapd with custom args. I want to start nfcapd with -x 
> /usr/local/bin/somescript %d/%f so that I can run a custom nfdump analysis as 
> soon as a five-minute period is done, but for that the only solution is to 
> either edit NfSenRC.pm (and therefore when updating one needs to remember 
> patching it up again), or use something like incron. So I'd like to make that 
> a feature request, to provide support for a -x parameter or custom additional 
> parameters in nfsen.conf.
> 
>    Thanks for any pointers, answers, ideas and cluebaits.
> 
>    System information:
> 
> --------------------------------8<--------------------------------
> $ dpkg -l librrds-perl
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name                       Version            Architecture       
> Description
> +++-==========================-==================-==================-=========================================================
> ii  librrds-perl               1.4.7-2.1          amd64              
> time-series data storage and display system (Perl interfa
> --------------------------------8<--------------------------------
> $ nfdump -V
> nfdump: Version: 1.6.8p1 $Date: 2012-11-10 12:40:54 +0100 (Sat, 10 Nov 2012) $
> --------------------------------8<--------------------------------
> root@monitor1:~# nfsen -V
> Subroutine Lookup::pack_sockaddr_in6 redefined at 
> /usr/share/perl/5.18/Exporter.pm line 66.
> at /usr/local/bin/libexec/Lookup.pm line 43.
> Subroutine Lookup::unpack_sockaddr_in6 redefined at 
> /usr/share/perl/5.18/Exporter.pm line 66.
> at /usr/local/bin/libexec/Lookup.pm line 43.
> Subroutine Lookup::sockaddr_in6 redefined at /usr/share/perl/5.18/Exporter.pm 
> line 66.
> at /usr/local/bin/libexec/Lookup.pm line 43.
> Subroutine AbuseWhois::pack_sockaddr_in6 redefined at 
> /usr/share/perl/5.18/Exporter.pm line 66.
> at /usr/local/bin/libexec/AbuseWhois.pm line 42.
> Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at 
> /usr/share/perl/5.18/Exporter.pm line 66.
> at /usr/local/bin/libexec/AbuseWhois.pm line 42.
> Subroutine AbuseWhois::sockaddr_in6 redefined at 
> /usr/share/perl/5.18/Exporter.pm line 66.
> at /usr/local/bin/libexec/AbuseWhois.pm line 42.
> Subroutine AbuseWhois::pack_sockaddr_in6 redefined at 
> /usr/local/bin/libexec/AbuseWhois.pm line 44.
> Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at 
> /usr/local/bin/libexec/AbuseWhois.pm line 44.
> Subroutine AbuseWhois::sockaddr_in6 redefined at 
> /usr/local/bin/libexec/AbuseWhois.pm line 44.
> /usr/local/bin/nfsen: 1.3.6p1 $Id: nfsen 53 2012-01-23 16:36:02Z peter $
> --------------------------------8<--------------------------------
> $ egrep -v '(^#|^$)' /etc/nfsen/nfsen.conf
> $BASEDIR = "/var/cache/nfdump";
> $BINDIR="/usr/local/bin";
> $LIBEXECDIR="${BINDIR}/libexec";
> $CONFDIR="/etc/nfsen";
> $HTMLDIR    = "/srv/mynicenfsenweb";
> $DOCDIR="${HTMLDIR}/doc";
> $VARDIR="${BASEDIR}/var";
> $PIDDIR="/run/nfsen";
> $PROFILESTATDIR="${BASEDIR}/profiles-stat";
> $PROFILEDATADIR="${BASEDIR}/profiles-data";
> $BACKEND_PLUGINDIR="${BASEDIR}/plugins";
> $FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
> $PREFIX  = '/usr/bin';
> $USER    = "www-data";
> $WWWUSER  = "www-data";
> $WWWGROUP = "www-data";
> $BUFFLEN = 200000;
> $SUBDIRLAYOUT = 1;
> $ZIPcollected     = 1;
> $ZIPprofiles     = 1;
> $PROFILERS = 2;
> $DISKLIMIT = 95;
> $PROFILERS = 6;
> %sources = (
>    'r1'        => { 'port' => '9996', 'IP' => '10.2.3.2', 'col' => '#0000FF' 
> },
> );
> $low_water = 90;
> $syslog_facility = 'local3';
> @plugins = (
>    # profile    # module
>    # [ '*',     'demoplugin' ],
> );
> %PluginConf = (
>    # For plugin demoplugin
>    demoplugin => {
>        # scalar
>        param2 => 42,
>        # hash
>        param1 => { 'key' => 'value' },
>    },
>    # for plugin otherplugin
>    otherplugin => [
>        # array
>        'mary had a little lamb'
>    ],
> );
> $MAIL_FROM   = 'r...@me.com';
> $SMTP_SERVER = 'localhost';
> $MAIL_BODY     = q{
> Alerta: '@alert@' en @timeslot@
> };
> 1;
> --------------------------------8<--------------------------------
> Some syslog:
> Mar 24 16:20:00 monitor1 nfcapd[1840]: Ident: 'r1' Flows: 168458, Packets: 
> 9271494, Bytes: 1978520360, Sequence Errors: 3, Bad Packets: 0
> Mar 24 16:20:00 monitor1 nfcapd[1840]: Total ignored packets: 0
> Mar 24 16:20:15 monitor1 nfsen[1935]: connection on UNIX socket
> Mar 24 16:20:15 monitor1 nfsen[1935]: comm server started: 10206
> Mar 24 16:20:15 monitor1 nfsen[10206]: Cmd Decode: signal
> Mar 24 16:20:15 monitor1 nfsen[10206]: Cmd Decode: quit
> Mar 24 16:20:15 monitor1 nfsen[1934]: Signal 'start-periodic'
> Mar 24 16:20:15 monitor1 nfsen[1934]: Run periodic at Mon Mar 24 16:20:00 2014
> Mar 24 16:20:15 monitor1 nfsen[1934]: Prepare profiling './live'
> Mar 24 16:20:15 monitor1 nfsen[1934]: 1 channels/alerts to profile
> Mar 24 16:20:15 monitor1 nfsen[1934]: Limit profilers: 1
> Mar 24 16:20:15 monitor1 nfsen[10207]: profile opts: .#~pps#8#pps#r1 for 
> profiler 0
> Mar 24 16:20:15 monitor1 nfsen[10207]: profiler 0 started
> Mar 24 16:20:15 monitor1 nfsen[1935]: comm child[10206] terminated with no 
> exit value
> Mar 24 16:20:15 monitor1 nfprofile[10208]: Process line '.#~pps#8#pps#r1#012'
> Mar 24 16:20:15 monitor1 nfprofile[10208]: Setup channel 'pps' in profile 
> '~pps' group '.', channellist 'r1'
> Mar 24 16:20:15 monitor1 nfsen[10207]: profiler 0 finished
> Mar 24 16:20:15 monitor1 nfsen[1934]: Update profile live in group .
> Mar 24 16:20:15 monitor1 nfsen[1934]: Add channel size 930033664
> Mar 24 16:20:15 monitor1 nfsen[1934]: Set new profile size: 930033664
> Mar 24 16:20:15 monitor1 nfsen[1934]: Add .:live:201403241615 for plugin 
> processing
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> traffic-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 337.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> traffic-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 346.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> traffic-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 356.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> traffic-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 366.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> packets-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 337.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> packets-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 346.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> packets-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 356.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> packets-day: Legend set but no color: r1 at 
> /usr/local/bin/libexec/NfSenRRD.pm line 366.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm 
> line 337.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm 
> line 346.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm 
> line 356.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file or 
> directory
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live, 
> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm 
> line 366.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Error graph update: Error GenGraph: 
> Profile: live, flows-day: Legend set but no color: r1
> Mar 24 16:20:15 monitor1 nfsen[1934]: Run plugins for 201403241615
> Mar 24 16:20:15 monitor1 nfsen[1935]: connection on UNIX socket
> Mar 24 16:20:15 monitor1 nfsen[1935]: comm server started: 10210
> Mar 24 16:20:15 monitor1 nfsen[10210]: Cmd Decode: run-plugins
> Mar 24 16:20:15 monitor1 nfsen[10210]: Plugin Cycle: ., live, 201403241615
> Mar 24 16:20:15 monitor1 nfsen[10210]: Cmd Decode: quit
> Mar 24 16:20:15 monitor1 nfsen[1934]: Run plugins done.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Check alerts for Mon Mar 24 16:15:00 
> 2014
> Mar 24 16:20:15 monitor1 nfsen[1934]: Process alert 'pps'
> Mar 24 16:20:15 monitor1 nfsen[1934]: alert 'pps': conditions based on total 
> flow summary
> Mar 24 16:20:15 monitor1 nfsen[1934]: condition 0: evaluated to False
> Mar 24 16:20:15 monitor1 nfsen[1934]: Resulted condition: False
> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' condition == false
> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' Status: 1.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' Blocks: 0.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' Info  : .
> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' done.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Check alerts done.
> Mar 24 16:20:15 monitor1 nfsen[1934]: Run expire at Mon Mar 24 16:20:00 2014
> Mar 24 16:20:15 monitor1 nfsen[1934]: Expire profile live group . low water 
> mark: 90%%
> Mar 24 16:20:15 monitor1 nfsen[1935]: comm child[10210] terminated with no 
> exit value
> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Include nfcapd bookeeping 
> record in /var/cache/nfdump/profiles-data/./live/r1
> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Expired files:      0
> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Expired file size:  0 B
> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Expired time range: 0 sec
> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire:
> Mar 24 16:20:15 monitor1 nfsen[1934]: End expire at Mon Mar 24 16:20:00 2014
> Mar 24 16:20:15 monitor1 nfsen[1935]: connection on UNIX socket
> Mar 24 16:20:15 monitor1 nfsen[1935]: comm server started: 10214
> Mar 24 16:20:15 monitor1 nfsen[10214]: Cmd Decode: signal
> Mar 24 16:20:15 monitor1 nfsen[10214]: Cmd Decode: quit
> Mar 24 16:20:15 monitor1 nfsen[1934]: Signal 'end-periodic'
> Mar 24 16:20:15 monitor1 nfsen[10214]: Cleanup Routine
> Mar 24 16:20:15 monitor1 nfsen[1935]: comm child[10214] terminated with no 
> exit value
> Mar 24 16:22:31 monitor1 nfsen[1935]: connection on UNIX socket
> Mar 24 16:22:31 monitor1 nfsen[1935]: comm server started: 10265
> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: get-globals
> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: get-du
> Mar 24 16:22:31 monitor1 nfsen[10265]: comm child[10266] terminated with no 
> exit value
> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: get-profile
> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: quit
> Mar 24 16:22:31 monitor1 nfsen[1935]: comm child[10265] terminated with no 
> exit value
> 
> -- 
> Alfredo Sola
> http://www.tecnocratica.net/
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Re: [Nfsen-discuss] nfsen FHS'd on Debian Jessie

Reply via email to