Re: flowscan Seg Fault.... :(

Date view	Thread view	Subject view	Author view

Subject: Re: flowscan Seg Fault.... :(
From: Dave Plonka (plonka@doit.wisc.edu)
Date: Fri Nov 09 2001 - 09:59:00 CST

Next message: Dave Plonka: "AS data for "enterprise" networks? (was "Re: Problems with AS-to-AS capture/graphing.")"
Previous message: Dave Plonka: "Re: Combination of AS and subnet data?"
In reply to: Timothy Brown: "flowscan Seg Fault.... :("
Reply: Dave Plonka: "Re: flowscan Seg Fault.... :("

Hi Timothy,

On Thu, Nov 01, 2001 at 06:27:16PM -0500, Timothy Brown wrote:
<snip>
> The best way I could think (I'm not really a great thinker...)
>  of doing this is to have a tree structure of our flowscans
> 
> /opt/cflowd 		<- Top level
> /opt/cflowd/subnet	<- per subnet i.e. subnet/aaa.bbb.ccc.ddd
> 					   subnet/hhh.iii.jjj.kkk
> and for these subnets to mirror the toplevel.
> Since the toplevel is up and working I though this would be 
> great and easy. I made a load of sym links for the binaries 
> and created local subnet files. (I've later made all local,
> including binaries)

Not sure what you're up to with the subnets. SubNetIO would not
suffice?  Are you trying to get application/protocol/AS info by
subnet?  If so, see my previous post about demux'ing the flows by
subnet first.

> When I now run flowscan on the subnet i.e.216.40.33.0/24
> I get this error:
> bash-2.03$ ./flowscan 
> Loading "/opt/cflowd/subnets/216.40.33.0_24/bin/mysubnet.boulder" ...
> Cflow: Bad magic number
> Cflow: ftiheader_read(): failed
> 2001/11/01 17:47:33 working on file ../data/flows.last...
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

OK, this is bad - a common cause of SIGSEGV.  flowscan should never
process a file called "flows.last" - it must have a timestamp in the
file name, like "flows.YYYYMMDD_HHMI+TZ" as is produced by the patched
cflowd when invoked with "-s".  (The FlowFileGlob can be used to
prevent it from processing the wrong files, especially if left at its
default value in "flowscan.cf" as shipped in FlowScan-1.006.)  This has
been discussed a number of time in the mailing list.  For instance see
this in the archive:

   http://net.doit.wisc.edu/~plonka/list/flowscan/archive/0944.html

Dave

-- 
plonka@doit.wisc.edu  http://net.doit.wisc.edu/~plonka  ARS:N9HZF  Madison, WI

--
Help        mailto:majordomo@net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo@net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive     http://net.doit.wisc.edu/~plonka/list/flowscan/archive/

Next message: Dave Plonka: "AS data for "enterprise" networks? (was "Re: Problems with AS-to-AS capture/graphing.")"
Previous message: Dave Plonka: "Re: Combination of AS and subnet data?"
In reply to: Timothy Brown: "flowscan Seg Fault.... :("
Reply: Dave Plonka: "Re: flowscan Seg Fault.... :("

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b25 : Fri Nov 09 2001 - 10:04:28 CST