I figured this out - the filter was defaulting to "not any" .. changing it to "any" fixed it.
Thanks! -----Original Message----- From: SOLOMON, STEVEN J (ATTLABS) Sent: Tuesday, September 28, 2010 10:38 AM To: '[email protected]' Cc: [email protected] Subject: RE: [Nfsen-discuss] Profile Graphs Empty I changed the source to match the existing Ident string in all our flows. I did that, and restarted nfsen. Still when I define a new profile, using that as the source, the data files in the profile contain no flows and the graphs are all showing up empty. Steve -----Original Message----- From: Peter Haag [mailto:[email protected]] Sent: Tuesday, September 28, 2010 10:35 AM To: SOLOMON, STEVEN J (ATTLABS) Cc: [email protected] Subject: Re: [Nfsen-discuss] Profile Graphs Empty On 9/28/10 15:00, SOLOMON, STEVEN J (ATTLABS) wrote: > Hi Peter, > Thanks for the reply. So it sounds like renaming the flow source to > match the Ident string, and thus the directory name, would solve this. > It didn't help, still having the same issue. In your suggestion of > changing the Ident string (nfdump -i <newident>), what should I change > it to? Is there a filter setting I need to make in defining the profile? Change it to the name of the flow-source. The same name as in %sources {} - Peter > > Steve > > -----Original Message----- > From: Peter Haag [mailto:[email protected]] > Sent: Tuesday, September 28, 2010 3:57 AM > To: SOLOMON, STEVEN J (ATTLABS) > Cc: [email protected] > Subject: Re: [Nfsen-discuss] Profile Graphs Empty > > Hi Steve, > > Profiles are filtered according the flow source. Each flow file contains > an ident string, which identifies the source ( > see nfdump -I <file> ). This strings is also used to filter the flows > for profiling. If you rename the flow source > later on ( e.g. by renaming the directory ), this ident string points to > the old name. Therefore you would need to > change this string too. ( nfdump -i <newident> -f <file> ) > > - Peter > > > On 9/27/10 23:18, SOLOMON, STEVEN J (ATTLABS) wrote: >> >> >> I am hoping you can offer me some clues since I am stuck with the > issue >> of empty profile graphs. >> >> In our installation we have netflow data stored in /data/nfdump, >> organized by date, for example >> >> lznsun02-836# pwd >> >> /data/nfdump/2010-09-27 >> >> -rw-r--r-- 1 netman webservd 2290 Sep 27 20:40 >> nfcapd.201009272035 >> >> -rw-r--r-- 1 netman webservd 2322 Sep 27 20:45 >> nfcapd.201009272040 >> >> -rw-r--r-- 1 netman webservd 2312 Sep 27 20:50 >> nfcapd.201009272045 >> >> -rw-r--r-- 1 netman webservd 2438 Sep 27 20:55 >> nfcapd.201009272050 >> >> -rw-r--r-- 1 netman webservd 2337 Sep 27 21:00 >> nfcapd.201009272055 >> >> -rw-r--r-- 1 netman webservd 2345 Sep 27 21:05 >> nfcapd.201009272100 >> >> >> >> We configured Nfsen to run without a collector, but with its live data >> source set to point to the /data/nfdump location, as follows: >> >> lznsun02-859# pwd >> >> /data/nfsen/profiles-data/live >> >> lznsun02-860# ls -l >> >> total 4 >> >> lrwxrwxrwx 1 root other 12 Sep 27 21:10 cce -> >> /data/nfdump >> >> >> >> >> >> This works fine , for the live configuration, I see the graphs created >> by NFsen represent the flows under /data/nfdump, and are updated >> regularly. >> >> >> >> The problem is with profiles. When I create a profile of anytime, and >> specify a time duration for which flows exist in the nfdump data, the >> data directory created when I set up the profile only contains nfcapd >> files that contain no flows. For example: >> >> >> >> lznsun02-872# pwd >> >> /data/nfsen/profiles-data/test3/cce/2009-11-09 >> >> lznsun02-869# ls -l >> >> total 576 >> >> -rw-r--r-- 1 netman webservd 276 Sep 27 20:59 >> nfcapd.200911090000 >> >> -rw-r--r-- 1 netman webservd 276 Sep 27 20:59 >> nfcapd.200911090005 >> >> -rw-r--r-- 1 netman webservd 276 Sep 27 20:59 >> nfcapd.200911090010 >> >> -rw-r--r-- 1 netman webservd 276 Sep 27 20:59 >> nfcapd.200911090015 >> >> -rw-r--r-- 1 netman webservd 276 Sep 27 20:59 >> nfcapd.200911090020 >> >> ... >> >> -rw-r--r-- 1 netman webservd 323 Sep 27 20:59 >> nfcapd.200911092350 >> >> -rw-r--r-- 1 netman webservd 323 Sep 27 20:59 >> nfcapd.200911092355 >> >> >> >> >> >> The graphs are created for the profile, but they are all empty. >> >> >> >> I cannot figure out why it doesn't take the same nfcapd data that the >> live data gets from the pointer /data/nfdump location. >> >> >> >> I have tried rebuilding and reinstalling everything on my system: > nfdump >> (and configured with -enable-nfprofile option), rrdtool, and nfsen. >> I enabled debug logging and see the log messages from my profile >> creation but there are not any clues about what is going wrong. Your >> advice or suggestions on what I should try next would be greatly >> appreciated! This is a Solaris 10 server. >> >> >> >> Thank you, >> >> Steve >> >> >> >> >> >> >> >> > ------------------------------------------------------------------------ > ------ >> Start uncovering the many advantages of virtual appliances >> and start using them to simplify application deployment and >> accelerate your shift to cloud computing. >> http://p.sf.net/sfu/novell-sfdev2dev >> >> >> >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > -- -- Be nice to your netflow data ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
