Re: [Nfdump-discuss] nfcad and lxc issue

Brian Candler Thu, 03 Nov 2016 07:52:40 -0700

On 03/11/2016 13:56, SancheZZS . wrote:
> I have checked nfcapd with strace
>
> root@datastor:~# strace -p 13720
> strace: Process 13720 attached
> recvfrom(4,
> 0x12a4ac0, 65535, 0, 0x7fffe3842fa0, 0x7fffe3842f74) = ? ERESTARTSYS
> (To be restarted if SA_RESTART is set)
> --- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---
> rt_sigreturn({mask=[]})                 = -1 EINTR (Interrupted system call)
> alarm(0)                                = 0
> stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1544, ...}) = 0
> lseek(5, 0, SEEK_SET)                   = 0
> write(5, "\f\245\1\0\1\0\0\0\0\0\0\0rbth\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 140) = 140
> write(5, 
> "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 136) = 136
> close(5)                                = 0
> stat("/var/tmp/2016/11/03", {st_mode=S_IFDIR|0755, st_size=152, ...}) = 0
> rename("/var/tmp/nfcapd.current.13718",
> "/var/tmp/2016/11/03/nfcapd.201611031630") = 0
> stat("/var/tmp/2016/11/03/nfcapd.201611031630", {st_mode=S_IFREG|0644,
> st_size=276, ...}) = 0
> semop(1867776, [{0, -1, 0}], 1)         = 0
> semop(1867776, [{0, 1, 0}], 1)          = 0
> sendto(3, "<30>Nov  3 16:35:10 nfcapd[13720"..., 115, MSG_NOSIGNAL,
There is a message being logged there, but we can't see it as it was 
truncated. Try adding "-s 128" to the strace command line. And/or this 
message may end up in syslog.


Also some timestamps would be useful (also add "-tt")

> NULL, 0) = 115
> open("/var/tmp/nfcapd.current.13718", O_RDWR|O_CREAT|O_TRUNC, 0644) = 5
> write(5, "\f\245\1\0\1\0\0\0\0\0\0\0rbth\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 140) = 140
> write(5, 
> "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
> 136) = 136
Looks like it's trying to write to a file (and succeeding, return code 
is showing bytes written)
> sendto(3, "<30>Nov  3 16:35:10 nfcapd[13720"..., 59, MSG_NOSIGNAL, NULL, 0) = 
> 59
... and again, something logged.

> alarm(300)                              = 0
Ah, but maybe that's just the end of the 5 minute collection period.
>
>
> The strings below arouse much interest .
> recvfrom(4,
> 0x12a4ac0, 65535, 0, 0x7fffe3842fa0, 0x7fffe3842f74) = ? ERESTARTSYS
> (To be restarted if SA_RESTART is set)
> --- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---

Hmm, nothing particularly alarming there (no pun intended); it just 
means the 5-minute signal went off.

But on the other hand, if no UDP packets have been received during that 
time, that's weird.

Have you checked inside the container that nfcapd is listening on the 
right port? Is it bound to 0.0.0.0 or the correct container address?

netstat -naup

netstat -naup | grep 2055

B.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Re: [Nfdump-discuss] nfcad and lxc issue

Reply via email to