Subject: RE: cflowd dead-lock? (was "Re: No flows.currect of timestamped flows?")
From: Alan Sawyer (alan@linerate.net)
Date: Mon Jan 28 2002 - 12:27:50 CST
flowdumper <ft.blah> and you should see the output. If you dont get a result then you should check the flows are actually being collected ie tcpdump/iptraf etc. A- On Mon, 28 Jan 2002, Hewett, Nigel wrote: > Dave, > > OK now installed flow tools and recompiled Cflow (the one that > came with flow tools). I have updated the FlowScan.pm and modified the > flowscan.cf to read FlowFileGlob ft-v*[0-9]. I have then fired off > flow-capture -z0 -NO -V5 -n287 -w/usr/local/arts/data/cflowd/flows > /10/72.100/1/2055. I now have in the flows directory files named > ft-v05.2002-01-28.163001+0000 etc. > > How do I check them with flowdumper if I run flowumper -s from the flows > dir it does nothing I have to ctrl c out > > Thanks > > Nigel > > -----Original Message----- > From: Dave Plonka [mailto:plonka@doit.wisc.edu] > Sent: 25 January 2002 20:23 > To: flowscan@net.doit.wisc.edu > Cc: Hewett, Nigel > Subject: cflowd dead-lock? (was "Re: No flows.currect of timestamped > flows?") > > On Fri, Jan 25, 2002 at 04:06:22PM -0000, Hewett, Nigel wrote: > > > > I also have checked flowatch /all and I see the incoming packets > fine. > > Looks like cflowdmux is not setting up the semaphore for cflowd all > I > > see in semaphore arrays is 0x0002dfb9 32769 root 777 2 ? > > Since its code is not being maintained, I don't have much patience any > more for trying to decipher cflowd. Usually I'm fine with System V IPC > stuff - its weird, but understantable - but I just have trouble > following the C++ source code. > > Before switching to flow-tools, I had used cflowd for years and it has > some strange failure modes. For instance, I've had it dead-lock > something like what you've desribed, and I've remedied it by killing > cflowdmux and cflowd, and using ipcrm(1) to remove the semaphore set. > Then it worked OK after restarting. Here's a related post: > > http://net.doit.wisc.edu/~plonka/list/flowscan/archive/0820.html > > If you can't get cflowd to work, my suggestion is to use Mark Fullmer's > flow-tools package instead. Posts to the mailing list have described > how to do that, and it will be documented in the next release which > doesn't look like its coming out this week as I'd hoped. > > Dave > > > -----Original Message----- > > From: Hewett, Nigel > > Sent: 25 January 2002 12:48 > > To: 'flowscan@net.doit.wisc.edu' > > Subject: No flows.currect of timestamped flows? > > > > > > All reinstalled now. When if run cflowd -s 300 -O 0 -m > /path/to/cflowd.conf I g > > et nothing if I edit the conf and rem out the collect I get under > data\flows\10 > > .72.100.1.flows.0 - 9 and that's it? I have confirmed that I am > running the pat > > ched cflowd and I can see udp packets from the device also ? > > -- Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body Unsubscribe mailto:majordomo@net.doit.wisc.edu and say "unsubscribe flowscan" in message body Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
This archive was generated by hypermail 2b25 : Mon Jan 28 2002 - 12:28:55 CST