Hey everyone,
Im seeing a weird problem when i add netflow source to my nfsen.conf and do a
reconfig (./nfsen reconfig). I see the source in the Nfsen webpage, however,
the colors are both blue on the webpage. It apparently doesn't pickup my
settings from nfsen.conf. There also seems to be some error which i have no
idea what it means:
my nfsen.conf settings:
%sources = (
'phwanrtr' => { 'port' => '10101', 'col' => '#0000ff' },
'axrtr' => { 'port' => '10102', 'col' => '#ff0000' },
'cedinet' => { 'port' => '10103', 'col' => '#33cc00' },
'ysinet' => { 'port' => '10104', 'col' => '#9933ff' },
'cat6500L3' => { 'port' => '10105', 'col' => '#ccff00' },
'nyccoresw001' => { 'port' => '10106', 'col' => '#ff33ff' },
'nyccoresw002' => { 'port' => '10107', 'col' => '#ff6600' },
'phinetrtr' => { 'port' => '10108', 'col' => '#996699' },
'nycxrtr001' => { 'port' => '10109', 'col' => '#00ffff' },
);
output from ./nfsen reconfig:
Use of uninitialized value in concatenation (.) or string at ./nfsen line 652,
<$nfsen_sock> line 29.
channel phinetrtr sign: + colour: #0000ff order: 1 sourcelist:
Files: 3 Size: 20480
Use of uninitialized value in concatenation (.) or string at ./nfsen line 652,
<$nfsen_sock> line 43.
channel nycxortr001 sign: + colour: #0000ff order: 2 sourcelist:
Files: 3 Size: 12288
channel amexrtr sign: + colour: #ff0000 order: 3 sourcelist: amexrtr
Files: 5213 Size: 27086848
channel cat6500L3 sign: + colour: #ccff00 order: 4 sourcelist:
cat6500L3 Files: 5082 Size: 81932288
channel phwanrtr sign: + colour: #0000ff order: 5 sourcelist:
phwanrtr Files: 5146 Size: 179384320
channel nyccoresw002 sign: + colour: #ff6600 order: 6 sourcelist:
nyccoresw002 Files: 4862 Size: 19935232
channel conedinet sign: + colour: #33cc00 order: 7 sourcelist:
conedinet Files: 5201 Size: 647282688
channel nyccoresw001 sign: + colour: #ff33ff order: 8 sourcelist:
nyccoresw001 Files: 4862 Size: 26005504
channel yipesinet sign: + colour: #9933ff order: 9 sourcelist:
yipesinet Files: 5201 Size: 386211840
thanks
Kevin
----- Original Message ----
From: Jon Spinney <[EMAIL PROTECTED]>
To: Peter Haag <[EMAIL PROTECTED]>
Cc: [email protected]
Sent: Thursday, August 16, 2007 12:47:12 PM
Subject: Re: [Nfsen-discuss] Upgrade Broke NFSEN
# ./nfsen status
NfSen version: snapshot-20070312
NfSen status:
"lists all my collectors and the PIDs"
nfsen daemon: pid: [29585] is running.
#
# ./nfsen -A
live
#
On 8/16/07, Peter Haag <[EMAIL PROTECTED]> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --On August 16, 2007 11:06:15 -0400 Jon Spinney <[EMAIL PROTECTED]> wrote:
| Peter
|
| Sorry about the previous empty email. Anyway, I verified that nfsen has
| started. It tells me that it is already started. There are several nfcapd
| processes. I checked to see if nfsend is running, which it is. Although
| there are two processes called nfsend and no process called nfsend.comm.
ok - the name can not be changed on some systems. That is ok.
| conf.php is pointing to the correct file location and I have verified that
| nfsend.comm and nfsend.pid have the correct permissions.
what's the output of
./nfsen status
./nfsen -A
- Peter
|
| Jon.
|
|
| On 8/16/07, Peter Haag <
[EMAIL PROTECTED]> wrote:
| >
| > -----BEGIN PGP SIGNED MESSAGE-----
| > Hash: SHA1
| >
| >
| >
| > - --On August 16, 2007 10:11:30 -0400 Jon Spinney <
| >
[EMAIL PROTECTED]> wrote:
| >
| > | I am running Fedora 6.
| > | I am running PHP version 5.1.6-3.6.fc6
| > | I am running Apache 2.2.4
| >
| > Have you started NfSen with ./nfsen start
| > You should see a process nfsend and nfsend-comm, along several nfcapd, one
| > for each
| > source.
| >
| > The comm socket is by default in $BASEDIR/var/run/nfsen.comm
| >
| > PHP looks in
conf.php for the path.
| >
| > - Peter
| >
| >
| > |
| > | Thanks for the assistance.
| > |
| > | Jon
| > |
| > | On 8/16/07, Peter Haag <
[EMAIL PROTECTED]> wrote:
| > | >
| > | > -----BEGIN PGP SIGNED MESSAGE-----
| > | > Hash: SHA1
| > | >
| > | >
| > | >
| > | > - --On August 16, 2007 9:32:33 -0400 Jon Spinney <
| > | > [EMAIL PROTECTED]> wrote:
| > | >
| > | > | OK, I have upgraded my nfsen and nfdump to the latest snapshot and
| > am
| > | > | getting the same error that started this discussion. Unfortunately,
| > I
| > | > have
| > | > | read through this thread several times and am still having
| > difficulty.
| > | > | (Sorry for being slow). I have verified permissions on nfsen.command
| > | > have
| > | > | changed it to both my netflow account and the web account with no
| > | > luck. I
| > | > | am still getting
| > | > |
| > | > | ERROR: nfsend connect() error: No such file or directory!
| > | > | ERROR: nfsend - connection failed!!
| > | > | ERROR: Can not initialize globals!
| > | >
| > | > What OS, PHP apache are you using?
| > | >
| > | > - Peter
| > | > |
| > | > | Can someone spell out what is causing my problem and how to resolve
| > it.
| > | > |
| > | > | Thanks for the help.
| > | > |
| > | > | Jon
| > | > |
| > | > | On 8/13/07, Peter Haag <[EMAIL PROTECTED]
> wrote:
| > | > | >
| > | > | > -----BEGIN PGP SIGNED MESSAGE-----
| > | > | > Hash: SHA1
| > | > | >
| > | > | >
| > | > | >
| > | > | > - --On August 13, 2007 8:52:47 +0200 Felix Schueren <
| > | > | > [EMAIL PROTECTED]>
| > | > | > wrote:
| > | > | >
| > | > | > | Peter Haag wrote:
| > | > | > | >
| > | > | > | >
| > | > | > | > --On August 13, 2007 8:38:32 +0200 Felix Schueren <
| > | > | > [EMAIL PROTECTED]>
| > | > | > | > wrote:
| > | > | > | >
| > | > | > | > | Eric Cables wrote:
| > | > | > | > | > I was able to get conf.php installed after fixing my
| > | > setlogsock
| > | > | > options, but
| > | > | > | > | > that doesn't explain the errors I'm getting when accessing
| > | > | > nfsen.php.
| > | > | > | > | >
| > | > | > | > | > ERROR: nfsend connect() error: No such file or directory!
| > | > ERROR:
| > | > | > nfsend -
| > | > | > | > | > connection failed!! ERROR: Can not initialize globals!What
| > | > file is
| > | > | > it
| > | > | > | > | > looking for that it can't find? What connection is
| > failing,
| > | > | > nfsend is
| > | > | > | > | > running.
| > | > | > | > | >
| > | > | > | > | I'm guessing it is looking for
| > | > | > | > | # nfsend communication socket
| > | > | > | > | # $COMMSOCKET = "$PIDDIR/nfsen.comm";
| > | > | > | > |
| > | > | > | > | which means
| > | > | > | > | #
| > | > | > | > | # directory for all pid files
| > | > | > | > | # $PIDDIR="$VARDIR/run";
| > | > | > | > |
| > | > | > | > | (on a default install), so if you've installed nfsen to
| > | > | > | > | /usr/local/nfsen, then it should be
| > | > /usr/local/nfsen/run/nfsen.comm,
| > | > | > and
| > | > | > | > | it probably needs +rw for both the webserver and nfsen UIDs.
| > | > | > | >
| > | > | > | > No - the webserver has nothing to do with $PIDDIR.
| > | > | > | >
| > | > | > | on my default install (only changed prefix) my conf.php for the
| > web
| > | > | > | frontend has:
| > | > | > |
| > | > | > |
[EMAIL PROTECTED]:/var/flows/nfsen/www# cat conf.php
| > | > | > | <?
| > | > | > | /* This file was automatically created by the NfSen
| > install.plscript */
| > | > | > |
| > | > | > | $COMMSOCKET = "/var/flows/nfsen/var/run/nfsen.comm";
| > | > | >
| > | > | > That's $COMMSOCKET and not $PIDDIR. The default install puts it
| > into
| > | > the
| > | > | > same
| > | > | > directory. So I agree, that $COMMSOCKET needs web server rw
| > access,
| > | > which
| > | > | > is set by
| > | > | > nfsend.
| > | > | >
| > | > | > - Peter
| > | > | >
| > | > | >
| > | > | > |
| > | > | > | $DEBUG=0;
| > | > | > |
| > | > | > | ?>
| > | > | > |
| > | > | > | [EMAIL PROTECTED]:/var/flows/nfsen/var/run# ls -la
| > | > | > | total 12
| > | > | > | drwxrwxr-x 2 nfsen www-data 85 2007-08-03 16:45 .
| > | > | > | drwxrwxr-x 6 nfsen www-data 50 2007-08-02 09:12 ..
| > | > | > | -rw-r--r-- 1 nfsen www-data 6 2007-08-02 13:56
| > jc_blue_cgn1.pid
| > | > | > | -rw-r--r-- 1 nfsen www-data 6 2007-08-02 13:56
| > jcore1_cgn2.pid
| > | > | > | srw-rw---- 1 nfsen www-data 0 2007-08-03 15:28 nfsen.comm
| > | > | > | -rw-r--r-- 1 nfsen www-data 6 2007-08-03 15:28
nfsend.pid
| > | > | > |
| > | > | > |
| > | > | > | as the nfcapd collector pids have nothing to do with the
| > operation
| > | > of
| > | > | > | the frontend, these don't matter, but the web server will need
| > write
| > | > | > | access to the pipe nfsen.comm, won't it?
| > | > | > |
| > | > | > |
| > | > | > | regards,
| > | > | > |
| > | > | > | Felix
| > | > | > |
| > | > | > |
| > | > | > | --
| > | > | > | Felix Schueren, Head of NOC
| > | > | > |
| > | > | > | mailto:
[EMAIL PROTECTED]
| > | > | > |
| > | > | > | Host Europe GmbH - http://www.hosteurope.de
| > | > | > | Welserstrasse 14 - D-51149 Koeln - Germany
| > | > | > | Telefon (0800) 4678387 - Telefax (01805) 663233
| > | > | > | HRB 28495 Amtsgericht Koeln - UST ID DE187370678
| > | > | > | Geschaeftsfuehrer U. Braun - M. Read - S. Porter
| > | > | > |
| > | > | > | Fuer diese Nachricht gilt:
| > http://www.hosteurope.de/disclaimer.html
| > | > | >
| > | > | >
| > | > | >
| > | > | > - --
| > | > | > _______ SWITCH - The Swiss Education and Research Network ______
| > | > | > Peter Haag, Security Engineer, Member of SWITCH CERT
| > | > | > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
| > | > | > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
| > | > | > E-mail:
[EMAIL PROTECTED] Web: http://www.switch.ch/
| > | > | > -----BEGIN PGP SIGNATURE-----
| > | > | > Version: GnuPG v1.4.3 (Darwin)
| > | > | >
| > | > | > iQCVAwUBRsANvf5AbZRALNr/AQK4qAQAmXVvkL4h73/qt1EAw4teUeZxM1UDXnW2
| > | > | > 322Gwhle0BKY+Jlvf/anEySK48tm0dc/WHY7Zp1LCgoCOi0A5xpLDAOBkaHVQHov
| > | > | > p8efzVBLIBdf64z1O+uL6/yaA13fLAWN8d0NY/RfoEicGonxo3Ewy7hpRb2EEVez
| > | > | > 4WxBEEgAuOE=
| > | > | > =lJPr
| > | > | > -----END PGP SIGNATURE-----
| > | > | >
| > | > | >
| > | > | >
| > | >
| > -------------------------------------------------------------------------
| > | > | > This SF.net email is sponsored by: Splunk Inc.
| > | > | > Still grepping through log files to find problems? Stop.
| > | > | > Now Search log events and configuration files using AJAX and a
| > | > browser.
| > | > | > Download your FREE copy of Splunk now >> http://get.splunk.com/
| > | > | > _______________________________________________
| > | > | > Nfsen-discuss mailing list
| > | > | > [email protected]
| > | > | >
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
| > | > | >
| > | >
| > | >
| > | >
| > | > - --
| > | > _______ SWITCH - The Swiss Education and Research Network ______
| > | > Peter Haag, Security Engineer, Member of SWITCH CERT
| > | > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
| > | > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
| > | > E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
| > | > -----BEGIN PGP SIGNATURE-----
| > | > Version: GnuPG
v1.4.3 (Darwin)
| > | >
| > | > iQCVAwUBRsRX0/5AbZRALNr/AQIgcQP9G2H3T/FuqV/Xrq/lZNE5DLwC7EratqHX
| > | > MwUPMweMrkn6RVqgqh+lXdc71HKodXpAgfiUwc1SC2orpkqrAmQppgd+19dTS2H4
| > | > MT9Z8OO4wN57XYoJrHQCCwxAqMtz4k/um+Qw7bXqRVTX+VK4ApzzL9Pifx26wcQ8
| > | > PgGf9hRz2hA=
| > | > =ZjOU
| > | > -----END PGP SIGNATURE-----
| > | >
| > | >
| >
| >
| >
| > - --
| > _______ SWITCH - The Swiss Education and Research Network ______
| > Peter Haag, Security Engineer, Member of SWITCH CERT
| > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
| > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
| > E-mail:
[EMAIL PROTECTED] Web: http://www.switch.ch/
| > -----BEGIN PGP SIGNATURE-----
| > Version: GnuPG v1.4.3 (Darwin)
| >
| > iQCVAwUBRsRiav5AbZRALNr/AQKJigP+OUYDco8IpC61iq/Wzg4zo44uw+KemKVd
| > Hn7JJtVFVY/iLIt7ziJrjvwngkIVfF7hdm+BaWsV+78Jp5d9NzmpF9mO6+5LLH/h
| > nlwd5NOlhjUm+MMthCWNpWC3C6B65XeAW0jnsiqRynB5BBsh6hJF+J6AVgHPTDhF
| > uy/cd1cfOI8=
| > =UcEj
| > -----END PGP SIGNATURE-----
| >
| >
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRsRofP5AbZRALNr/AQJuPwP7BZgtwHkyMICVEc89n4Qk3n17vW8upXZt
xUtTBtU9ZLkkiAfFPwf8D2+w4B9y2kLHttZE3tSQdF4ZxecmXXAvz2GHtnQXGS9n
935T/3mV1SvzL4ZHtvUx9rNlo020pEb1YUEk8LoLH9HvLNWeLifPs7tdObGVA1Nk
KB2GTf0txUU=
=fXJL
-----END PGP SIGNATURE-----
____________________________________________________________________________________Ready
for the edge of your seat?
Check out tonight's top picks on Yahoo! TV.
http://tv.yahoo.com/-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
