Mike, Thanks so much! I used netcat to find out I was NOT in fact receiving the flows- I found the redhat firewall was enabled... flow-capture now works as advertized.
Thanks, Rocky -----Original Message----- From: Mike Hunter [mailto:[EMAIL PROTECTED] Sent: Friday, May 12, 2006 11:40 AM To: Scotti, Rocky Cc: [email protected] Subject: Re: [Flow-tools] flow-capture not collecting On May 12 at 11:39, "To Scotti, Rocky" wrote: Can you confirm that there isn't a firewall issue by using netcat to make sure you're seeing the flows? Tcpdump will show things arriving that are being blocked from the networking stack by the firewall. This is the command line I am using to capture flow data flow-capture -p - -z 9 -V 5 -E 100M -N0 -w /data3/netflow.inr-140 0/0/9015 Can you run it under ktrace / strace to see if it is encountering errors? Thanks, Mike On May 12 at 11:19, "Scotti, Rocky" wrote: > I have been unable to get flow-capture ver 0.66 to collect and output > any data to the working directory. I know the flow-capture is running > and listening on the given port. I have confirmed flows are arriving > using tcdump. I origianlly installed from a RPM but reinstalled manually > after reading about some issues with various RPM's. I am able to get > flow-capture to write to the working directory by using the flow-gen > command to produce artificial flows. I have tried several iterations of > the command and have been unable to get it to actually collect router > flow data. > > The exact command is: > > flow-capture -w /var/log/flows -d5 0/0/9800 > > > Router config: > > interface GigabitEthernet0/0/0 > > ip route-cache flow > > > > ip flow-export source Loopback0 > > ip flow-export version 5 > > ip flow-export destination flow-tools-address 9800 > > Any assistance would be greatly appreciated _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
