Hello, I'm getting unbelievable numbers from nftrack on my box. Nfsen is collecting collecting ca 30K flows/s (3Gb/s traffic graphs) and PortTracker plugin is trying to do some port usage analyzing. But the output is incorrect. Statistics on the PortTracker plugin tab show only minor values and on the porttracker graph are huge peaks round "16 E"... like exabytes.
In table of top 10 stats are random port numbers with 20 digit bytes values (exabyte style stuff). 16 736 897 794 236 508 267 bytes = 14.5169448 exabytes In the syslog debug level messages I see that nftrack is executed successfully every 5 min and portstat*/rrd files get updated. "nftrack -M profiles-data/live/r1:r2 -r nfcapd.200810031530 -d /var/nftrack -A -t 200810031535 -s -p -w /var/nftrack/portstat.txt" I assume that some port numbers are correct, but these 20 digit byte counters are from the other dimension. Few examples of graphs and top 10. http://www.hot.ee/raunz/porttracker_tcp_flows.png http://www.hot.ee/raunz/porttracker_tcp_bytes.png http://www.hot.ee/raunz/porttracker_top_10.png $ cat /var/nftrack/portstat.txt 1223037300 10 0 0 80 828 275 8785 8704 0 64524 32046 8000 31934 5 2 2 2 2 1 1 1 1 1 10 1 0 31389 5014 38063 35846 6881 6283 26412 1 329 769 16736897794236508267 16529619253345966822 16406334735656598885 16214875194826632781 16068848979304787955 15756840136812924954 14554181895190063364 14119315015479282927 13763295663972167061 13282468803354624533 10 2 0 4678 53018 27839 8000 40211 45683 2525 58384 54284 26409 17958804049120723441 17893508432221504380 16542717060744491017 16491062551466524103 15862608347555798821 15411152199256572123 15301827472425084186 15230564559995144707 14712725465473284097 14481368367552667667 10 0 1 53 16001 0 64808 31816 15880 63319 15585 30932 7681 4 2 1 1 1 1 1 1 1 1 10 1 1 25571 46577 36864 42601 63319 17260 11020 31816 57479 335 9694257503611703041 9007345574866035739 7782523629778562602 7648801158930799664 7083082938447301261 5146527713441381382 2161748689383605248 1845507429488420896 1174146329254566300 130459307290374234 10 2 1 55914 53 12266 335 51164 34981 9654 42834 36998 20002 17655804235669632659 17648882864740043921 17439630441427203781 17017442163468051987 17015521883804434201 16182412027195557120 15709966707533299329 14435520386575895044 14385904614827905259 13996697506153039110 Output in not "online format"... a few flows, but E values of packets and bytes. Top 10 Flows Proto TCP 80 3 18255 2 275 2 Top 10 Packets Proto TCP 21822 17378668962988167410 8855 16503104519973570252 5197 16256762186702063213 Top 10 Bytes Proto TCP 48938 18230888415210515753 3327 17870283330909120706 1461 17301496315247333415 Top 10 Flows Proto UDP 53 2 21 2 20653 2 Top 10 Packets Proto UDP 643 14711925846223252571 18541 126761664774145 10044 631360192513 Top 10 Bytes Proto UDP 15206 18116263118623297029 21 17690726290840519896 53 17462403734231302268 nftrack is compiled on centos5 32bit box with rrdtool-devel-1.2.23-1, lzo2-devel-2.02-3 and nfdump-1.5.7. I had to add lzo2 libs to the nftrack compile command... + gcc -o nftrack nftrack.o nftrack_rrd.o nftrack_stat.o ../../../nfdump-1.5.7/util.o ../../../nfdump-1.5.7/nftree.o ../../../nfdump-1.5.7/grammar.o ../../../nfdump-1.5.7/scanner.o ../../../nfdump-1.5.7/nffile.o ../../../nfdump-1.5.7/flist.o ../../../nfdump-1.5.7/nf_common.o ../../../nfdump-1.5.7/panonymizer.o ../../../nfdump-1.5.7/rijndael.o ../../../nfdump-1.5.7/ipconv.o ../../../nfdump-1.5.7/fts_compat.o -L/usr/lib -lrrd -L/usr/X11R6/lib -llzo2 When I run nfdump to get stats, nfdump return reasonable values. $ nfdump -M profiles-data/live/r1:r2 -r nfcapd.200810031525 -s dstport/flows/pps/packets/bytes Top 10 Dst Port ordered by flows: Date first seen Duration Proto Dst Port Flows Packets Bytes pps bps bpp 2008-10-03 15:20:06.672 593.657 any 80 353676 7.5 M 852.3 M 13296 11.5 M 113 Top 10 Dst Port ordered by packets: Date first seen Duration Proto Dst Port Flows Packets Bytes pps bps bpp 2008-10-03 15:20:06.672 593.657 any 80 353676 7.5 M 852.3 M 13296 11.5 M 113 Summary: total flows: 10274869, total bytes: 142.4 G, total packets: 194.2 M, avg bps: 284734, avg pps: 47, avg bpp: 750 I've tried to delete nftrack rrd's and reinitialized Ports DB, but no good. Thought that nftrack had problem with lzo-devel, so removed the rpm and compiled only with lzo2-devel libs, but same result. nfsen is version 1.3 and the rest of nfdump binaries are also version 1.5.7. any ideas? regards, -- Rauno Tuul ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
