[Flow-tools] No data being processed on new install.

Geoff Croxson Wed, 02 May 2007 02:03:36 -0700

Dear all,
 
I've setup Netflow Reports according to
http://www.dynamicnetworks.us/netflow/netflow-howto.html. It all seems to be
running fine, and I've setup a single router to send information so I can do
some testing before rolling it out across the entire site. I've used the
script files included in the support files to run the services and made no
changes to the commands within those files.
 
I know that both flow-tools and flowscan services are running, but the
contents of /var/log/flowscan just show it sleeping. The port is open on the
host as seen below
 
[EMAIL PROTECTED] netflow]# netstat -nlp |grep 2055
udp        0      0 0.0.0.0:2055                0.0.0.0:*
7832/flow-capture


I can see data flowing from the remote router to the host
 
[EMAIL PROTECTED] ~]# /usr/sbin/tcpdump -n udp port 2055
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:14:11.178229 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 72
09:14:20.244610 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 216
09:14:33.644359 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 168
09:14:41.524752 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 120
09:14:56.128734 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 168
09:15:07.771013 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 216
09:15:24.871773 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 168
09:15:40.516915 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 312
09:15:54.218362 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 216
09:16:04.145948 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 168
09:16:12.103041 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 1128
09:16:19.946328 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 696
09:16:27.656334 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 264
09:16:39.737851 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 312
09:18:17.229491 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 72
09:18:27.081443 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 168
09:18:39.011566 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 120
09:18:46.510477 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 264
09:18:56.430335 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 120
09:19:10.990848 IP 10.98.171.191.51201 > 10.98.7.2.iop: UDP, length 72

I can see the flow files being populated using
 
[EMAIL PROTECTED] netflow]# /usr/local/netflow/bin/flow-stat -f10 <
ft-v05.2007-05-02.094000+0100
#  --- ---- ---- Report Information --- --- ---
#
# Fields:    Total
# Symbols:   Disabled
# Sorting:   None
# Name:      Source/Destination IP
#
# Args:      /usr/local/netflow/bin/flow-stat -f10
#
#
# src IPaddr     dst IPaddr       flows                 octets
packets
#
10.98.136.97     10.98.1.50       18                    7212
92
10.98.136.97     10.98.1.62       4                     4824
21
10.98.136.97     10.98.171.249    3                     224
3 
10.98.136.97     10.98.1.1        4                     936
12

Any ideas on what I am missing?

_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

[Flow-tools] No data being processed on new install.

Reply via email to