On 16/02/2023 12:45, nfsen-discuss-requ...@lists.sourceforge.net wrote:
I have a fresh install from scratch, with nfdump 1.7.1 and nfsen 1.3.8, but
when nfsen starts, nfcapd gives an error.
*Syslog report*:
Feb 15 09:59:41 nfsen[50860]: Starting nfcapd:(ccr1036cs ccr1036np)path
does not exist: -D Feb 15 09:59:41 nfsen[50860]: No valid directory: -D Feb
15 09:59:46 nfsen[50860]: : collector did not start - see logfile
*CLI*
./nfsen start Starting nfcapd:(ccr1036cs ccr1036np)path does not exist: -D
No valid directory: -D : collector did not start - see logfile Starting
nfsend.
The problem is that nfdump v1.7.x "unicorn" has changed in an
incompatible way to nfdump v1.6.x.
On my system, here is how nfsen is invoking nfdump v1.6.24, as shown by
"ps":
/usr/local/bin/nfcapd -w -D -p 9995 -u netflow -g www-data -B 20000 -S 1
-P /var/nfsen/var/run/p9995.pid -z -I gw1 -l
/var/nfsen/profiles-data/live/gw1
However, looking at the source code to nfdump v1.7.1 here:
https://github.com/phaag/nfdump/blob/v1.7.1/src/nfcapd/nfcapd.c#L748-L758
it shows that the "-w" flag now requires a directory argument:
case 'w':
if (!CheckPath(optarg, S_IFDIR)) {
LogError("No valid directory: %s", optarg);
exit(EXIT_FAILURE);
}
In other words, "-w -D" is being treated as "write to a directory called
-D". Whereas previously, -w was ignored:
https://github.com/phaag/nfdump/blob/v1.6.25/bin/nfcapd.c#L860-L862
case 'w':
// allow for compatibility - always sync timeslot
break;
Therefore, I suggest you downgrade to nfdump v1.6.25, until such time as
someone contributes a patch to nfsen 1.3.8 to work with nfdump 1.7.x
(unfortunately, nfsen is pretty much abandonware at this point in time)
Your nfsen.conf looks fine, although I'd suggest you comment out
PortTracker until you have nfsen+nfdump working first.
HTH,
Brian.
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
