Subject: ntop + cflowd + flowscan hit ratios problems
From: Adam Clark (chumblybum@optushome.com.au)
Date: Sat May 25 2002 - 03:45:18 CDT
Hey,
I'm trying to get flow scan running on a freebsd box.
I have ntop exporting to cflowdmux and cflowd is creating the 5 minute flow files as per usual which I can view
flowdumper:
FLOW
index: 0xc7ffff
router: 127.0.0.1
src IP: 210.49.20.169
dst IP: 210.49.182.205
input ifIndex: 0
output ifIndex: 0
src port: 25
dst port: 57829
pkts: 13
bytes: 1218
IP nexthop: 0.0.0.0
start time: Sat May 25 18:44:41 2002
end time: Sat May 25 18:44:41 2002
protocol: 6
tos: 0x0
src AS: 0
dst AS: 0
src masklen: 0
dst masklen: 0
TCP flags: 0x0
engine type: 0
engine id: 0
Thats prolly my subscription emai :)
My IP on this occasion is 210.49.182.205.
after running flowscan I get :
2002/05/25 18:42:09 working on file flows.20020525_18:41:55+1000...
2002/05/25 18:42:09 flowscan-1.020 CampusIO: Cflow::find took 0 wallclock secs ( 0.00 usr + 0.01 sys = 0.01 CPU) for 550 flow file bytes, flow hit ratio: 0/10
2002/05/25 18:42:09 flowscan-1.020 CampusIO: report took 0 wallclock secs ( 0.06 usr + 0.02 sys = 0.09 CPU)
which in the mailiong list some one said a hit ratio of 0/whaterver can mean a misconfigured CampusIO.cf
What would I need to setup this all on one machine Like I have
Adam
--
Help mailto:majordomo@net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo@net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
This archive was generated by hypermail 2b25 : Sat May 25 2002 - 03:49:36 CDT