Subject: Flowscan doesn't work!!!
From: Alexandra Alvarado (aaaa@telconet.net)
Date: Wed Oct 17 2001 - 12:42:39 CDT
Hello, I'm Alexandra from Ecuador
I have installed flowscan and all its requierement (as manual says), i
have a Cisco 3600 with IOS 12.1(2) and i excecuted "ip flow-export
version ?" and a i get 1,5,6 as answer, so i think the cisco support
flow export version 5, well
I have a network like this (the real ips are others)
INTERNET
|
|
|
CISCO
router
serial 3/0 ether
20.20.20.1/30 10.10.10.1/30 (and 5 more networks)
|
|
|
linux transparent proxy
eth0 eth1
10.10.10.2/30 30.30.30.1/24
|
|
|
radial link
|
|
|
flowscan
eth0
30.30.30.74/24
gateway 30.30.30.1
The transparent proxy (RedHat 7.1)acts as router and all machines has
its as gateway defaults even the pc that has flowscan installed, but the
gateway default of the transparent proxy linux is the cisco router
Well, i configured the cisco like the manual in Ether and Serial 3/0,
but when i execute flowscan i get the next flowscan.log
2001/10/17 11:35:29 working on file flows.20011017_11:35:26+0000...
flows.20011017_11:35:26+0000: Invalid index in cflowd flow file: 0x3FFF!
Version 5 flow-export is required with *all* fields being saved.
2001/10/17 11:35:29 flowscan-1.017 CampusIO: Cflow::find took 0
wallclock secs ( 0.00 usr 0.01 sys + 0.02 cusr 0.03 csys = 0.06 CPU)
for 1458108 flow file bytes, flow hit ratio: 0/0
2001/10/17 11:35:29 flowscan-1.017 CampusIO: report took 0 wallclock
secs ( 0.02 usr 0.00 sys + 0.01 cusr 0.04 csys = 0.07 CPU)
sleep 300...
2001/10/17 11:40:29 working on file flows.20011017_11:40:29+0000...
flows.20011017_11:40:29+0000: Invalid index in cflowd flow file: 0x3FFF!
Version 5 flow-export is required with *all* fields being saved.
2001/10/17 11:40:30 flowscan-1.017 CampusIO: Cflow::find took 1
wallclock secs ( 0.00 usr 0.00 sys + 0.04 cusr 0.02 csys = 0.06 CPU)
for 1413810 flow file bytes, flow hit ratio: 0/0
2001/10/17 11:40:30 flowscan-1.017 CampusIO: report took 0 wallclock
secs ( 0.04 usr 0.00 sys + 0.01 cusr 0.03 csys = 0.08 CPU)
sleep 300...
sleep 300...
sleep 300...
sleep 300...
sleep 300...
sleep 300...
My other problem is that i can see the networks.rrd files but i can't
create the png files to see the traffic, and in png files created like
-rw-r--r-- 1 root flowscan 7029 Oct 17 12:05
io_protocols_bits.png
-rw-r--r-- 1 root flowscan 7073 Oct 17 12:05
io_protocols_flows.png
-rw-r--r-- 1 root flowscan 7179 Oct 17 12:05
io_protocols_pkts.png
-rw-r--r-- 1 root flowscan 13333 Oct 17 12:05
io_services_bits.png
-rw-r--r-- 1 root flowscan 10638 Oct 17 12:05
io_services_flows.png
-rw-r--r-- 1 root flowscan 10791 Oct 17 12:05
io_services_pkts.png
-rw-r--r-- 1 root flowscan 6550 Oct 17 12:05
protocols_flows.png
-rw-r--r-- 1 root flowscan 6525 Oct 17 12:05
protocols_Mbps.png
-rw-r--r-- 1 root flowscan 6681 Oct 17 12:05
protocols_pkts.png
-rw-r--r-- 1 root flowscan 7790 Oct 17 12:05
services_flows.png
-rw-r--r-- 1 root flowscan 8932 Oct 17 12:05
services_Mbps.png
-rw-r--r-- 1 root flowscan 7851 Oct 17 12:05
services_pkts.png
i can't see any traffic (is empty)
=======================
The flowscan.cf file has
CampusIO.cf
WaitSeconds 300
and defaults
=======================
The CampusIO.cf file has :
OutputIfIndexes 1, 2
LocalSubnetFiles bin/local_nets.boulder (where i put my 5 networks)
OutputDir graphs
and defaults
I excecuted :
# snmpwalk router public interfaces.ifTable.ifEntry.ifDescr
and i got:
interfaces.ifTable.ifEntry.ifDescr.1 = Ethernet0/0
interfaces.ifTable.ifEntry.ifDescr.2 = Serial3/0
interfaces.ifTable.ifEntry.ifDescr.3 = Serial3/1
interfaces.ifTable.ifEntry.ifDescr.4 = Serial3/2
interfaces.ifTable.ifEntry.ifDescr.5 = Serial3/3
interfaces.ifTable.ifEntry.ifDescr.6 = Null0
as in use ethernet and serial3/0 i put OutputIfIndexes 1, 2
and when i executed
# flowdumper -a flows.current
#
i have no answer and flows.current has 574K of information (i think):
# ls -l
total 268
drwxr-sr-x 2 root flowscan 4096 Oct 17 10:58 bin
-rw-r--r-- 1 root flowscan 4981 Oct 17 12:28 flowscan.log
-rw-r--r-- 1 root flowscan 215970 Oct 17 12:29 flows.current
drwxr-sr-x 2 root flowscan 4096 Oct 17 11:40 graphs
drwxr-sr-x 2 root flowscan 4096 Oct 17 12:28 saved
=======================
The cflowd.conf file has :
COLLECTOR {
HOST: ip of my flowscan pc in the graph (30.30.30.74)
AUTH: none
}
COLLECTOR {
HOST: 127.0.0.1 # IP address of central collector
AUTH: none
}
CISCOEXPORTER {
HOST: 10.10.10.1 # ip of ether from cisco in the graph (10.10.10.1)
ADDRESSES: { 10.10.10.1, #ip of ether 10.10.10.1
20.20.20.1} #and serial 3/0
20.20.20.1
CFDATAPORT: 2055 # Port on which to listen for data.
}
=====================
The Napster_subnets.boulder file has :
SUBNET=208.49.228.0/24
=
SUBNET=208.184.216.0/24
=
SUBNET=208.49.239.240/28
=
SUBNET=208.178.175.128/29
=
SUBNET=208.178.163.56/29
=
SUBNET=64.124.41.0/24
WHENCE=2000/09/08 15:37:42
DESCRIPTION=Napster
=======================
The local_nets.boulder has :
SUBNET=40.40.40..0/24
DESCRIPTION=our network
=
SUBNET=50.50.50.0/24
DESCRIPTION=our network
=
etc...
This networks are configured in Ethernet of Cisco for routing purpose
=======================
I have read the mailing list but i didn't see a similar problem!
Thans for your help
Alexandra Alvarado
--
Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo@net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
This archive was generated by hypermail 2b25 : Wed Oct 17 2001 - 12:49:36 CDT