Subject: Re: flowscan & SubNetIO.pm
From: Alexander Serkin (als@cell.ru)
Date: Thu Aug 16 2001 - 01:52:28 CDT
Mathias Gärtner wrote: > > What is your setting > of our_subnets.boulder and > SubnetIO.cf -> local hops (it seems to be empty) > > If they are not correct you won't see any input or output data... My local hops are empty and the following our_subnets are: SUBNET=212.119.96.0/24 DESCRIPTION=MCC = SUBNET=212.119.97.0/24 DESCRIPTION=M9 BackBone = SUBNET=212.119.99.0/24 DESCRIPTION=TopS = SUBNET=212.119.98.16/29 DESCRIPTION=Nika = SUBNET=212.119.98.48/29 DESCRIPTION=IRO = SUBNET=212.119.98.72/29 DESCRIPTION=GR1 = SUBNET=212.119.98.80/29 DESCRIPTION=GR2 = SUBNET=212.119.101.0/25 DESCRIPTION=ICHP = SUBNET=212.119.98.24/29 DESCRIPTION=MNTK = SUBNET=212.119.98.112/29 DESCRIPTION=ZCPR = SUBNET=212.119.101.128/27 DESCRIPTION=RDTH = SUBNET=212.119.101.160/27 DESCRIPTION=GZEI local_nets.boulder is: SUBNET=212.119.96.0/19 DESCRIPTION=MCC Alloc Incoming traffic IS exported by Cisco: ... 2001/08/16 10:41:59 212.108.98.4.80 -> 212.119.101.158.64004 6(SYN|FIN|ACK|PUSH) 4 469 2001/08/16 10:42:01 195.230.90.26.9000 -> 212.119.101.158.64003 6(SYN|FIN|ACK) 2 84 2001/08/16 10:41:46 212.119.181.69.4401 -> 212.119.101.138.80 6(SYN) 3 144 2001/08/16 10:42:02 195.230.90.26.9000 -> 212.119.101.158.64005 6(SYN|FIN|ACK|RST) 3 124 2001/08/16 10:41:48 213.59.3.30.80 -> 212.119.101.158.63999 6(ACK) 1 40 2001/08/16 10:41:49 212.119.181.69.4485 -> 212.119.101.138.80 6(SYN) 3 144 2001/08/16 10:42:05 195.230.90.26.9000 -> 212.119.101.158.64005 6(RST) 3 120 ... And i've changed the OutputIfIndexes to "2,3,4". These are fa1/1, et2/0, et2/1 interfaces connected to our upstream providers. But with no result: there is no incoming traffic in my rrd file at all: ... 997942800: 0.0000000000e+00 2.5001333333e+02 0.0000000000e+00 2.7133333333e+00 0.0000000000e+00 4.9333333333e-01 1.0000000000e+00 0.0000000000e+00 ... > > Mathias > > Alexander Serkin wrote: > > > Hello gurus, > > I'm currently having trouble with building subnet > > stats using SubNetIO ReportClass. > > The problem is that there is no incoming traffic on my graph. > > I wonder if there is an ability to look in the rrd database > > for the in_bytes counter. > > And why this may occour? > > > > Below are my flowscan.cf: > > > > FlowFileGlob /cfd/flows/flows.*:*[0-9] > > ReportClasses SubNetIO > > WaitSeconds 30 > > Verbose 1 > > > > CampusIO.cf: > > > > OutputIfIndexes 1,2,3,4,5,6,28,29,30,31,32,33,34,35,36,37,38,39,40,41 > > LocalSubnetFiles /cfd/flows/bin/local_nets.boulder > > OutputDir /www/mccinet/flows/docs/graphs > > Verbose 1 > > Protocols icmp, tcp, udp > > TCPServices citrix, ftp-data, ftp, http, imap, netshow, notes, pop3, 7070, 554, > > secure-http, secure-pop3, smtp, socks, sqlnet, sqlserver, ssh, telnet, 8100, > > 8101, 8102, 8103, 8104, 3128 > > UDPServices domain, snmp, snmp-trap > > NapsterSubnetFiles /cfd/flows/bin/Napster_subnets.boulder > > NapsterSeconds 1800 > > NapsterPorts 6699, 8875, 8888, 7777, 6700, 6666, 6677, 6688, 4444, 5555 > > > > and SubNetIO.cf: > > > > SubnetFiles /cfd/flows/bin/subnets > > OutputDir /www/mccinet/flows/docs/graphs > > Verbose 1 > > > > I've looked through raw flows and seen the traffic for > > that subnet (input and output), but it does not appear > > in my graph built with this makefile: > > > > ... > > common staff skipped > > ... > > DEF_TT_out_bytes = > > DEF:xTT_out_bytes=$(rrddir)/212.119.101.128_27.rrd:out_bytes:AVERAGE > > DEF_TT_in_bytes = > > DEF:xTT_in_bytes=$(rrddir)/212.119.101.128_27.rrd:in_bytes:AVERAGE > > CDEF_TT_in_bps = CDEF:TT_in_bps=xTT_in_bytes,8,*,-1,* > > CDEF_TT_out_bps = CDEF:TT_out_bps=xTT_out_bytes,8,* > > > > rdtex$(tag).$(filetype): 212.119.101.128_27.rrd total.rrd unknown.rrd MCAST.rrd > > $(rrdtool) graph \ > > $@ \ > > --imgformat $(IMGFORMAT) \ > > --width $(width) \ > > --height $(height) \ > > --alt-autoscale \ > > -v 'bits/s' \ > > -t 'Traffic Statistics for 212.119.101.128/27 Network (bits/s)' \ > > -s $(totals_past_hours) \ > > $(DEF_TT_out_bytes) \ > > $(DEF_TT_in_bytes) \ > > $(CDEF_TT_in_bps) \ > > $(CDEF_TT_out_bps) \ > > LINE1:TT_in_bps#00ff00:'TT In' \ > > LINE1:TT_out_bps#0000ff:'TT Out (212.119.101.128/27)' \ > > GPRINT:TT_in_bps:LAST:' %4.0lf' \ > > GPRINT:TT_out_bps:LAST:' %4.0lf\n' \ > > HRULE:0#000000 > > > > cflowd-2-1-b1 is patched for flowscan. > > flowscan is 1.006. > > And finally all this lives on Intel Solaris 2.8. > > > > -- > > Alexander > > -- > > cflowd mailing list > > cflowd@caida.org -- Alexander Serkin Moscow Cellular The aim of science is to seek the simplest explanations of complex facts. Seek simplicity and distrust it. -- Whitehead. -- Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body Unsubscribe mailto:majordomo@net.doit.wisc.edu and say "unsubscribe flowscan" in message body Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
This archive was generated by hypermail 2b25 : Thu Aug 16 2001 - 02:00:15 CDT