-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 (running nfcapd 1.6.5, compiled from source on Debian 6.0.1)
I'm launching nfcapd with the following command line options nfcapd -P nfcapd.pid -D -t 300 -w -l /var/netflow -p 49500 but most of the files created are empty and have 0 size. From this morning for example: - -rw-r--r-- 1 root root 0 Jan 23 06:00 nfcapd.201201230555 - -rw-r--r-- 1 root root 0 Jan 23 06:05 nfcapd.201201230600 - -rw-r--r-- 1 root root 0 Jan 23 06:10 nfcapd.201201230605 - -rw-r--r-- 1 root root 0 Jan 23 06:15 nfcapd.201201230610 - -rw-r--r-- 1 root root 0 Jan 23 06:20 nfcapd.201201230615 - -rw-r--r-- 1 root root 0 Jan 23 06:25 nfcapd.201201230620 - -rw-r--r-- 1 root root 655360 Jan 23 06:30 nfcapd.201201230625 - -rw-r--r-- 1 root root 0 Jan 23 06:35 nfcapd.201201230630 - -rw-r--r-- 1 root root 0 Jan 23 06:40 nfcapd.201201230635 - -rw-r--r-- 1 root root 0 Jan 23 06:45 nfcapd.201201230640 - -rw-r--r-- 1 root root 0 Jan 23 06:50 nfcapd.201201230645 - -rw-r--r-- 1 root root 0 Jan 23 06:55 nfcapd.201201230650 - -rw-r--r-- 1 root root 0 Jan 23 07:00 nfcapd.201201230655 tcpdump shows a handful of UDP packets arriving every second, so I don't think it's a problem with the data not arriving at the collector. Any suggestions as to how I debug this further? Regards, James - -- James Davis 0300 999 2340 (+44 1235 822340) Senior CSIRT Member Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk8dQh0ACgkQjsS2Y6D6yLwhuAEAkUZHFzEl2UATHf+5BHfKTwBi tLTkQXEZttk9gEDA+ygBAMAeVh0dgkD0dO/sQN+RGVpK8SVwoFLZoPWrRwK88nbn =Hxjc -----END PGP SIGNATURE----- JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
