Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please

Mon-Loi Perez Mon, 01 Apr 2013 04:54:23 -0700

What is the version of your netflow?do a $ps -wef | grep nfcapd to see your 
nfcapd options. Or you can also try nfcapd -E for debugging but make sure only 
1 instance of nfcapd is running.


Mon

On Mar 30, 2013, at 22:56, "Aaron" <[email protected]> wrote:

> Hi All, I’m new to the list, and also new to nfdump/nfsen.  I have begun 
> trying to install and get running nfdump, please provide guidance where you 
> are able... I also haven’t begun installing nfsen since I thought that nfdump 
> needed to work first before nfsen should be installed, and I am thinking that 
> nfdump may not be working yet...let me know what you think.
> 
>  
> 
> I’m following the instructions on this site...  
> http://www.3open.org/d/tips/install_nfdump_on_centos_5  ...the only thing I 
> haven’t done on this site is the part at the bottom titled “init script for 
> nfcapd” ...do I need to do that part?  If so how?
> 
>  
> 
> I’ve gotten through most all the steps and I see the following...it seems the 
> files are being built but I don’t see anything in the files... 
> 
>  
> 
> I do know that my router is sending netflow exported data to udp 9995 since 
> tcpdump on this host shows it arriving here.
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013
> 
> total 12
> 
> drwxr-xr-x. 3 netflow netflow 4096 Mar 29 09:45 .
> 
> drwxr-xr-x. 3 netflow netflow 4096 Mar 30 10:45 ..
> 
> drwxr-xr-x. 4 netflow netflow 4096 Mar 30 00:05 03
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013/03
> 
> total 16
> 
> drwxr-xr-x.  4 netflow netflow 4096 Mar 30 00:05 .
> 
> drwxr-xr-x.  3 netflow netflow 4096 Mar 29 09:45 ..
> 
> drwxr-xr-x. 17 netflow netflow 4096 Mar 29 23:05 29
> 
> drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 30
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013/03/30
> 
> total 52
> 
> drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 .
> 
> drwxr-xr-x.  4 netflow netflow 4096 Mar 30 00:05 ..
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 01:00 00
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 02:00 01
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 03:00 02
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 04:00 03
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 05:00 04
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 06:00 05
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 07:00 06
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 08:00 07
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 09:00 08
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:00 09
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:45 10
> 
>  
> 
> [root@me ~]# ls -la /var/cache/nfdump/2013/03/30/10
> 
> total 44
> 
> drwxr-xr-x.  2 netflow netflow 4096 Mar 30 10:45 .
> 
> drwxr-xr-x. 13 netflow netflow 4096 Mar 30 10:05 ..
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:05 nfcapd.201303301000
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:10 nfcapd.201303301005
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:15 nfcapd.201303301010
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:20 nfcapd.201303301015
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:25 nfcapd.201303301020
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:30 nfcapd.201303301025
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:35 nfcapd.201303301030
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:40 nfcapd.201303301035
> 
> -rw-r--r--.  1 netflow netflow  276 Mar 30 10:45 nfcapd.201303301040
> 
>  
> 
> [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301000
> 
> Date first seen          Duration Proto      Src IP Addr:Port          Dst IP 
> Addr:Port   Packets    Bytes Flows
> 
> No matched flows
> 
>  
> 
> [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301005
> 
> Date first seen          Duration Proto      Src IP Addr:Port          Dst IP 
> Addr:Port   Packets    Bytes Flows
> 
> No matched flows
> 
>  
> 
> [root@me ~]# nfdump -R /var/cache/nfdump/2013/03/30/10/nfcapd.201303301040
> 
> Date first seen          Duration Proto      Src IP Addr:Port          Dst IP 
> Addr:Port   Packets    Bytes Flows
> 
> No matched flows
> 
>  
> 
> [root@me ~]# tcpdump -i eth0 -nn | grep -i 9995
> 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> 
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 
> 10:51:56.504510 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 252
> 
> 10:51:57.506593 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 880
> 
> 10:51:59.510514 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 708
> 
> 10:52:00.513018 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1336
> 
> 10:52:00.513521 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513597 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513620 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513641 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513661 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1392
> 
> 10:52:00.513722 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513754 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513805 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:00.513820 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 368
> 
> 10:52:01.515624 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.516152 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517030 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517087 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517100 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> 10:52:01.517111 IP 1.2.0.5.1372 > 3.4.150.93.9995: UDP, length 1452
> 
> ^C114 packets captured
> 
> 114 packets received by filter
> 
> 0 packets dropped by kernel
> 
>  
> 
>  
> 
> Aaron
> 
>  
> 
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete 
> for recognition, cash, and the chance to get your game on Steam. 
> $5K grand prize plus 10 genre and skill prizes. Submit your demo 
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d

_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Re: [Nfdump-discuss] nfdump on centos 6 - my first time - assistance please

Reply via email to