[Nfsen-discuss] nfcapd is not capturing any data.

Mon, 15 Dec 2014 18:02:22 -0800 

Hello,
I need help in trouble shooting why nfcapd is not collecting any data.
I installed and started nfsen. Nfcapd is not collecting any data. Nfcapd data 
files are always created with 276 bytes which I presume is the header.
I have checked if port 1501 that is receiving any data and which it does.
Nfsen process is running and status show collector is running.
I noticed nfsen live profile is displaying error "ERR Channel info file missing 
for channel 'Linux-Host-eth1' in 'live' Files: 0    Size: 0".

# nfdump -r /data/nfsen/profiles-data/live/Linux-Host-eth1/nfcapd.current.23479
Date flow start          Duration Proto      Src IP Addr:Port          Dst IP 
Addr:Port   Packets    Bytes Flows

# tcpdump -i eth1 'udp port 1501'|head -3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
13:56:51.749999 IP xxxx-xxxx.xxxx.xxxxx.net.33018 > 
netflow-proc1.ngid.centurylink.net.saiscm: UDP, length 242
13:56:51.750219 IP xxxx-xxxx.xxxx.xxxxx.net.33018 > 
netflow-proc1.ngid.centurylink.net.saiscm: UDP, length 242
13:56:51.751272 IP xxxx-xxxx.xxxx.xxxxx.net.33018 > 
netflow-proc1.ngid.centurylink.net.saiscm: UDP, length 316
74 packets captured
74 packets received by filter
0 packets dropped by kernel

# ps -ef |grep nfsen
netflow  23481     1  0 08:56 ?        00:00:00 /usr/local/bin/nfcapd -w -D -p 
1501 -u netflow -g www -B 200000 -S 1 -P /data/nfsen/var/run/p1501.pid -z -I 
Linux-Host-eth1 -l /data/nfsen/profiles-data/live/Linux-Host-eth1
netflow  23740     1  0 09:40 ?        00:00:19 /usr/bin/perl -w 
/data/nfsen/bin/nfsend
netflow  23741 23740  0 09:40 ?        00:00:00 /data/nfsen/bin/nfsend-comm
root     24655 23124  0 13:47 pts/0    00:00:00 grep nfsen

# ls -ltr /data/nfsen/profiles-data/live/Linux-Host-eth1/2014/12/15|tail
-rw-r--r-- 1 netflow www 276 Dec 15 12:40 nfcapd.201412151235
-rw-r--r-- 1 netflow www 276 Dec 15 12:45 nfcapd.201412151240
-rw-r--r-- 1 netflow www 276 Dec 15 12:50 nfcapd.201412151245
-rw-r--r-- 1 netflow www 276 Dec 15 12:55 nfcapd.201412151250
-rw-r--r-- 1 netflow www 276 Dec 15 13:00 nfcapd.201412151255
-rw-r--r-- 1 netflow www 276 Dec 15 13:05 nfcapd.201412151300
-rw-r--r-- 1 netflow www 276 Dec 15 13:10 nfcapd.201412151305
-rw-r--r-- 1 netflow www 276 Dec 15 13:15 nfcapd.201412151310
-rw-r--r-- 1 netflow www 276 Dec 15 13:20 nfcapd.201412151315
-rw-r--r-- 1 netflow www 276 Dec 15 13:25 nfcapd.201412151320

# ls -l /data/nfsen/profiles-data/live/Linux-Host-eth1/
total 12
drwxr-xr-x 4 netflow www 4096 Dec  1 00:05 2014
-rw-r--r-- 1 netflow www  276 Dec 15 13:20 nfcapd.current.23479
-rw-r--r-- 1 netflow www  276 Dec 15 08:50 nfcapd.current.31558

# nfsen status
NfSen version: 1.3.5
NfSen status:
Collector for (Linux-Host-eth1) port 1501 is running [23481].
nfsen daemon:  pid: [23740] is running.

# nfsen --get-profile live
name    live
group   (nogroup)
tcreate Wed Nov 19 08:55:00 2014
tstart  Wed Dec 31 17:00:00 1969
tend    Mon Dec 15 12:15:00 2014
updated Mon Dec 15 12:15:00 2014
expire  0 hours
size    0
maxsize 0
type    live
locked  0
status  OK
version 130
channel Linux-Host-eth1 sign: + colour: #ff0000 order: 1        sourcelist: 
Linux-Host-eth1    ERR Channel info file missing for channel 'Linux-Host-eth1' 
in 'live'
   Files: 0    Size: 0

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Here is my config file. Nfsen.conf
$BASEDIR = "/data/nfsen";
$BINDIR="${BASEDIR}/bin";
$LIBEXECDIR="${BASEDIR}/libexec";
$CONFDIR="${BASEDIR}/etc";
$HTMLDIR    = "/var/www/nfsen/";
$DOCDIR="${HTMLDIR}/doc";
$VARDIR="${BASEDIR}/var";
$PROFILESTATDIR="${BASEDIR}/profiles-stat";
$PROFILEDATADIR="${BASEDIR}/profiles-data";
$BACKEND_PLUGINDIR="${BASEDIR}/plugins";
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
$PREFIX  = '/usr/local/bin';
$USER    = "netflow";
$WWWUSER  = "www";
$WWWGROUP = "www";
$BUFFLEN = 200000;
$SUBDIRLAYOUT = 1;
$ZIPcollected   = 1;
$ZIPprofiles    = 1;
$PROFILERS = 2;
$DISKLIMIT = 98;
$PROFILERS = 6;
%sources = (
    'Linux-Host-eth1'   => { 'port' => '1501', 'col' => '#ff0000', 'type' => 
'netflow' },
);
$low_water = 90;
$syslog_facility = 'local3';
@plugins = (
    # profile    # module
    # [ '*',     'demoplugin' ],
);
%PluginConf = (
   # For plugin demoplugin
   demoplugin => {
        # scalar
        param2 => 42,
        # hash
        param1 => { 'key' => 'value' },
   },
   # for plugin otherplugin
   otherplugin => [
        # array
        'mary had a little lamb'
   ],
);
$MAIL_FROM   = 'y...@from.example.net';
$SMTP_SERVER = 'localhost';
$MAIL_BODY      = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
1;

Thanks
Srikanth Duddilla (Sree)
Email: 
srikanth.duddi...@centurylink.com<mailto:srikanth.duddi...@centurylink.com>

This communication is the property of CenturyLink and may contain confidential 
or privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful. If you have received this communication in 
error, please immediately notify the sender by reply e-mail and destroy all 
copies of the communication and any attachments.

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to