Hello,
I'm runing 3.3 on Fedora Core 6. I can't seem to get my netflow probe to
display any data. I configured it for the proper netflow port and did a sniff
on the box to make sure netflow data was coming in. My network in the netflow
configuration screen is set to our class B network.
However, when I look at the statistics for the plugin, it shows 0. Also, any
time I choose "Describe" from the Netflow plugin menu it appears to deactivate
the plugin!?
I've had all this working before - it wasn't that hard. Is this some weird FC6
issue or has anyone else seen this?
I'll include the various config info below...
Thank you -Greg Redder
ackets
Received: 117224
Processed: 117224 (immediately)
Queued: 0
Lost: 0 (queue full)
[s] Queue: Current: 148328904 Maximum: 0
[s] Queue: Current: 148839296 Maximum: 0
[s] Queue: Current: 2993970752 Maximum: 0
Network:
Network Interface 0 eth0
Received (pcap): 144542
Dropped (pcap): 15
Received: 117224
Ethernet: 117224
Broadcast: 332
IP: 116321
Mfg: ____________________ Model: ____________________
NIC Speed: 10/100/1000/Other Bus: PCI ISA USB Firewire Other
Location: Public Internet / LAN / WAN
Bandwidth: Dialup DSL/CableModem fT1 T1 10Mbps T3 100Mbps+
# Hosts (machines): __________
Network Interface 1 NetFlow-device.3
Mfg: ____________________ Model: ____________________
NIC Speed: 10/100/1000/Other Bus: PCI ISA USB Firewire Other
Location: Public Internet / LAN / WAN
Bandwidth: Dialup DSL/CableModem fT1 T1 10Mbps T3 100Mbps+
# Hosts (machines): __________
Network Interface 2 NetFlow-device.3
Mfg: ____________________ Model: ____________________
NIC Speed: 10/100/1000/Other Bus: PCI ISA USB Firewire Other
Location: Public Internet / LAN / WAN
Bandwidth: Dialup DSL/CableModem fT1 T1 10Mbps T3 100Mbps+
# Hosts (machines): __________
----------------------------------------------------------------------------
Log extract
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpHours 72 hours by 300 seconds
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpDays 90 days by hour
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpMonths 36 months by day
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpDomains no
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpFlows no
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpHosts no
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpInterfaces yes
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpASs yes
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpMatrix no
Thu Oct 11 14:25:12 2007 RRD_DEBUG: dumpDetail high
Thu Oct 11 14:25:12 2007 RRD_DEBUG: hostsFilter
Thu Oct 11 14:25:12 2007 RRD_DEBUG: rrdPath /usr/local/var/ntop/rrd
Thu Oct 11 14:25:12 2007 RRD_DEBUG: umask 0066
Thu Oct 11 14:25:12 2007 RRD_DEBUG: DirPerms 0700
Thu Oct 11 14:25:12 2007 THREADMGMT: RRD: Started thread (t2962082704) for
data collection Thu Oct 11 14:25:12 2007 THREADMGMT[t2962082704]: RRD: Data
collection thread starting [p29945] Thu Oct 11 14:25:12 2007 INIT: Created pid
file (/var/run/ntop.pid) Thu Oct 11 14:25:12 2007 Now running as requested
user 'root' (0:0) Thu Oct 11 14:25:12 2007 Note: Reporting device initally set
to 1 [NetFlow-device.3] Thu Oct 11 14:25:12 2007 THREADMGMT[t3086374592]: ntop
RUNSTATE: RUN(4) Thu Oct 11 14:25:12 2007 THREADMGMT[t3057978256]: SFP:
Fingerprint scan thread running [p29945] Thu Oct 11 14:25:12 2007
THREADMGMT[t3047488400]: SIH: Idle host scan thread running [p29945] Thu Oct 11
14:25:12 2007 THREADMGMT[t2976770960]: NETFLOW: (port 2055) thread running
[p29945] Thu Oct 11 14:25:12 2007 THREADMGMT[t2951592848]: NPS(1): Started
thread for network packet sniffing [eth0] Thu Oct 11 14:25:12 2007
THREADMGMT[t2951592848]: NPS(eth0): pcapDispatch thread starting [p29945] Thu
Oct 11 14:25:12 2007 THREADMGMT[t2951592848]: NPS(eth0): pcapDispatch thread
running [p29945] Thu Oct 11 14:25:22 2007 THREADMGMT[t2924190608]: RRD:
Started thread for throughput data collection Thu Oct 11 14:25:22 2007
THREADMGMT[t2962082704]: RRD: Data collection thread running [p29945] Thu Oct
11 14:25:22 2007 THREADMGMT[t2924190608]: RRD: Throughput data collection:
Thread starting [p29945] Thu Oct 11 14:25:22 2007 THREADMGMT[t2924190608]:
RRD: Throughput data collection: Thread running [p29945] Thu Oct 11 14:38:27
2007 NETFLOW: Terminating NetFlow Thu Oct 11 14:38:27 2007 NETFLOW:
terminating device NetFlow-device.3 Thu Oct 11 14:38:27 2007 NETFLOW: Thanks
for using ntop NetFlow Thu Oct 11 14:38:27 2007 NETFLOW: Done Thu Oct 11
14:38:30 2007 THREADMGMT[t2976770960]: NETFLOW: thread terminated [p29945] Thu
Oct 11 14:41:06 2007 NETFLOW: Welcome to the netFlow plugin Thu Oct 11
14:41:06 2007 NETFLOW: initializing '3' devices Thu Oct 11 14:41:06 2007
NETFLOW: createNetFlowDevice(3) Thu Oct 11 14:41:06 2007 Creating dummy
interface, 'NetFlow-device.3'
Thu Oct 11 14:41:06 2007 NETFLOW: initializing deviceId=2 Thu Oct 11 14:41:06
2007 NETFLOW: White list initialized to ''
Thu Oct 11 14:41:06 2007 NETFLOW: Black list initialized to ''
Thu Oct 11 14:41:06 2007 NETFLOW: Created a UDP socket (13) Thu Oct 11
14:41:06 2007 NETFLOW: Collector listening on port 2055 Thu Oct 11 14:41:06
2007 THREADMGMT[t2976770960]: NETFLOW: thread starting [p29945] Thu Oct 11
14:41:06 2007 THREADMGMT[t2976770960]: NETFLOW: (port 2055) thread running
[p29945] Thu Oct 11 14:41:06 2007 THREADMGMT[t2976770960]: NETFLOW: Started
thread for receiving flows on port 2055 Thu Oct 11 14:41:06 2007 Initializing
device NetFlow-device.3 (2) Thu Oct 11 14:41:06 2007 **WARNING** NETFLOW:
Truncated network size(device NetFlow-device.3) to 1024 hosts(real netmask
255.255.0.0).
Thu Oct 11 14:41:06 2007 NETFLOW: createNetFlowDevice created device 2
----------------------------------------------------------------------------
Problem Description
----------------------------------------------------------------------------
Basic Information
ntop Version.....3.3
Configured on.....Oct 11 2007 12:25:52
Built on.....Oct 11 2007 12:27:03
OS.....i686-redhat-linux-gnu [32 bit]
libpcap Version.....libpcap version 0.9.4 RRD Version.....1.2023 Running
from.....ntop Libraries in...../usr/local/lib Library path.....(nil) ntop
Process Id.....29945 http Process Id.....29945 Run State.....Run
Command line
Started as.........ntop -u root -d
Resolved to.........ntop -u root -d
Preferences used
-a | --access-log-file.....(default) (nil)
-b | --disable-decoders.....(default) No
-c | --sticky-hosts.....(default) No
-d | --daemon.....Yes
-e | --max-table-rows.....(default) 128
-f | --traffic-dump-file.....(default) (nil)
-g | --track-local-hosts.....(default) Track all hosts
-i | --interface (effective).....eth0
-j | --create-other-packets.....(default) Disabled
-l | --pcap-log.....(default) (nil)
-m | --local-subnets (effective).....129.82.0.0/16
-n | --numeric-ip-addresses.....(default) No
-o | --no-mac.....(default) Trust MAC Addresses
-p | --protocols.....(default) internal list
-q | --create-suspicious-packets.....(default) Disabled
-r | --refresh-time.....(default) 120
-s | --no-promiscuous.....(default) No
-t | --trace-level.....(default) 3
-u | --user.....root (uid=0, gid=0)
-w | --http-server.....(default) Active, all interfaces, port 3000
-z | --disable-sessions.....(default) No
-B | --filter-expression.....(default) none
-D | --domain.....colostate.edu
-F | --flow-spec.....(default) none
-K | --enable-debug.....(default) No
-L | --use-syslog.....daemon
-M | --no-interface-merge (effective).....(parameter -M set, Interfaces
separate) No
-N | --wwn-map.....(default) (nil)
-O | --pcap-file-path.....(default) /usr/local/var/ntop
-P | --db-file-path.....(default) /usr/local/var/ntop
-Q | --spool-file-path.....(default) /usr/local/var/ntop
-U | --mapper.....(default) http://www.ntop.org/cgi-bin/mapper.pl
-X.....32768
--disable-schedYield.....Yes
--disable-instantsessionpurge.....(default) No
--disable-mutexextrainfo.....Yes
--disable-stopcap.....Yes
--fc-only.....(default) No
--instance.....(default) (nil)
--no-fc.....(default) No
--no-invalid-lun.....(default) No
--p3p-cp.....(default) none
--p3p-uri.....(default) none
--skip-version-check.....Yes
--w3c.....Yes
Run time/Internal
Web server URL.....http://any:3000
GDBM version.....This is GDBM version 1.8.0, as of May 19, 1999.
zlib version.....1.2.3
Protocol Decoders.....Enabled
Fragment Handling.....Enabled
Tracking only local hosts.....No
# IP Protocols Being Monitored.....20
# Protocol slots.....18316
# IP Ports Being Monitored.....174
# IP Ports slots.....348
WebServer Request Queue.....10
Devices (Network Interfaces).....3
Domain name (short).....edu
IP to country flag table (entries).....52395
Total Hash Collisions (Vendor/Special) (lookup).....0
Database (MySQL) Support Enabled.....No
ntop Web Server
Item..................http://...................https://# Handled
Requests.....939.....-
# Successful requests (200).....938.....-
# Bad (We don't want to talk with you) requests.....0.....-
# Invalid requests - 403 FORBIDDEN.....0.....-
# Invalid requests - 404 NOT FOUND.....0.....-
# SSI Requests.....0
# Bad SSI Requests.....0
# Handled SSI Requests.....0
# Handled SIGPIPE Errors.....0
Memory Usage
IPX/SAP Hash Size (bytes).....1897
IP to country flag table (bytes).....1614732 (1.5 MB)
Bytes per entry.....30.8
IP to AS (Autonomous System) number table (bytes).....0 (0.0 MB)
Host Memory Cache
Limit.....#define MAX_HOSTS_CACHE_LEN 512
Current Size.....0
Maximum Size.....0
# Entries Reused.....0
MAC/IPX Hash tables
IPX/SAP Hash Size (entries).....179
IPX/SAP Hash Collisions (load).....0
IPX/SAP Hash Collisions (use).....0
Packets
Received.....117,224
Processed Immediately.....117,224 (100.0 %)
Queued.....0 (0.0 %)
Current Queue (eth0).....0
Maximum Queue (eth0).....0 (Limit 2048)
Current Queue (NetFlow-device.3).....0
Maximum Queue (NetFlow-device.3).....0 (Limit 2048)
Current Queue (NetFlow-device.3).....0
Maximum Queue (NetFlow-device.3).....0 (Limit 2048)
Packet processing:....Queue (pre-process).......Processing
Minimum.....0.000009.....0.000010
Average.....0.000028.....0.000021
Maximum.....0.000161.....0.000998
Standard Deviation.....0.000022.....0.000048
Maximum ever.....0.001882.....0.003718
Throughput (pps) min/avg/max.....862.8/20484.5/52631.6
Host/Session counts - global
Purged Hosts.....1
Terminated Sessions.....2,521
Host/Session counts - Device 0 (eth0)
Hash Bucket Size.....1.9 KBytes
Actual Host Hash Size.....32768
Stored hosts.....8
Host Bucket List Length.....[min 1][max 1][avg 1.0]
Max host lookup.....1
Session Bucket Size.....268
Session Actual Hash Size.....65535
Sessions.....301
Max Num. Sessions.....320
Session Bucket List Length.....[min 1][max 1][avg 1.0]
Host/Session counts - Device 2 (NetFlow-device.3)
Hash Bucket Size.....1.9 KBytes
Actual Host Hash Size.....32768
Stored hosts.....1
Host Bucket List Length.....[min 1][max 1][avg 1.0]
Max host lookup.....0
Session Bucket Size.....268
Session Actual Hash Size.....65535
Sessions.....0
Max Num. Sessions.....0
Session Bucket List Length.....[min 4294967295][max 0][avg 1.0]
----- Address Resolution -----
DNS Sniffing (other hosts requests)
DNS Packets sniffed.....0
less 'requests'.....0
less 'failed'.....0
less 'reverse dns' (in-addr.arpa).....0
DNS Packets processed.....0
Stored in cache (includes aliases).....0
IP to name - ipaddr2str():
Total calls.....351
....OK.....351
....Total not found.....0
........Not found in cache.....0
........Too old in cache.....0
Queued - dequeueAddress()
Total Queued.....0
Not queued (duplicate).....0
Maximum Queued.....0
Current Queue.....0
Resolved - resolveAddress():
Addresses to resolve.....0
....less 'Error: No cache database'.....0
....less 'Found in ntop cache'.....0
Gives: # gethost (DNS lookup) calls.....0
DNS Lookup Calls:
DNS resolution attempts.....0
....Success: Resolved.....0
....Failed.....0
........HOST_NOT_FOUND.....0
........NO_DATA.....0
........NO_RECOVERY.....0
........TRY_AGAIN (don't store).....0
........Other error (don't store).....0
DNS lookups stored in cache.....0
Host addresses kept numeric.....0
Vendor Lookup Table
Input lines read.....0
Records added total.....0
.....includes special records.....0
getVendorInfo() calls.....0
getSpecialVendorInfo() calls.....8
Found 48bit (xx:xx:xx:xx:xx:xx) match.....1
Found 24bit (xx:xx:xx) match.....7
Found multicast bit set.....0
Found LAA (Locally assigned address) bit set.....0
Thread counts
Active.....11
Children (active).....11
Directory (search) order
Data Files......
/usr/local/share/ntop
Config Files......
/usr/local/etc/ntop
/etc
Plugins....../plugins
/usr/local/lib/ntop/plugins
Compile Time: ./configure
./configure parameters.....--no-create --no-recursion
Built on (Host).....i686-redhat-linux-gnu
Built for(Target).....i686-redhat-linux-gnu
preprocessor (CPPFLAGS).....gcc -E -DLINUX -I/usr/local/include
compiler (CFLAGS).....gcc -g -O2 -I/usr/local/include -Wshadow -Wpointer-arith
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -fPIC -DPIC
-DHAVE_CONFIG_H
include path.....(nil)
system libraries.....-L/usr/local/lib -lpthread -lm -ldl -lcrypt -lc -lgdbm -lz
install path...../usr/local
GNU C (gcc) version.....4.1.2 20070626 (Red Hat 4.1.2-13) (4.1.2)
uname data.....sysname(Linux) release(2.6.22.9-61.fc6) version(#1 SMP Thu Sep
27 18:48:03 EDT 2007) machine(i686)
<snip>
PLUGINS:
RRD:
RRD path...../usr/local/var/ntop/rrd
New directory permissions.....0700
New file umask.....0066
Mutexes:
Mutex packetProcessMutex (eth0) is unlocked, locked: 117224 times.
Mutex purgeMutex is locked, locked: 960 times.
===============================================================================
Greg Redder Academic Computing & Networking Services
Colorado State University, ACNS Phone:(970)491-7222 FAX: (970)491-1958
601 S. Howes, Room 625 E-mail: [EMAIL PROTECTED]
Fort Collins, CO 80523 PGP Fprint:CD62EAE6227D96FC7C232B16DFE3B5D9B2F64352
===============================================================================
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
