I used to run on FBSD 6, but now RHEL5 so don't know first hand of
issues with FBSD anymore. My understanding is it *works* fine. I
know there is some logic in the code to do somethings different if OS
is FBSD, maybe that is broken? If you like source, there are several
places in the code to enable DEBUG output, starting in
globals-defines.h, but also within the netflow plugin module code.
It will spew a $HITLOAD of messages, so maybe build it with a
different prefix and only run for a few seconds. I'll try to think
of something else.... MAYBE try the port just to see if it works and
if so diff the code?
----- Original Message -----
From:
[email protected]<[email protected]>
To: [email protected]<[email protected]>
Sent: Thu Apr 29 18:55:34 2010
Subject: Re: [Ntop] No data in Netflow on FreeBSD 7.0
Thanks for the quick reply(s)
"Sounds like you tried most everything."
<sigh> yeah, that's what I thought.
Interface is selected. Netflow statistics says 1 packet in, 1 out, 40
bytes, 1 flow. Nothing in any of the v1/v5/v9 rows, nothing except "1
flow processed" in the Discarded section.
running as root, with -t 5 doesn't show me anything I can identify as a
problem - This is the log section that seems most relevant:
Apr 29 19:40:30 netmon ntop[37164]: Now running as requested user
'root' (0:0)
Apr 29 19:40:30 netmon ntop[37164]: Device 0.
em0 (active)
Apr 29 19:40:30 netmon ntop[37164]: Device 1.
NetFlow-device.2 (active)
Apr 29 19:40:30 netmon ntop[37164]: Note: Reporting device initally
set to 1 [NetFlow-device.2]
Apr 29 19:40:30 netmon ntop[37164]: MEMORY: Base interface structure
(no hashes loaded) is 0.33MB each
Apr 29 19:40:30 netmon ntop[37164]: MEMORY: or 0.65MB for 2
interfaces
Apr 29 19:40:30 netmon ntop[37164]: MEMORY: ipTraffixMatrix structure
(no TrafficEntry loaded) is 0.36MB
Apr 29 19:40:30 netmon ntop[37164]: THREADMGMT[t34412171552]: ntop
RUNSTATE: RUN(4)
Apr 29 19:40:30 netmon ntop[37164]: THREADMGMT[t34412176704]: NPS(1):
Started thread for network packet sniffing [em0]
Apr 29 19:40:30 netmon ntop[37164]: THREADMGMT[t34412176704]:
NPS(em0): pcapDispatch thread starting [p37164]
Apr 29 19:40:30 netmon ntop[37164]: THREADMGMT[t34412175968]: NETFLOW:
(port 9990) thread running [p37164]
and:
Apr 29 19:40:55 netmon ntop[37164]: RRD: Cycle 0 ended, 38 RRDs
updated, 0.037 seconds
Apr 29 19:40:55 netmon ntop[37164]: RRD_DEBUG: Sleeping for 300
seconds (interval 300, end at Thu Apr 29 19:45:55 2010)
Apr 29 19:43:04 netmon ntop[37164]: SECURITY: Loading items table
Apr 29 19:45:57 netmon ntop[37164]: RRD: Cycle 1 ended, 18 RRDs
updated, 0.006 seconds
tim
On 04/29/2010 06:32 PM, Gary Gatten wrote:
Also, try running as root to rule out perms and maybe start with -t
5 and hope to get some useful messages in the log.
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Gary Gatten
Sent: Thursday, April 29, 2010 4:58 PM
To: '[email protected]'
Subject: Re: [Ntop] No data in Netflow on FreeBSD 7.0
Sounds like you tried most everything.
What does "Plugins> Netflow> Statistics" show?
Also, have you "Selected" the interface? "Admin> Switch NIC" and
actually choose your netflow interface?
G
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Tim Palmer
Sent: Thursday, April 29, 2010 4:34 PM
To: [email protected]
Subject: [Ntop] No data in Netflow on FreeBSD 7.0
Good Day,
I'm trying to get ntop working on a FreeBSD 7.0 amd64 box. I've had
problems compiling 3.3.10, so tried 3.4pre3.
I'm only interested in seeing data on a NetFlow interface. Nothing
local
is needed. However, I'm seeing similar behavior on eth0, only the
Traffic Statistics table on the Summary Traffic page show very many
packets dropped by libpcap.
Compile and installation work fine. Ntop starts fine, web interface is
fully functional. Netflow plugin is enabled and active. But there is
only one packet shown for the NetFlow device, no packets dropped by
ntop. I *believe* I've tried all ip address configuration options. Most
other settings are default. Running in daemon mode does not produce any
warnings on the console. Listen port is not default, and I've
configured
in the web UI, not spec
started with {prefix}/bin/ntop -w 81 -u ntop -L -d
tcpdump shows data coming in on the port I'm expecting it. Ethereal
confirms they are legit netflow/cflow packets.
sockstat shows ntop listening on the udp4 port expected.
disabling ipfw doesn't help.
Files are created in {prefix}/var/ntop/rrd/interfaces/NetFlow-device.2.
They are being updated, but only with NANs or 0.000 entries.
Netflow statistics page in the web UI shows just the one packet,
56bytes. No dropped flows or other problems.
We prefer to compile from source, so haven't tried the port yet.
rrdtool is 1.4, compiled from source. Cacti is also on this box, and
has
no problem w/ rrdtool.
perl is 5.10.0
flow-capture is also in use on this box (for other devices, on other
ports) and is working properly.
I'm at a loss. If there's more information I can provide, I am most
happy to do so.
Kernel is custom. I have not yet tried with GENERIC, but try that next.
FreeBSD xxx.xxx.xxx 7.0-RELEASE-p12 FreeBSD 7.0-RELEASE-p12 #0: Wed Apr
28 17:46:20 EDT 2010
[email protected]:/usr/obj/usr/src/sys/NETMON amd64
Thank you very much for your time. I'm sort of hoping this is just
something stupid I'm missing.
Tim Palmer
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
