[netflow-tools] Empty log
Walter Weiss
weweiss at mindspring.com
Thu Jun 28 08:57:50 EST 2007
Hi;
I have installed netflowd on the latest version of Fedora. It
all seems to install ok. I have the following information from the command
lines etc. But nothing ever writes to the log. Is there anything I can do
to troubleshoot where the data is lost? Thanks
Log entries in the messages file-
Jun 27 13:17:26 flow_collector flowd[3403]: Received max number of packets
(512)
on fd 3
Jun 27 13:47:26 flow_collector flowd[3403]: Received max number of packets
(512)
on fd 3
Jun 27 14:17:26 flow_collector flowd[3403]: Received max number of packets
(512)
on fd 3
Jun 27 14:47:26 flow_collector flowd[3403]: Received max number of packets
(512)
on fd 3
Jun 27 15:17:26 flow_collector flowd[3403]: Received max number of packets
(512)
on fd 3
verified process is running
[root at flow_collector etc]# ps -ef | grep flow
avahi 2585 1 0 Jun26 ? 00:00:00 avahi-daemon: running
[flowcollector.local]
root 3402 1 0 Jun26 ? 00:00:00 flowd: monitor
_flowd 3403 3402 0 Jun26 ? 00:00:00 flowd: net
root 6065 6021 0 11:36 pts/0 00:00:00 grep flow
[root at flow_collector etc]# ps -ef | grep syslog
root 3370 1 0 Jun26 ? 00:00:00 syslogd -m 0 -a
/var/empty/dev/log
root 6067 6021 0 11:36 pts/0 00:00:00 grep syslog
verified port seems to be listenting
[root at flow_collector etc]# netstat -apn | grep flow
udp 0 0 205.152.6.88:9995 0.0.0.0:*
3403/flowd: net
unix 2 [ ] DGRAM 11493 3403/flowd: net
unix 3 [ ] STREAM CONNECTED 11444 3403/flowd: net
unix 3 [ ] STREAM CONNECTED 11443 3402/flowd: monitor
checked for listening files and they seem to be ok
[root at flow_collector etc]# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
portmap 2076 rpc 3u IPv4 6641 UDP *:sunrpc
portmap 2076 rpc 4u IPv4 6642 TCP *:sunrpc (LISTEN)
rpc.statd 2102 rpcuser 3w IPv4 6716 UDP *:1009
rpc.statd 2102 rpcuser 6u IPv4 6693 UDP *:1006
rpc.statd 2102 rpcuser 7u IPv4 6753 TCP *:1012 (LISTEN)
hpiod 2376 root 0u IPv4 7305 TCP flow_collector:2208
(LISTEN)
python 2381 root 4u IPv4 7321 TCP flow_collector:2207
(LISTEN)
cupsd 2398 root 3u IPv4 7369 TCP flow_collector:ipp
(LISTEN)
cupsd 2398 root 5u IPv4 7372 UDP *:ipp
sshd 2417 root 3u IPv6 7420 TCP *:ssh (LISTEN)
sendmail 2442 root 4u IPv4 7513 TCP flow_collector:smtp
(LISTEN)
yum-updat 2568 root 8u IPv4 10063 TCP
flow_collector:45266->admin.fedora.redhat.com:http
(CLOSE_WAIT)
avahi-dae 2585 avahi 13u IPv4 7822 UDP *:mdns
avahi-dae 2585 avahi 14u IPv6 7823 UDP *:mdns
avahi-dae 2585 avahi 15u IPv4 7824 UDP *:filenet-tms
avahi-dae 2585 avahi 16u IPv6 7825 UDP *:filenet-rpc
flowd 3403 _flowd 3u IPv4 11442 UDP flow_collector:palace-4
sshd 6019 root 3r IPv6 72128 TCP
flow_collector:ssh->205.152.6.166:catchpole
(ESTABLISHED)
[root at flow_collector etc]#
Seems to indicate I am getting packets
[root at flow_collector /]# netflow v.9 packet (len 44) 1 recs, source
0x00000100
netflow v.9 options flowset
output_flow_flush: flushing output queue len 0
Files associated with the flowd process
[root at flow_collector /]# lsof -c flowd
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
flowd 6371 root cwd DIR 253,0 4096 7456541 /usr/local/sbin
flowd 6371 root rtd DIR 253,0 4096 2 /
flowd 6371 root txt REG 253,0 97616 7481639
/usr/local/sbin/flowd
flowd 6371 root mem REG 253,0 46740 7816295
/lib/libnss_files-2.5.so
flowd 6371 root mem REG 253,0 121684 7816881 /lib/ld-2.5.so
flowd 6371 root mem REG 253,0 1576920 7816883 /lib/libc-2.5.so
flowd 6371 root 0u CHR 1,3 2132 /dev/null
flowd 6371 root 1u CHR 1,3 2132 /dev/null
flowd 6371 root 2u CHR 136,1 3 /dev/pts/1
flowd 6371 root 4u unix 0xf731e800 18855 socket
flowd 6373 _flowd cwd DIR 253,0 4096 425182 /var/empty
flowd 6373 _flowd rtd DIR 253,0 4096 425182 /var/empty
flowd 6373 _flowd txt REG 253,0 97616 7481639
/usr/local/sbin/flowd
flowd 6373 _flowd mem REG 253,0 46740 7816295
/lib/libnss_files-2.5.so
flowd 6373 _flowd mem REG 253,0 121684 7816881 /lib/ld-2.5.so
flowd 6373 _flowd mem REG 253,0 1576920 7816883 /lib/libc-2.5.so
flowd 6373 _flowd 0u CHR 1,3 2132 /dev/null
flowd 6373 _flowd 1u CHR 1,3 2132 /dev/null
flowd 6373 _flowd 2u CHR 136,1 3 /dev/pts/1
flowd 6373 _flowd 3u IPv4 18854 UDP
flow_collector:palace-4
flowd 6373 _flowd 4u REG 253,0 0 230572
/usr/local/flowd/yort_test
flowd 6373 _flowd 5u unix 0xf731e300 18856 socket
flowd 6373 _flowd 6u unix 0xf731c300 18881 socket
[root at flow_collector /]#
I installed the debug info rpm but am not sure how to do anything with it.
Here is the debug for the start up of the file.
[root at flow_collector sbin]# flowd -d
read_config: entering
child_get_config: entering
drop_privs: dropping privs without chroot
send_config: entering fd = 4
send_config: done
child_get_config: child config done
recv_config: entering fd = 3
recv_config: ready to receive config
Listener for [205.152.6.88]:9995 fd = 3
Increased socket receive buffer from 110592 to 524288
Setting socket send buf to 1024
privsep_init: entering
drop_privs: dropping privs with chroot
init_pfd: entering (num_fds = 0)
init_pfd: done (num_fds = 2)
client_open_log: entering
answer_open_log: entering
So the bottom line is I seem to be listening and receiving packets but
nothing goes to the log. What can I do to troubleshoot further.
Thanks
Walt Weiss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20070627/79b80c42/attachment-0001.html
More information about the netflow-tools
mailing list