-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Kevin,
Thanks for the bug report. I'll fix that for the next 1.3b version coming soon.
- Peter
- --On August 16, 2007 13:52:51 -0700 Kevin Cruse <[EMAIL PROTECTED]> wrote:
| Hey everyone,
|
| Im seeing a weird problem when i add netflow source to my nfsen.conf and do a
| reconfig (./nfsen reconfig). I see the source in the Nfsen webpage, however,
the
| colors are both blue on the webpage. It apparently doesn't pickup my settings
from
| nfsen.conf. There also seems to be some error which i have no idea what it
means:
|
| my nfsen.conf settings:
|
| %sources = (
| 'phwanrtr' => { 'port' => '10101', 'col' => '#0000ff' },
| 'axrtr' => { 'port' => '10102', 'col' => '#ff0000' },
| 'cedinet' => { 'port' => '10103', 'col' => '#33cc00' },
| 'ysinet' => { 'port' => '10104', 'col' => '#9933ff' },
| 'cat6500L3' => { 'port' => '10105', 'col' => '#ccff00' },
| 'nyccoresw001' => { 'port' => '10106', 'col' => '#ff33ff' },
| 'nyccoresw002' => { 'port' => '10107', 'col' => '#ff6600' },
| 'phinetrtr' => { 'port' => '10108', 'col' => '#996699' },
| 'nycxrtr001' => { 'port' => '10109', 'col' => '#00ffff' },
| );
|
| output from ./nfsen reconfig:
|
| Use of uninitialized value in concatenation (.) or string at ./nfsen line 652,
| <$nfsen_sock> line 29. channel phinetrtr sign: + colour: #0000ff order:
1
| sourcelist: Files: 3 Size: 20480 Use of uninitialized value in
concatenation (.)
| or string at ./nfsen line 652, <$nfsen_sock> line 43. channel nycxortr001
sign:
| + colour: #0000ff order: 2 sourcelist: Files: 3 Size: 12288 channel
| amexrtr sign: + colour: #ff0000 order: 3 sourcelist: amexrtr Files:
5213
| Size: 27086848 channel cat6500L3 sign: + colour: #ccff00 order: 4
| sourcelist: cat6500L3 Files: 5082 Size: 81932288 channel phwanrtr
| sign: + colour: #0000ff order: 5 sourcelist: phwanrtr Files: 5146
| Size: 179384320 channel nyccoresw002 sign: + colour: #ff6600 order: 6
| sourcelist: nyccoresw002 Files: 4862 Size: 19935232 channel
conedinet
| sign: + colour: #33cc00 order: 7 sourcelist: conedinet Files: 5201
| Size: 647282688 channel nyccoresw001 sign: + colour: #ff33ff order: 8
| sourcelist: nyccoresw001 Files: 4862 Size: 26005504 channel
yipesinet
| sign: + colour: #9933ff order: 9 sourcelist: yipesinet Files: 5201
| Size: 386211840
|
| thanks
|
| Kevin
|
|
| ----- Original Message ----
| From: Jon Spinney <[EMAIL PROTECTED]>
| To: Peter Haag <[EMAIL PROTECTED]>
| Cc: [email protected]
| Sent: Thursday, August 16, 2007 12:47:12 PM
| Subject: Re: [Nfsen-discuss] Upgrade Broke NFSEN
|
| # ./nfsen status
| NfSen version: snapshot-20070312
| NfSen status:
| "lists all my collectors and the PIDs"
| nfsen daemon: pid: [29585] is running.
| #
|
| # ./nfsen -A
|
| live
| #
|
|
| On 8/16/07, Peter Haag <[EMAIL PROTECTED]> wrote:
| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
|
|
| - --On August 16, 2007 11:06:15 -0400 Jon Spinney <[EMAIL PROTECTED]>
| wrote:
|
| | Peter
|
| |
| | Sorry about the previous empty email. Anyway, I verified that nfsen has
| | started. It tells me that it is already started. There are several nfcapd
| | processes. I checked to see if nfsend is running, which it is. Although
|
| | there are two processes called nfsend and no process called nfsend.comm.
|
| ok - the name can not be changed on some systems. That is ok.
|
| | conf.php is pointing to the correct file location and I have verified that
|
| | nfsend.comm and nfsend.pid have the correct permissions.
|
| what's the output of
|
| ./nfsen status
|
| ./nfsen -A
|
| - Peter
|
| |
| | Jon.
| |
| |
| | On 8/16/07, Peter Haag <
| [EMAIL PROTECTED]> wrote:
| | >
| | > -----BEGIN PGP SIGNED MESSAGE-----
| | > Hash: SHA1
| | >
| | >
| | >
| | > - --On August 16, 2007 10:11:30 -0400 Jon Spinney <
| | >
| [EMAIL PROTECTED]> wrote:
| | >
| | > | I am running Fedora 6.
| | > | I am running PHP version 5.1.6-3.6.fc6
| | > | I am running Apache 2.2.4
| | >
| | > Have you started NfSen with ./nfsen start
|
| | > You should see a process nfsend and nfsend-comm, along several nfcapd, one
| | > for each
| | > source.
| | >
| | > The comm socket is by default in $BASEDIR/var/run/nfsen.comm
| | >
| | > PHP looks in
| conf.php for the path.
| | >
| | > - Peter
| | >
| | >
| | > |
| | > | Thanks for the assistance.
| | > |
| | > | Jon
| | > |
| | > | On 8/16/07, Peter Haag <
| [EMAIL PROTECTED]> wrote:
| | > | >
| | > | > -----BEGIN PGP SIGNED MESSAGE-----
| | > | > Hash: SHA1
| | > | >
| | > | >
| | > | >
| | > | > - --On August 16, 2007 9:32:33 -0400 Jon Spinney <
|
| | > | > [EMAIL PROTECTED]> wrote:
| | > | >
| | > | > | OK, I have upgraded my nfsen and nfdump to the latest snapshot and
| | > am
|
| | > | > | getting the same error that started this discussion. Unfortunately,
| | > I
| | > | > have
| | > | > | read through this thread several times and am still having
| | > difficulty.
|
| | > | > | (Sorry for being slow). I have verified permissions on
nfsen.command
| | > | > have
| | > | > | changed it to both my netflow account and the web account with no
| | > | > luck. I
|
| | > | > | am still getting
| | > | > |
| | > | > | ERROR: nfsend connect() error: No such file or directory!
| | > | > | ERROR: nfsend - connection failed!!
| | > | > | ERROR: Can not initialize globals!
|
| | > | >
| | > | > What OS, PHP apache are you using?
| | > | >
| | > | > - Peter
| | > | > |
| | > | > | Can someone spell out what is causing my problem and how to resolve
|
| | > it.
| | > | > |
| | > | > | Thanks for the help.
| | > | > |
| | > | > | Jon
| | > | > |
| | > | > | On 8/13/07, Peter Haag <[EMAIL PROTECTED]
| > wrote:
| | > | > | >
| | > | > | > -----BEGIN PGP SIGNED MESSAGE-----
| | > | > | > Hash: SHA1
| | > | > | >
| | > | > | >
| | > | > | >
| | > | > | > - --On August 13, 2007 8:52:47 +0200 Felix Schueren <
|
| | > | > | > [EMAIL PROTECTED]>
| | > | > | > wrote:
| | > | > | >
| | > | > | > | Peter Haag wrote:
| | > | > | > | >
|
| | > | > | > | >
| | > | > | > | > --On August 13, 2007 8:38:32 +0200 Felix Schueren <
| | > | > | > [EMAIL PROTECTED]>
|
| | > | > | > | > wrote:
| | > | > | > | >
| | > | > | > | > | Eric Cables wrote:
| | > | > | > | > | > I was able to get conf.php installed after fixing my
| | > | > setlogsock
|
| | > | > | > options, but
| | > | > | > | > | > that doesn't explain the errors I'm getting when accessing
| | > | > | > nfsen.php.
| | > | > | > | > | >
| | > | > | > | > | > ERROR: nfsend connect() error: No such file or directory!
|
| | > | > ERROR:
| | > | > | > nfsend -
| | > | > | > | > | > connection failed!! ERROR: Can not initialize globals!What
| | > | > file is
| | > | > | > it
| | > | > | > | > | > looking for that it can't find? What connection is
|
| | > failing,
| | > | > | > nfsend is
| | > | > | > | > | > running.
| | > | > | > | > | >
| | > | > | > | > | I'm guessing it is looking for
| | > | > | > | > | # nfsend communication socket
|
| | > | > | > | > | # $COMMSOCKET = "$PIDDIR/nfsen.comm";
| | > | > | > | > |
| | > | > | > | > | which means
| | > | > | > | > | #
| | > | > | > | > | # directory for all pid files
|
| | > | > | > | > | # $PIDDIR="$VARDIR/run";
| | > | > | > | > |
| | > | > | > | > | (on a default install), so if you've installed nfsen to
| | > | > | > | > | /usr/local/nfsen, then it should be
|
| | > | > /usr/local/nfsen/run/nfsen.comm,
| | > | > | > and
| | > | > | > | > | it probably needs +rw for both the webserver and nfsen UIDs.
| | > | > | > | >
| | > | > | > | > No - the webserver has nothing to do with $PIDDIR.
|
| | > | > | > | >
| | > | > | > | on my default install (only changed prefix) my conf.php for the
| | > web
| | > | > | > | frontend has:
| | > | > | > |
| | > | > | > |
| [EMAIL PROTECTED]:/var/flows/nfsen/www# cat conf.php
| | > | > | > | <?
| | > | > | > | /* This file was automatically created by the NfSen
| | > install.plscript */
| | > | > | > |
| | > | > | > | $COMMSOCKET = "/var/flows/nfsen/var/run/nfsen.comm";
|
| | > | > | >
| | > | > | > That's $COMMSOCKET and not $PIDDIR. The default install puts it
| | > into
| | > | > the
| | > | > | > same
| | > | > | > directory. So I agree, that $COMMSOCKET needs web server rw
|
| | > access,
| | > | > which
| | > | > | > is set by
| | > | > | > nfsend.
| | > | > | >
| | > | > | > - Peter
| | > | > | >
| | > | > | >
| | > | > | > |
|
| | > | > | > | $DEBUG=0;
| | > | > | > |
| | > | > | > | ?>
| | > | > | > |
| | > | > | > | [EMAIL PROTECTED]:/var/flows/nfsen/var/run# ls -la
| | > | > | > | total 12
|
| | > | > | > | drwxrwxr-x 2 nfsen www-data 85 2007-08-03 16:45 .
| | > | > | > | drwxrwxr-x 6 nfsen www-data 50 2007-08-02 09:12 ..
| | > | > | > | -rw-r--r-- 1 nfsen www-data 6 2007-08-02 13:56
|
| | > jc_blue_cgn1.pid
| | > | > | > | -rw-r--r-- 1 nfsen www-data 6 2007-08-02 13:56
| | > jcore1_cgn2.pid
| | > | > | > | srw-rw---- 1 nfsen www-data 0 2007-08-03 15:28 nfsen.comm
| | > | > | > | -rw-r--r-- 1 nfsen www-data 6 2007-08-03 15:28
| nfsend.pid
| | > | > | > |
| | > | > | > |
| | > | > | > | as the nfcapd collector pids have nothing to do with the
| | > operation
| | > | > of
| | > | > | > | the frontend, these don't matter, but the web server will need
|
| | > write
| | > | > | > | access to the pipe nfsen.comm, won't it?
| | > | > | > |
| | > | > | > |
| | > | > | > | regards,
| | > | > | > |
| | > | > | > | Felix
|
| | > | > | > |
| | > | > | > |
| | > | > | > | --
| | > | > | > | Felix Schueren, Head of NOC
| | > | > | > |
| | > | > | > | mailto:
| [EMAIL PROTECTED]
| | > | > | > |
| | > | > | > | Host Europe GmbH - http://www.hosteurope.de
| | > | > | > | Welserstrasse 14 - D-51149 Koeln - Germany
|
| | > | > | > | Telefon (0800) 4678387 - Telefax (01805) 663233
| | > | > | > | HRB 28495 Amtsgericht Koeln - UST ID DE187370678
| | > | > | > | Geschaeftsfuehrer U. Braun - M. Read - S. Porter
|
| | > | > | > |
| | > | > | > | Fuer diese Nachricht gilt:
| | > http://www.hosteurope.de/disclaimer.html
| | > | > | >
| | > | > | >
|
| | > | > | >
| | > | > | > - --
| | > | > | > _______ SWITCH - The Swiss Education and Research Network ______
| | > | > | > Peter Haag, Security Engineer, Member of SWITCH CERT
|
| | > | > | > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
| | > | > | > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
| | > | > | > E-mail:
| [EMAIL PROTECTED] Web: http://www.switch.ch/
| | > | > | > -----BEGIN PGP SIGNATURE-----
| | > | > | > Version: GnuPG v1.4.3 (Darwin)
| | > | > | >
|
| | > | > | > iQCVAwUBRsANvf5AbZRALNr/AQK4qAQAmXVvkL4h73/qt1EAw4teUeZxM1UDXnW2
| | > | > | > 322Gwhle0BKY+Jlvf/anEySK48tm0dc/WHY7Zp1LCgoCOi0A5xpLDAOBkaHVQHov
| | > | > | > p8efzVBLIBdf64z1O+uL6/yaA13fLAWN8d0NY/RfoEicGonxo3Ewy7hpRb2EEVez
|
| | > | > | > 4WxBEEgAuOE=
| | > | > | > =lJPr
| | > | > | > -----END PGP SIGNATURE-----
| | > | > | >
| | > | > | >
| | > | > | >
| | > | >
| | > -------------------------------------------------------------------------
|
| | > | > | > This SF.net email is sponsored by: Splunk Inc.
| | > | > | > Still grepping through log files to find problems? Stop.
| | > | > | > Now Search log events and configuration files using AJAX and a
|
| | > | > browser.
| | > | > | > Download your FREE copy of Splunk now >> http://get.splunk.com/
| | > | > | > _______________________________________________
|
| | > | > | > Nfsen-discuss mailing list
| | > | > | > [email protected]
| | > | > | >
| https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
| | > | > | >
| | > | >
| | > | >
| | > | >
| | > | > - --
| | > | > _______ SWITCH - The Swiss Education and Research Network ______
|
| | > | > Peter Haag, Security Engineer, Member of SWITCH CERT
| | > | > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
| | > | > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
|
| | > | > E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
| | > | > -----BEGIN PGP SIGNATURE-----
| | > | > Version: GnuPG
| v1.4.3 (Darwin)
| | > | >
| | > | > iQCVAwUBRsRX0/5AbZRALNr/AQIgcQP9G2H3T/FuqV/Xrq/lZNE5DLwC7EratqHX
| | > | > MwUPMweMrkn6RVqgqh+lXdc71HKodXpAgfiUwc1SC2orpkqrAmQppgd+19dTS2H4
| | > | > MT9Z8OO4wN57XYoJrHQCCwxAqMtz4k/um+Qw7bXqRVTX+VK4ApzzL9Pifx26wcQ8
|
| | > | > PgGf9hRz2hA=
| | > | > =ZjOU
| | > | > -----END PGP SIGNATURE-----
| | > | >
| | > | >
| | >
| | >
| | >
| | > - --
| | > _______ SWITCH - The Swiss Education and Research Network ______
|
| | > Peter Haag, Security Engineer, Member of SWITCH CERT
| | > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
| | > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
| | > E-mail:
| [EMAIL PROTECTED] Web: http://www.switch.ch/
| | > -----BEGIN PGP SIGNATURE-----
| | > Version: GnuPG v1.4.3 (Darwin)
| | >
| | > iQCVAwUBRsRiav5AbZRALNr/AQKJigP+OUYDco8IpC61iq/Wzg4zo44uw+KemKVd
|
| | > Hn7JJtVFVY/iLIt7ziJrjvwngkIVfF7hdm+BaWsV+78Jp5d9NzmpF9mO6+5LLH/h
| | > nlwd5NOlhjUm+MMthCWNpWC3C6B65XeAW0jnsiqRynB5BBsh6hJF+J6AVgHPTDhF
| | > uy/cd1cfOI8=
| | > =UcEj
| | > -----END PGP SIGNATURE-----
|
| | >
| | >
|
|
|
| - --
| _______ SWITCH - The Swiss Education and Research Network ______
| Peter Haag, Security Engineer, Member of SWITCH CERT
| PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
|
| SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
| E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
| -----BEGIN PGP SIGNATURE-----
|
| Version: GnuPG v1.4.3 (Darwin)
|
| iQCVAwUBRsRofP5AbZRALNr/AQJuPwP7BZgtwHkyMICVEc89n4Qk3n17vW8upXZt
| xUtTBtU9ZLkkiAfFPwf8D2+w4B9y2kLHttZE3tSQdF4ZxecmXXAvz2GHtnQXGS9n
| 935T/3mV1SvzL4ZHtvUx9rNlo020pEb1YUEk8LoLH9HvLNWeLifPs7tdObGVA1Nk
|
| KB2GTf0txUU=
| =fXJL
| -----END PGP SIGNATURE-----
|
|
|
|
|
|
|
|
|
|
|
|
___________________________________________________________________________________
| _Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV.
| http://tv.yahoo.com/
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRsVTcv5AbZRALNr/AQLpSgP9EwjG0hJvMLTKuHzCganUDmyiQK/Yc947
ub+A+60F5+mzDY9Utc3eRF1sXf/SEQgY5H3w920j0MwgZu4Ypu1wLZ0UoJPdb+wz
fpCLPD+XQ1gP6zzXotioj6gWLRr5SPcNf8wxtnNdzwI/6Q37aH8+u0mdCERdY03C
wOBSvHlYe9k=
=GQD5
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
