Peter, Apologies for the delayed response. Replies are below.
--jonesy Mark Jones Idaho State University ITS, ISOS IT Programmer Analyst, Associate On Oct 7, 2014, at 11:55 PM, Peter Haag <ph...@users.sourceforge.net> wrote: > Hi Mark, > > On 05/09/14 21:10, Mark Jones wrote: >> Recently installed nfsen. Had to drop back to an earlier version as our OS >> didn’t support the current version. Everything seems to work fine except for >> profiles. I’ve seen this issue discussed on the mailing list, but can’t find >> a clear answer to the problem > > "OS did not support current version" what do you mean by that? Can you please > give the details about OS and tool versions? I believe it was and earlier version of nfDump (version 1.6.9) that I had to install. I kept getting compiler errors that I finally tracked down to in incompatible version of glibc and gcc (under Red Hat Enterprise Linux 6). Further reading shows me that once we upgrade the OS to RHEL 7, this should bring our version of gcc to a version that will compile the latest nfdump. That upgrade will happen over our holidays. > >> >> Our live profile works fine, displays the graphs for our sources with no >> problem. >> >> In trying to create profiles and alerts, though, we can’t get graphs to >> display. If I create a continuous/shadow profile, even though the graphs >> don’t display, I can still run the process at the bottom of the page and get >> results from nfdump. >> >> Ex: A profile with a filter built to monitor http traffic: >> >> ** nfdump -M /flows/live/centurylink:iron -T -r >> 2014/09/04/nfcapd.201409040415 -n 10 -s ip/flows >> nfdump filter: >> (( ident centurylink or ident iron) and ( >> port 80 >> )) >> >> So, the profile can see the flow repositories, but the graph isn’t >> processing them for some reason. I’m not sure what to look for in the logs, >> if there’s any info in there that can help troubleshoot this. And I’m at a >> loss when it comes to RRD, as I’ve never used it before. >> >> I have noted that a Continuous profile will not display even the nfdump >> process at the bottom, giving a stat() error: File not found. Which, I >> assume is because the files aren’t being copied over to profile’s data >> repository. >> >> Any help on getting graphs to work would be appreciated. > > In the port 80 profile - do you see flows, if you simply list flows from the > profile? > When you moved/up/dowgraded tools/OSes - is the new setup identical? > Specifically the namee of the sources need to be the same all over. If I run the Netflow Processing in the details page for the port 80 profile I do get the expected output list of the top 10. I believe all the source routers are named in the configuration. With NFsen we introduced the separate net flow repositories and redesigned our setup to the NFsen manner (separate directories for each live source). Whereas before we had all sources depositing into the same directory. > The source names are reflected in the filer ident strings - so they must > match with your previous installation. > If you run the command above on the command line - is there any avlid output? The command line outputs valid data from the above command. As far as I can tell, nfdump is running normally. > > Regards > > - Peter > >> >> >> System stats follow: >> OS: RHEL 6 >> >> nfsen: 1.3.6p1 $Id: nfsen 53 2012-01-23 16:36:02Z peter $ >> >> nfdump: Version: 1.6.9 $Date: 2013-03-02 16:19:58 +0100 (Sat, 02 Mar 2013) $ >> Compiled with --enable-nfprofile >> >> RRDtool 1.4.8 >> ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
