Re: [Nfdump-discuss] nfdump on Centos 6 problem

Peter Haag Thu, 23 May 2013 17:28:51 -0700

Hi Fabián,

On 5/23/13 W21 17:19, Fabián Mejía wrote:
> Hello all
> 
> I installed nfdump-1.6.10 and nfsen-1.3.6p1 on Centos 6.    I started on a 
> minimal installation.  After, all
> dependencies was installed with yum from regular Centos repository and some 
> packet from epel repository (flow-tools).
> My router is sending netflow data to 9996 udp port.
> nfsen seems to work well, I can see graphs from live profile but without data.
> I think nfdump do not work well, because iptables and ip6tables are stopped 
> on the server, SELinux is in disabled mode


There is still an iptables or SElinux rule in place.

        - Peter

> and tcpdump shows received packets but nfdump saves empty files:
> 
> # tcpdump -i eth2 -n udp port 9996
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
> 15:57:28.220558 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 72
> 15:57:55.213269 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 168
> 15:58:22.229552 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 168
> 15:58:49.207766 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 168
> 15:59:16.194815 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 120
> 15:59:28.197556 IP 10.10.0.1.60709 > 192.168.168.10.palace-5: UDP, length 120
> 
> # ls -al
> total 96
> drwxr-xr-x. 2 apache apache 4096 may 22 16:25 .
> drwxrwxr-x. 3 apache apache 4096 may 22 16:25 ..
> -rw-r--r--. 1 apache apache  276 may 22 14:40 nfcapd.201305221435
> -rw-r--r--. 1 apache apache  276 may 22 14:45 nfcapd.201305221440
> -rw-r--r--. 1 apache apache  276 may 22 14:50 nfcapd.201305221445
> -rw-r--r--. 1 apache apache  276 may 22 14:55 nfcapd.201305221450
> -rw-r--r--. 1 apache apache  276 may 22 15:00 nfcapd.201305221455
> -rw-r--r--. 1 apache apache  276 may 22 15:05 nfcapd.201305221500
> -rw-r--r--. 1 apache apache  276 may 22 15:10 nfcapd.201305221505
> -rw-r--r--. 1 apache apache  276 may 22 15:15 nfcapd.201305221510
> -rw-r--r--. 1 apache apache  276 may 22 15:20 nfcapd.201305221515
> -rw-r--r--. 1 apache apache  276 may 22 15:25 nfcapd.201305221520
> -rw-r--r--. 1 apache apache  276 may 22 15:30 nfcapd.201305221525
> -rw-r--r--. 1 apache apache  276 may 22 15:35 nfcapd.201305221530
> -rw-r--r--. 1 apache apache  276 may 22 15:40 nfcapd.201305221535
> -rw-r--r--. 1 apache apache  276 may 22 15:45 nfcapd.201305221540
> -rw-r--r--. 1 apache apache  276 may 22 15:50 nfcapd.201305221545
> -rw-r--r--. 1 apache apache  276 may 22 15:55 nfcapd.201305221550
> -rw-r--r--. 1 apache apache  276 may 22 16:00 nfcapd.201305221555
> -rw-r--r--. 1 apache apache  276 may 22 16:05 nfcapd.201305221600
> -rw-r--r--. 1 apache apache  276 may 22 16:10 nfcapd.201305221605
> -rw-r--r--. 1 apache apache  276 may 22 16:15 nfcapd.201305221610
> -rw-r--r--. 1 apache apache  276 may 22 16:20 nfcapd.201305221615
> -rw-r--r--. 1 apache apache  276 may 22 16:25 nfcapd.201305221620
> 
> 
> # nfdump -r nfcapd.201305221620 'any'
> Date first seen          Duration Proto      Src IP Addr:Port          Dst IP 
> Addr:Port   Packets    Bytes Flows
> No matched flows
> 
> 
> I found this similar issue in this list but it is no solved: 
> 
> http://sourceforge.net/mailarchive/forum.php?thread_name=1364867767.65514.YahooMailNeo%40web122006.mail.ne1.yahoo.com&forum_name=nfdump-discuss
> 
> Does anybody know the solution?
> 
> Any help is welcome.
> 
> Saludos,
> 
> Fabián 
> 
> 
> 
> ------------------------------------------------------------------------------
> Try New Relic Now & We'll Send You this Cool Shirt
> New Relic is the only SaaS-based application performance monitoring service 
> that delivers powerful full stack analytics. Optimize and monitor your
> browser, app, & servers with just a few lines of code. Try New Relic
> and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
> 
> 
> 
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Re: [Nfdump-discuss] nfdump on Centos 6 problem

Reply via email to