[tanya-jawab] Masalah dgn Netflow + Flow-tools

[Himawan Nugroho]

Hi,
Ada yg pernah nyobain ngexport netflow data dari Cisco router ke flow-tools?
Saya install flow-tools dan flowscan di Fedora Core 2.
Cisco nya udah di config dgn benar, dan dng konfigurasi:
/usr/local/netflow/bin/flow-capture -w /var/netflow/ft 
10.3.128.220/10.110.1.1/2000 -S5 -V5 -E1G -n 287 -N 0 -R 
/usr/local/netflow/bin/linkme

si netflow collector sudah listen di port 2000, dan dari tcpdump output 
kelihatan kalo paket export netflownya sudah sampai:

# tcpdump -n udp port 2000
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:53:21.461403 IP 10.110.1.1.50323 > 10.3.128.220.2000: UDP, length 1464
15:53:30.462434 IP 10.110.1.1.50323 > 10.3.128.220.2000: UDP, length 1464
Yg jadi masalah, si flow-capture yg harusnya mem-write data netflow ini 
ke folder /var/netflow/ft:

rw-r--r-- 1 root root 88 Jun 16 15:35 ft-v05.2004-06-16.153001+0400
-rw-r--r-- 1 root root 88 Jun 16 15:40 ft-v05.2004-06-16.153839+0400
-rw-r--r-- 1 root root 88 Jun 16 15:45 ft-v05.2004-06-16.154001+0400
-rw-r--r-- 1 root root 88 Jun 16 15:50 ft-v05.2004-06-16.154501+0400
-rw-r--r-- 1 root root 80 Jun 16 15:20 tmp-v05.2004-06-16.152000+0400
kalo dilihat, semua file outputnya, sizenya cuma 88
Waktu flowscans dijalanin, gak ada data yg di process:
tail -f /var/log/flowscan:
sleep 30...
sleep 30...
2004/06/16 15:55:28 working on file 
/var/netflow/ft-v05.2004-06-16.155000+0400...
2004/06/16 15:55:28 flowscan-1.020 CUFlow: Cflow::find took 0 wallclock 
secs ( 0.00 usr + 0.00 sys = 0.00 CPU) for 88 flow file bytes, flow hit 
ratio: 0/0
2004/06/16 15:55:28 flowscan-1.020 CUFlow: report took 0 wallclock secs 
( 0.00 usr 0.00 sys + 0.00 cusr 0.01 csys = 0.01 CPU)

di konfirm pake flow-print < ft-v05... yg ada cuma header netflow doank, 
gak ada datanya

#flow-print < ft-v05.2004-06-16.164500+0400
srcIP            dstIP            prot  srcPort  dstPort  octets      
packets

Padahal data netflow yg nyampe ke host, kalo dilihat datanya besar (1464)
Saya coba pake ethereal, di dalam paketnya ada semua data tentang source 
IP, protokol dll

Ada yg pernah punya pengalaman?
Sorry kalo mailnya kepanjangan
Regards,
Himawan
--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip dan info di http://linux.or.id/milis.php
FAQ milis http://linux.or.id/faq.php