Welcome, Guest. Please login or register.

Author Topic: Issue Configuring and Using netflow  (Read 94 times)

knottyau75

  • Newbie
  • *
  • Posts: 2
    • View Profile
Issue Configuring and Using netflow
« on: August 27, 2018, 07:55:30 AM »
Hi All,  Hoping someone can help me.

I've used Configured a New NEdi install using Ubuntu 17.10 and the Script that Remo has made avialable on the Website.  Its all Running fine except for Flowi.pl.

The Collector is running and the Files are being stored in fine in /var/cache/ndump.

If I manually run nfdump -r /var/cache/nfdump/nfcapd.201808271534  I get an output.

But,  If I run /var/nedi/flowi.pl -v, it returns the Following

Code: [Select]
nedi@auqldrv00nwm1ai:/var/cache/nfdump$ sudo /var/nedi/flowi.pl -v
RRD :nfdump -M /var/cache/nfdump/nfcapd.201808271526:nfcapd.201808271529:nfcapd.201808271534:nfcapd.201808271539:nfcapd.201808271544:nfcapd.current.1009 -r nfcapd.201808271540 using packets
stat() error '/var/cache/nfdump/nfcapd.201808271526/nfcapd.201808271540': Not a directory
stat() error '/var/cache/nfdump/nfcapd.201808271526/nfcapd.201808271540': Not a directory
TRRD:/var/nedi/rrd/flow.rrd update OK
ALRT:0 mails and 0 SMS sent

and, of course, the RRD file has nothing in it.

my nedi.conf file has the Following in it

Code: [Select]
# Path to nfdump data files
nfdpath /var/cache/nfdump

# Top 10 netflow ports
# flow.rrd needs to be recreated after changes (can be achieved by deleting Flow RRD in System-Files)
nfport 22 ssh
nfport 23 telnet
nfport 25 smtp
nfport 53 dns
nfport 123 ntp
nfport 80 http
nfport 443 https
nfport 445 cifs
nfport 3260 iscsi
nfport 3389 rdp

And the Directory looks like

Code: [Select]
nedi@auqldrv00nwm1ai:/var/cache/nfdump$ ls -l
total 204392
-rw-r--r-- 1 root root 16390980 Aug 27 15:28 nfcapd.201808271526
-rw-r--r-- 1 root root 43134252 Aug 27 15:34 nfcapd.201808271529
-rw-r--r-- 1 root root 42600480 Aug 27 15:39 nfcapd.201808271534
-rw-r--r-- 1 root root 40525656 Aug 27 15:44 nfcapd.201808271539
-rw-r--r-- 1 root root 39363144 Aug 27 15:49 nfcapd.201808271544
-rw-r--r-- 1 root root 27263152 Aug 27 15:52 nfcapd.current.1009


I also cannot query the Dump files from the GUI (not sure if that is related or not)

Any Idea's?



Thanks in Advance

Knotty


harry

  • Full Member
  • ***
  • Posts: 131
    • View Profile
Re: Issue Configuring and Using netflow
« Reply #1 on: August 30, 2018, 01:13:10 AM »
Hi,
Could you please make sure you do not have permission issue for flowi.pl to access the folder? and please make sure you have the same folder name as you have refered "/var/cache/ndump" and nfdump, I hope htats typo.

Regards,
Harry

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2619
    • View Profile
    • NeDi
Re: Issue Configuring and Using netflow
« Reply #2 on: August 31, 2018, 11:57:45 AM »
Make sure you set nfdpath in nedi.conf to /var/cache/ndump
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo