Eric Jacobsen | 8 Sep 15:44 2011
Picon

.nfstat file not being updated

This problem seems to come up now and again in the list and I'm trying to figure out why it's not working for me.  I've set up a test box with nfsen-1.3.5 and nfdump-1.6.4 on RHEL5 with everything freshly compiled and on local disk (eliminating possible NFS problems).  What I observe is that the size in the .nfstat file is never updated and therefore nfexpire never updates the size in profile.dat with the current size and never expires anything.  This results in the disk filling up.

I would be happy to debug my own problem but I'm stymied about what process is supposed to keep the .nfstat file current.  nfexpire is capable of doing it, but the man page suggests that the -r flag is not meant for normal use, and indeed, it's expensive to recalculate every five minutes from scratch. As a workaround, I set up a cron job to do this hourly. One thread I found in this group from 2008 suggested that nfcapd is responsible for updating this file when it rotates the log file, but in my inspection of the source code the WriteStatInfo() function is only invoked when the parent nfcapd exits (at which point it does in fact write the statfile properly).  The man page for nfcapd makes no mention of maintaining the nfstat file, and only references it for purposes of expiration.  Should I be having nfcapd do the expiration instead of relying on nfexpire? [Note that this might fix my disk problem but wouldn't address the nfsen reporting the wrong information via the UI]  Where nfsen and nfdump are maintained separately, is this just a divergence in the responsibility for this file between the projects?  Is there a requirement to run a specific version of each together for proper functioning?
 
If I knew how this file was supposed to be maintained it would make it easier to figure out what my problem is.

Thanks!

Eric

------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop 
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops?   How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@...
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
Nelson Pereira | 12 Sep 17:21 2011

Problems with PortTracker Plugin: Need help please

Hello,

 

Finished installing and configuring NFSEN 1.3.5 with NFDUMP 1.6.4

 

Getting the netflow from routers and all is good.

 

Now im trying to get NFSEN PortTracker plugin to work.

 

Followed the readme and everything went well. Tried with the demoplugin and was working.

 

But when I changed to Porttracker, then the page displays :

 

Port Tracker

Error reading stat

 

 

Can anyone point me to what could this issue be ?

 

Thanks

 

------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop 
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops?   How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@...
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
eli | 15 Sep 19:42 2011
Picon

can I change the ip lookup to DNS

Hello,
currently the lookup.pm looking for whois sites. since i am working on internal network how i can change it to look my DNS server instead of whois.
Thanks
eli
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop 
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops?   How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@...
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
Philipp Herz - Profihost AG | 16 Sep 15:54 2011

nfsen/sfcapd sflow v5 - scaling multiple interfaces / speeds

Hi nfsen-discuss,

we are monitoring our routers with three different interfaces connecting 
to different internet service providers.

IF  1: 10 Gbit
IF 21:  1 Gbit
IF 22:  1 Gbit

Looking at the captured sFlow data via nfsen webUI or nfdump on 
commandline seems to not correctly scale on the captured data.

Interfaces are additionally monitored by ntop which does graph correctly 
based on the same sFlow v5. (cacti also states that)

Currently i am using a new/custom profile to display channels based on 
filters.

The resulting graph (also on commandline) shows that there is only e.g 
5% of traffic going through IF21 and IF22 which is not correct.

In comparison ntop correctly shows that the amount of traffic on IF21 
and IF22 is almost equal to traffic on IF1.

A quick check using sFlowTrend shows the same/correct accounting.

So questions are

- what am i missing in configuration?
- is there some (builtin) "scaling" which has to be omitted?

Kind regards - Philipp

------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
azadeh hashemi | 17 Sep 10:16 2011
Picon

nfsen config problem

in the config file, I don't know what should I write in the sources field. there are some samples on the net but I can't understand clearly.

------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@...
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
Adrian Popa | 17 Sep 14:30 2011
Picon

Re: nfsen config problem

Here is the default sources setting that comes with nfsen:

%sources = (
    'upstream1'    => { 'port'    => '9995', 'col' => '#0000ff',
'type' => 'netflow' },
    'peer1'        => { 'port'    => '9996', 'col' => '#ff0000' },
);

This is perl syntax, but it shouldn't worry you.
You will define some hash keys (upstream1, peer1) with the names of
your routers (the same names will be visible in the web interface
later on). There is a 20 character limit per source if I remember
correctly...
Next, for each source you will set the port parameter to the UDP port
where you want to export the flows to. Just pick an empty UDP port and
configure your router to export to this port. After restarting nfsen,
you should see a nfcapd process listening on this port in your server.
col is another parameter and sets the default colour for this router.
This can be later changed in the web interface.
type can be netflow or sflow. Default is netflow.

Good luck,
Adrian

P.S. An example that I use is:

%sources = (
    'gatewayb' => { 'port' => '9901', 'col' => '#000fcc', 'type' => 'netflow' },
    'gatewayff' => { 'port' => '9902', 'col' => '#cc0000', 'type' =>
'netflow' },
    'peering' =>  { 'port' => '9903', 'col' => '#cc00cc', 'type' => 'netflow' },
);

On Sat, Sep 17, 2011 at 11:16 AM, azadeh hashemi <xlbrlx@...> wrote:
>
> in the config file, I don't know what should I write in the sources field. there are some samples on the net
but I can't understand clearly.
>
> ------------------------------------------------------------------------------
> BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
> http://p.sf.net/sfu/rim-devcon-copy2
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss@...
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
azadeh hashemi | 17 Sep 19:54 2011
Picon

Re: nfsen config problem

actually I'm using nprobe, sO i don't know any information about router or anything else! nOw what?

From: Adrian Popa <adrian.popa.gh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: azadeh hashemi <xlbrlx <at> yahoo.com>
Cc: "nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org" <nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
Sent: Saturday, September 17, 2011 5:00 PM
Subject: Re: [Nfsen-discuss] nfsen config problem

Here is the default sources setting that comes with nfsen:

%sources = (
    'upstream1'    => { 'port'    => '9995', 'col' => '#0000ff',
'type' => 'netflow' },
    'peer1'        => { 'port'    => '9996', 'col' => '#ff0000' },
);


This is perl syntax, but it shouldn't worry you.
You will define some hash keys (upstream1, peer1) with the names of
your routers (the same names will be visible in the web interface
later on). There is a 20 character limit per source if I remember
correctly...
Next, for each source you will set the port parameter to the UDP port
where you want to export the flows to. Just pick an empty UDP port and
configure your router to export to this port. After restarting nfsen,
you should see a nfcapd process listening on this port in your server.
col is another parameter and sets the default colour for this router.
This can be later changed in the web interface.
type can be netflow or sflow. Default is netflow.

Good luck,
Adrian

P.S. An example that I use is:

%sources = (
    'gatewayb' => { 'port' => '9901', 'col' => '#000fcc', 'type' => 'netflow' },
    'gatewayff' => { 'port' => '9902', 'col' => '#cc0000', 'type' =>
'netflow' },
    'peering' =>  { 'port' => '9903', 'col' => '#cc00cc', 'type' => 'netflow' },
);

On Sat, Sep 17, 2011 at 11:16 AM, azadeh hashemi <xlbrlx-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:
>
> in the config file, I don't know what should I write in the sources field. there are some samples on the net but I can't understand clearly.
>
> ------------------------------------------------------------------------------
> BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
> http://p.sf.net/sfu/rim-devcon-copy2
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>


------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@...
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
Mark D. Nagel | 17 Sep 20:11 2011

Re: nfsen config problem

On 9/17/2011 10:54 AM, azadeh hashemi wrote:
actually I'm using nprobe, sO i don't know any information about router or anything else! nOw what?

The name is just a label.  Call it whatever you like to reflect what you are capturing with nprobe.  he important thing is the name and port need to be unique and the port needs to match the port you use to send data to your nfdump collector.

Mark



From: Adrian Popa <adrian.popa.gh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: azadeh hashemi <xlbrlx-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
Cc: "nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org" <nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
Sent: Saturday, September 17, 2011 5:00 PM
Subject: Re: [Nfsen-discuss] nfsen config problem

Here is the default sources setting that comes with nfsen:

%sources = (
    'upstream1'    => { 'port'    => '9995', 'col' => '#0000ff',
'type' => 'netflow' },
    'peer1'        => { 'port'    => '9996', 'col' => '#ff0000' },
);


This is perl syntax, but it shouldn't worry you.
You will define some hash keys (upstream1, peer1) with the names of
your routers (the same names will be visible in the web interface
later on). There is a 20 character limit per source if I remember
correctly...
Next, for each source you will set the port parameter to the UDP port
where you want to export the flows to. Just pick an empty UDP port and
configure your router to export to this port. After restarting nfsen,
you should see a nfcapd process listening on this port in your server.
col is another parameter and sets the default colour for this router.
This can be later changed in the web interface.
type can be netflow or sflow. Default is netflow.

Good luck,
Adrian

P.S. An example that I use is:

%sources = (
    'gatewayb' => { 'port' => '9901', 'col' => '#000fcc', 'type' => 'netflow' },
    'gatewayff' => { 'port' => '9902', 'col' => '#cc0000', 'type' =>
'netflow' },
    'peering' =>  { 'port' => '9903', 'col' => '#cc00cc', 'type' => 'netflow' },
);

On Sat, Sep 17, 2011 at 11:16 AM, azadeh hashemi <xlbrlx-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:
>
> in the config file, I don't know what should I write in the sources field. there are some samples on the net but I can't understand clearly.
>
> ------------------------------------------------------------------------------
> BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
> http://p.sf.net/sfu/rim-devcon-copy2
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>


This message has been scanned by CanIt-PRO.

------------------------------------------------------------------------------ BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2

_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@...
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
Danny Buthge | 20 Sep 07:39 2011
Picon

Re: NFSEN & PortTracker

Robert A. Curtis wrote:
> Danny,

Curtis, List,

> Were you able to get PortTracker to compile? I did not see any responses
> to your post, but I am running into the exact same error message.

I wasn't able to compile the PortTracker with the nfsen sources, but I
if you compile nfdump with

./configure --enable-nfprofile --enable-nftrack

then you will get a nice and working nftrack binary.

Regards,

Danny Buthge
-- 
BCC Business Communication Company GmbH
Heinrich-Nordhoff-Straße 69, 38440 Wolfsburg
Tel. +49 5361 2777-361, Fax -398
Service-Nummer: 01801 222678*

mailto:danny.buthge@... http://www.bcc.de

Registergericht: Braunschweig HRB 4460
Geschäftsführung: Dipl.-Ing. (FH) Josef Glöckl-Frohnholzer

*Festnetzpreis 3,9 ct/min, Mobilfunkpreise maximal 42 ct/min

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
François Picot | 20 Sep 10:36 2011

nfsen, Cisco, Port Tracker

Hi

I'm new to nfsen/nfdump, and I wonder if what i'm trying to do is possible.
We have a bunch of Cisco ASAs (mostly 5505, a few 5510), and we wish to 
monitor them as closely as possible. So.... Netflow!

After a few trys, fails and research, I understood that the Ciscos don't 
talk standard Netflow V9, and that I had to use nfdump 1.5.8-NSEL to 
have packets/s and bytes/s data. That was yesterday, and this morning I 
have nice, shinny graphs :)

Next step is Port tracker. But it says in INSTALL file that it won't 
work with nfdump 1.5.x. And indeed, it doesn't compile.
A message in list archive said something about "-enable-nftrack" when 
compiling nfdump, but this doesn't exist in 1.5.8-NSEL.

Am I missing something? Or is it what it seems : it's not possible to 
get port tracker working with Cisco ASAs?

Best regards,
François

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1

Gmane