Hi, thanks for your answer.
> rrdtool -v
Well the rrdtool binary wasn't installed, I only had the Perl modules,
which don't depend on it. I installed it (apt-get install rrdtool) and tried
again (restarting nfsen just in case it helped) and waited a few nfcapd
intervals but got to the same point. Here is rrdtool -v :
RRDtool 1.4.7 Copyright 1997-2012 by Tobias Oetiker <t...@oetiker.ch>
Compiled Jan 28 2014 16:25:51
Usage: rrdtool [options] command command_options
Valid commands: create, update, updatev, graph, graphv, dump, restore,
last, lastupdate, first, info, fetch, tune,
resize, xport, flushcached
RRDtool is distributed under the Terms of the GNU General
Public License Version 2. (www.gnu.org/copyleft/gpl.html)
For more information read the RRD manpages
> and the file and directory permissions are all ok in the $*DIR variables,
> mainly in:
They seem ok to me:
> $VARDIR="${BASEDIR}/var";
drwxrwxr-x 1 www-data www-data 26 Mar 22 10:47 /var/cache/nfdump/var
> $PROFILESTATDIR="${BASEDIR}/profiles-stat";
drwxrwxr-x 1 www-data www-data 26 Mar 23 15:11 /var/cache/nfdump/profiles-stat/
> $PROFILEDATADIR="${BASEDIR}/profiles-data";
drwxrwxr-x 1 www-data www-data 16 Mar 23 15:11 /var/cache/nfdump/profiles-data/
> And also in:
> /var/cache/nfdump/profiles-data/live ?
alfredo@monitor1:~$ find /var/cache/nfdump/profiles-data -type d -exec ls -ld
{} \;
drwxrwxr-x 1 www-data www-data 16 Mar 23 15:11 /var/cache/nfdump/profiles-data
drwxrwxr-x 1 www-data www-data 4 Mar 23 14:46
/var/cache/nfdump/profiles-data/live
drwxrwxr-x 1 www-data www-data 50 Mar 25 11:06
/var/cache/nfdump/profiles-data/live/r1
drwxr-xr-x 1 www-data www-data 4 Mar 22 21:10
/var/cache/nfdump/profiles-data/live/r1/2014
drwxr-xr-x 1 www-data www-data 16 Mar 25 00:05
/var/cache/nfdump/profiles-data/live/r1/2014/03
drwxr-xr-x 1 www-data www-data 1292 Mar 23 00:00
/var/cache/nfdump/profiles-data/live/r1/2014/03/22
drwxr-xr-x 1 www-data www-data 10754 Mar 24 00:00
/var/cache/nfdump/profiles-data/live/r1/2014/03/23
drwxr-xr-x 1 www-data www-data 10944 Mar 25 00:00
/var/cache/nfdump/profiles-data/live/r1/2014/03/24
drwxr-xr-x 1 www-data www-data 5092 Mar 25 11:06
/var/cache/nfdump/profiles-data/live/r1/2014/03/25
drwxrwxr-x 1 www-data www-data 6 Mar 23 15:11
/var/cache/nfdump/profiles-data/~pps
drwxrwxr-x 1 www-data www-data 14 Mar 25 11:05
/var/cache/nfdump/profiles-data/~pps/pps
>> On 24/03/2014, at 12:44, Alfredo Sola <alfr...@solucionesdinamicas.net>
>> wrote:
>>
>>
>> Good day,
>>
>> I have been using now and then nfsen/nfdump for some years, but I don't
>> claim to be an expert.
>>
>> As a platform for detecting trouble early (we could call that VEDA, yes?
>> Very Early DDoS Alert :) it is as good as things can conceivably be, in my
>> opinion. It is also a very convenient way to peek on network traffic. I'd
>> say that it fulfills those design goals quite nicely.
>>
>> In my latest implementation, I am struggling with two things: Make it work
>> with a directory layout as FHS as possible, and script some early response
>> when trouble comes down the pipes.
>>
>> As for the first question, I have 'apt-get nfdump' and that works, but
>> have been unable to make nfsen work. It does start nfcapd among some
>> complains about Perl (which is at version 5.18.2, which I understand should
>> work) and I can nfdump stuff out of the nfcapd files, but the web page says,
>> "Frontend - Backend version missmatch!" and "No data available!". I have
>> been searching this list in particular and the web in general, and applied
>> the session patch, but nothing helped.
>>
>> I noticed there was at one point a mentoring request on Debian to pack
>> nfsen up, but it was withdrawn. Lack of interest? I'd love to be able to
>> apt-get install nfsen and have things just work, and I'm willing to put down
>> some resources towards that.
>>
>> Regarding the second question, I notice that there is currently no way to
>> have nfsen start nfcapd with custom args. I want to start nfcapd with -x
>> /usr/local/bin/somescript %d/%f so that I can run a custom nfdump analysis
>> as soon as a five-minute period is done, but for that the only solution is
>> to either edit NfSenRC.pm (and therefore when updating one needs to remember
>> patching it up again), or use something like incron. So I'd like to make
>> that a feature request, to provide support for a -x parameter or custom
>> additional parameters in nfsen.conf.
>>
>> Thanks for any pointers, answers, ideas and cluebaits.
>>
>> System information:
>>
>> --------------------------------8<--------------------------------
>> $ dpkg -l librrds-perl
>> Desired=Unknown/Install/Remove/Purge/Hold
>> |
>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>> ||/ Name Version Architecture
>> Description
>> +++-==========================-==================-==================-=========================================================
>> ii librrds-perl 1.4.7-2.1 amd64
>> time-series data storage and display system (Perl interfa
>> --------------------------------8<--------------------------------
>> $ nfdump -V
>> nfdump: Version: 1.6.8p1 $Date: 2012-11-10 12:40:54 +0100 (Sat, 10 Nov 2012)
>> $
>> --------------------------------8<--------------------------------
>> root@monitor1:~# nfsen -V
>> Subroutine Lookup::pack_sockaddr_in6 redefined at
>> /usr/share/perl/5.18/Exporter.pm line 66.
>> at /usr/local/bin/libexec/Lookup.pm line 43.
>> Subroutine Lookup::unpack_sockaddr_in6 redefined at
>> /usr/share/perl/5.18/Exporter.pm line 66.
>> at /usr/local/bin/libexec/Lookup.pm line 43.
>> Subroutine Lookup::sockaddr_in6 redefined at
>> /usr/share/perl/5.18/Exporter.pm line 66.
>> at /usr/local/bin/libexec/Lookup.pm line 43.
>> Subroutine AbuseWhois::pack_sockaddr_in6 redefined at
>> /usr/share/perl/5.18/Exporter.pm line 66.
>> at /usr/local/bin/libexec/AbuseWhois.pm line 42.
>> Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at
>> /usr/share/perl/5.18/Exporter.pm line 66.
>> at /usr/local/bin/libexec/AbuseWhois.pm line 42.
>> Subroutine AbuseWhois::sockaddr_in6 redefined at
>> /usr/share/perl/5.18/Exporter.pm line 66.
>> at /usr/local/bin/libexec/AbuseWhois.pm line 42.
>> Subroutine AbuseWhois::pack_sockaddr_in6 redefined at
>> /usr/local/bin/libexec/AbuseWhois.pm line 44.
>> Subroutine AbuseWhois::unpack_sockaddr_in6 redefined at
>> /usr/local/bin/libexec/AbuseWhois.pm line 44.
>> Subroutine AbuseWhois::sockaddr_in6 redefined at
>> /usr/local/bin/libexec/AbuseWhois.pm line 44.
>> /usr/local/bin/nfsen: 1.3.6p1 $Id: nfsen 53 2012-01-23 16:36:02Z peter $
>> --------------------------------8<--------------------------------
>> $ egrep -v '(^#|^$)' /etc/nfsen/nfsen.conf
>> $BASEDIR = "/var/cache/nfdump";
>> $BINDIR="/usr/local/bin";
>> $LIBEXECDIR="${BINDIR}/libexec";
>> $CONFDIR="/etc/nfsen";
>> $HTMLDIR = "/srv/mynicenfsenweb";
>> $DOCDIR="${HTMLDIR}/doc";
>> $VARDIR="${BASEDIR}/var";
>> $PIDDIR="/run/nfsen";
>> $PROFILESTATDIR="${BASEDIR}/profiles-stat";
>> $PROFILEDATADIR="${BASEDIR}/profiles-data";
>> $BACKEND_PLUGINDIR="${BASEDIR}/plugins";
>> $FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
>> $PREFIX = '/usr/bin';
>> $USER = "www-data";
>> $WWWUSER = "www-data";
>> $WWWGROUP = "www-data";
>> $BUFFLEN = 200000;
>> $SUBDIRLAYOUT = 1;
>> $ZIPcollected = 1;
>> $ZIPprofiles = 1;
>> $PROFILERS = 2;
>> $DISKLIMIT = 95;
>> $PROFILERS = 6;
>> %sources = (
>> 'r1' => { 'port' => '9996', 'IP' => '10.2.3.2', 'col' => '#0000FF'
>> },
>> );
>> $low_water = 90;
>> $syslog_facility = 'local3';
>> @plugins = (
>> # profile # module
>> # [ '*', 'demoplugin' ],
>> );
>> %PluginConf = (
>> # For plugin demoplugin
>> demoplugin => {
>> # scalar
>> param2 => 42,
>> # hash
>> param1 => { 'key' => 'value' },
>> },
>> # for plugin otherplugin
>> otherplugin => [
>> # array
>> 'mary had a little lamb'
>> ],
>> );
>> $MAIL_FROM = 'r...@me.com';
>> $SMTP_SERVER = 'localhost';
>> $MAIL_BODY = q{
>> Alerta: '@alert@' en @timeslot@
>> };
>> 1;
>> --------------------------------8<--------------------------------
>> Some syslog:
>> Mar 24 16:20:00 monitor1 nfcapd[1840]: Ident: 'r1' Flows: 168458, Packets:
>> 9271494, Bytes: 1978520360, Sequence Errors: 3, Bad Packets: 0
>> Mar 24 16:20:00 monitor1 nfcapd[1840]: Total ignored packets: 0
>> Mar 24 16:20:15 monitor1 nfsen[1935]: connection on UNIX socket
>> Mar 24 16:20:15 monitor1 nfsen[1935]: comm server started: 10206
>> Mar 24 16:20:15 monitor1 nfsen[10206]: Cmd Decode: signal
>> Mar 24 16:20:15 monitor1 nfsen[10206]: Cmd Decode: quit
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Signal 'start-periodic'
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Run periodic at Mon Mar 24 16:20:00
>> 2014
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Prepare profiling './live'
>> Mar 24 16:20:15 monitor1 nfsen[1934]: 1 channels/alerts to profile
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Limit profilers: 1
>> Mar 24 16:20:15 monitor1 nfsen[10207]: profile opts: .#~pps#8#pps#r1 for
>> profiler 0
>> Mar 24 16:20:15 monitor1 nfsen[10207]: profiler 0 started
>> Mar 24 16:20:15 monitor1 nfsen[1935]: comm child[10206] terminated with no
>> exit value
>> Mar 24 16:20:15 monitor1 nfprofile[10208]: Process line '.#~pps#8#pps#r1#012'
>> Mar 24 16:20:15 monitor1 nfprofile[10208]: Setup channel 'pps' in profile
>> '~pps' group '.', channellist 'r1'
>> Mar 24 16:20:15 monitor1 nfsen[10207]: profiler 0 finished
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Update profile live in group .
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Add channel size 930033664
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Set new profile size: 930033664
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Add .:live:201403241615 for plugin
>> processing
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> traffic-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 337.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> traffic-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 346.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> traffic-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 356.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> traffic-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 366.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> packets-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 337.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> packets-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 346.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> packets-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 356.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> packets-day: Legend set but no color: r1 at
>> /usr/local/bin/libexec/NfSenRRD.pm line 366.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm
>> line 337.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm
>> line 346.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm
>> line 356.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Unable to create graph: No such file
>> or directory
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error GenGraph: Profile: live,
>> flows-day: Legend set but no color: r1 at /usr/local/bin/libexec/NfSenRRD.pm
>> line 366.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Error graph update: Error GenGraph:
>> Profile: live, flows-day: Legend set but no color: r1
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Run plugins for 201403241615
>> Mar 24 16:20:15 monitor1 nfsen[1935]: connection on UNIX socket
>> Mar 24 16:20:15 monitor1 nfsen[1935]: comm server started: 10210
>> Mar 24 16:20:15 monitor1 nfsen[10210]: Cmd Decode: run-plugins
>> Mar 24 16:20:15 monitor1 nfsen[10210]: Plugin Cycle: ., live, 201403241615
>> Mar 24 16:20:15 monitor1 nfsen[10210]: Cmd Decode: quit
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Run plugins done.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Check alerts for Mon Mar 24 16:15:00
>> 2014
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Process alert 'pps'
>> Mar 24 16:20:15 monitor1 nfsen[1934]: alert 'pps': conditions based on total
>> flow summary
>> Mar 24 16:20:15 monitor1 nfsen[1934]: condition 0: evaluated to False
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Resulted condition: False
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' condition == false
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' Status: 1.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' Blocks: 0.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' Info : .
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Alert 'pps' done.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Check alerts done.
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Run expire at Mon Mar 24 16:20:00 2014
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Expire profile live group . low water
>> mark: 90%%
>> Mar 24 16:20:15 monitor1 nfsen[1935]: comm child[10210] terminated with no
>> exit value
>> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Include nfcapd bookeeping
>> record in /var/cache/nfdump/profiles-data/./live/r1
>> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Expired files: 0
>> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Expired file size: 0 B
>> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire: Expired time range: 0 sec
>> Mar 24 16:20:15 monitor1 nfsen[1934]: nfexpire:
>> Mar 24 16:20:15 monitor1 nfsen[1934]: End expire at Mon Mar 24 16:20:00 2014
>> Mar 24 16:20:15 monitor1 nfsen[1935]: connection on UNIX socket
>> Mar 24 16:20:15 monitor1 nfsen[1935]: comm server started: 10214
>> Mar 24 16:20:15 monitor1 nfsen[10214]: Cmd Decode: signal
>> Mar 24 16:20:15 monitor1 nfsen[10214]: Cmd Decode: quit
>> Mar 24 16:20:15 monitor1 nfsen[1934]: Signal 'end-periodic'
>> Mar 24 16:20:15 monitor1 nfsen[10214]: Cleanup Routine
>> Mar 24 16:20:15 monitor1 nfsen[1935]: comm child[10214] terminated with no
>> exit value
>> Mar 24 16:22:31 monitor1 nfsen[1935]: connection on UNIX socket
>> Mar 24 16:22:31 monitor1 nfsen[1935]: comm server started: 10265
>> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: get-globals
>> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: get-du
>> Mar 24 16:22:31 monitor1 nfsen[10265]: comm child[10266] terminated with no
>> exit value
>> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: get-profile
>> Mar 24 16:22:31 monitor1 nfsen[10265]: Cmd Decode: quit
>> Mar 24 16:22:31 monitor1 nfsen[1935]: comm child[10265] terminated with no
>> exit value
--
Alfredo Sola
http://www.tecnocratica.net/
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
