gmane.network.nfsen.general

Crash with nfdump NSEL-1.6.10

Sebastian Hagedorn — 2013-05-22T09:13:39

Hi,

we've been using nfdump/NfSen for several years, but until yesterday I 
wasn't responsible for the software itself. We had been using nfdump 1.5.4 
and all our devices were exporting netflow version 5. Because I now want to 
support IPv6 as well I upgraded to 1.6.10. I configured nfdump on a RHEL 5 
system like this:

./configure --enable-nsel --enable-compat15 --enable-nfprofile

Then I changed one of our routers to export netflow version 9 and enabled 
flows for IPv6. Now I'm getting crashes when I try to use nfdump on nfcapd 
files from that router, e.g.:

nfdump  -r /var/local/nfsen/profiles/live/bordergw/nfcapd.201305211525 -c 1 
'proto tcp'
Date first seen          Event  XEvent Proto      Src IP Addr:Port 
Dst IP Addr:Port     X-Src IP Addr:Port        X-Dst IP Addr:Port   In Byte 
Out Byte
Verify map id 0: ERROR: Expected 7 elements in map, but found 2!
2013-05-21 15:24:42.820 IGNORE  Ignore TCP       REDACTED:58335 -> 
REDACTED:445            0.0.0.0:0     ->          0.0.0.0:445         48 
0
Summary: total flows: 1, total bytes: 48, total packets: 1, avg bps: 0, avg 
pps: 0, avg bpp: 0
Time window: 2013-05-21 15:23:47 - 2013-05-21 15:29:58
Total flows processed: 18701, Blocks skipped: 0, Bytes read: 1048560
Sys: 0.009s flows/second: 1870474.1  Wall: 0.003s flows/second: 4813642.2
*** glibc detected *** nfdump: free(): invalid pointer: 0x0944c848 ***
======= Backtrace: =========
/lib/libc.so.6[0x4fec65]
/lib/libc.so.6(cfree+0x59)[0x502c59]
nfdump[0x80615bf]
nfdump[0x804aca6]
/lib/libc.so.6(__libc_start_main+0xdc)[0x4aaebc]
nfdump[0x80494a1]
======= Memory map: ========
00410000-00411000 r-xp 00410000 00:00 0          [vdso]
00476000-00491000 r-xp 00000000 08:01 870123     /lib/ld-2.5.so
00491000-00492000 r-xp 0001a000 08:01 870123     /lib/ld-2.5.so
00492000-00493000 rwxp 0001b000 08:01 870123     /lib/ld-2.5.so
00495000-005ec000 r-xp 00000000 08:01 870125     /lib/libc-2.5.so
005ec000-005ee000 r-xp 00156000 08:01 870125     /lib/libc-2.5.so
005ee000-005ef000 rwxp 00158000 08:01 870125     /lib/libc-2.5.so
005ef000-005f2000 rwxp 005ef000 00:00 0
006e7000-006f8000 r-xp 00000000 08:01 870295     /lib/libresolv-2.5.so
006f8000-006f9000 r-xp 00010000 08:01 870295     /lib/libresolv-2.5.so
006f9000-006fa000 rwxp 00011000 08:01 870295     /lib/libresolv-2.5.so
006fa000-006fc000 rwxp 006fa000 00:00 0
05716000-05721000 r-xp 00000000 08:01 870280 
/lib/libgcc_s-4.1.2-20080825.so.1
05721000-05722000 rwxp 0000a000 08:01 870280 
/lib/libgcc_s-4.1.2-20080825.so.1
08048000-08079000 r-xp 00000000 08:01 1069771    /usr/local/bin/nfdump
08079000-0807c000 rw-p 00031000 08:01 1069771    /usr/local/bin/nfdump
0807c000-08091000 rw-p 0807c000 00:00 0
0944b000-0946c000 rw-p 0944b000 00:00 0          [heap]
b74b1000-b79b2000 rw-p b74b1000 00:00 0
b7eb3000-b7ef6000 rw-p b7eb3000 00:00 0
b7f01000-b7f02000 rw-p b7f01000 00:00 0
bfaba000-bfacf000 rw-p bffe9000 00:00 0          [stack]
Aborted

Verifying the file shows no errors, as far as I can tell:

nfdump  -v /var/local/nfsen/profiles/live/bordergw/nfcapd.201305211525 

File    : /var/local/nfsen/profiles/live/bordergw/nfcapd.201305211525
Version : 1 - compressed
Blocks  : 70
 Type 1 : 0
 Type 2 : 70
 Type 3 : 0
Records : 1262294

What's more, there don't seem to be any IPv6 flows. Any ideas or 
suggestions?

Cheers,
Sebastian

Last three hours graphs, but no statistics or data

James Wright — 2013-05-21T12:29:57

Hello List,

Apologies if this was previously asked or addressed, if it was I missed it.

Currently installed:

OS:  openSUSE 12.2 x64
Kernel:  3.4.6-2.10-desktop
NFDump:  1.6.9
NFSen:  1.3.6
RRD Tool:  1.4.7-4.1.2
Apache:  2.2.22-4.14.1
PHP5:  5.3.15-1.12.1

My recent install of nfdump/nfsen looks great and works well with one
exception.  I never have statistics or data for the last three hours,
though the graph seems to be correctly reflecting that same time
frame.

In the statistics area of the page I just get X's where numbers
usually appear, unless I move the timeslot back at least three hours.

Similarly, if I try to draw up any information in the Netflow
Processing area, I get errors like this:


** nfdump -M /data/nfsen/profiles-data/live/le-gw-1:le-gw:le-gw-2  -T
-r 2013/05/20/nfcapd.201305201915 -n 10 -s ip/flows
nfdump filter:
any
stat() error '/data/nfsen/profiles-data/live/le-gw-1/2013/05/20/nfcapd.201305201915':
File not found!
stat() error '/data/nfsen/profiles-data/live/le-gw/2013/05/20/nfcapd.201305201915':
File not found!
stat() error '/data/nfsen/profiles-data/live/le-gw-2/2013/05/20/nfcapd.201305201915':
File not found!
Empty file list. No files to process
No matched flows


When I check for those files they truly do not exist.  The closest I
have is:  nfcapd.201305201605.

It seems that there is a time/timing skew.  The system clock reflects
the correct time, so I am not sure why a future file is being
referenced, three hours before it's time.

Any hints as to why this could be happening?


Thanks,
James

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may

Huawei Netstream incompatibility with NFSEN

Francisco López — 2013-05-21T01:48:53

Hi NFSEN community

Does any one knows if NFSEN have incompatibility's with Netstream flow from
Huawei Routers?

Does ay one Knows if we need to change some config at the NFSEN Server?

We have been test it, with Many MTU size at the server, and the Netstream
flow report just 7 Mbps.

I'm attaching two pcap files in order to idetify the problem issue between
Flow Cisco and Netstream, also the config at the Router Huawei.

If some one knows how to work, please let me know.

Thanks community


system
 ip netstream export version 5 origin-as
 ip netstream sampler fix-packets 1000 inbound
 ip netstream sampler fix-packets 1000 outbound
 ip netstream export source 172.16.10.13
 ip netstream export host 10.13.1.46 9983
 ip netstream timeout active 60
ip netstream aggregation as
 ip netstream export source 172.16.10.13
 ip netstream export host 10.60.35.61 9993
 enable

slot 1
GigabitEthernet1/1/0
 ip netstream inbound

slot 3
GigabitEthernet3/0/0
 ip netstream inbound
 ip netstream outbound

slot 6
GigabitEthernet6/1/0
 ip netstream inbound

slot
 slot 1:ip netstream sampler to slot self
 slot 3:ip netstream sampler to slot self
 slot 6:ip netstream sampler to slot self
 slot 8:ip netstream sampler to slot self
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

nfsen (or maybe rrd) not draw diagram

Eric — 2013-05-20T04:37:14

Hi folks,

I’ve been installing nfsen for about 2 months and it works just fine. Last Friday morning I installed surfmap and it also fine.

 

This morning I found nfsen stopped drawing diagram around 2013.5.18 24:00. Restart service/computer also not helpful. 

 

 

 

 From the last screenshot, I can see there are data coming in, but not draw diagram (you can see the last update time attribute). Is there anyone can help? thanks

 


------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Nfsen scalability and data aggregation on graphs

Allen Chan — 2013-05-18T00:24:45

Nfsen has been running for 3 days now and we are loving it. Still working my way around the UI to understand the data.
I have a few questions that I cannot find an obvious answer for.

1. How does one scale Nfsen product to handle thousands of flows/sec? All the commercial products have ways to scale (horizontally mostly). I wonder if nfsen supports that. Multiple collectors with central nfsen server?
2. How is data aggregation handled? Most products start aggregating data after a certain amount of time. What is the raw data period for Nfsen and when does the product start aggregating data for graphs? Is it configurable?

Thanks,
Allen Chan

________________________________

CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities.
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

nfsen and sflow

Frank Meier — 2013-05-15T12:27:26

Hi there,

I want to capture netflow an sflow.

So I installed:
nfdump-1.6.9
/configure --enable-sflow --enable-nfprofile --enable-nftrack

nfsen-1.3.6p1

On my Linux Notebook I installed ipt_NETFLOW
and hsflowd for testing.

Netflows are capured, but nor sflow.

hsflow.conf:
DNSSD = off
  collector {
    ip = 10.66.20.204
    udpport = 2057
  }

On 10.66.20.204 nfsen.conf:

%sources = (
    'credne_netflow'    => { 'port' => '2055', 'col' => '#0000ff',
'type' => 'netflow' },
    'credne_sflow'    => { 'port' => '2057', 'col' => '#ff0000', 'type'
=> 'sflow' },
    'switch_sflow'    => { 'port' => '2056', 'col' => '#4b0082', 'type'
=> 'sflow' },
);

ps says:

nfsen    26635  0.0  0.0  17088  2632 ?        S    14:02   0:00
/bin/sfcapd -w -D -p 2056 -u nfsen -g omd -B 200000 -S 1 -P
/usr/local/nfsen/var/run/p2056.pid -z -I switch_sflow -l
/usr/local/nfsen/profiles-data/live/switch_sflow
nfsen    26642  0.0  0.0  17088  2628 ?        S    14:02   0:00
/bin/sfcapd -w -D -p 2057 -u nfsen -g omd -B 200000 -S 1 -P
/usr/local/nfsen/var/run/p2057.pid -z -I credne_sflow -l
/usr/local/nfsen/profiles-data/live/credne_sflow
nfsen    26651  0.0  0.0  18172  2760 ?        S    14:02   0:00
/bin/nfcapd -w -D -p 2055 -u nfsen -g omd -B 200000 -S 1 -P
/usr/local/nfsen/var/run/p2055.pid -z -I credne_netflow -l
/usr/local/nfsen/profiles-data/live/credne_netflow

The data in
profiles-data/live/credne_sflow/2013/05/15/
are all 276 bit.

Any clue where the problem is?

Thanks

Issues installing Nfsen

Allen Chan — 2013-05-10T00:32:10

Hi everyone,

I got nfcapd working and writing the flow data to file. nfdump is also showing data.
I am trying to install nfsen for the UI part of it.

I am getting this error:

[root< at >xx nfsen-1.3.6p1]# ./install.pl<http://install.pl/> ./etc/nfsen.conf
Check for required Perl modules: Failed
Required nfsen modules not found
Can't locate Mail/Header.pm in < at >INC (< at >INC contains: libexec ./libexec ./installer-items /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./install.pl<http://install.pl/> line 640.

[root< at >xx nfsen-1.3.6p1]# find / -name 'Header'
/usr/local/lib/perl5/5.16.2/x86_64-linux-thread-multi/Encode/MIME/Header
/usr/lib64/perl5/Encode/MIME/Header

Pretty sure i have all the requirements so this is a little puzzling. Googling the error has mostly just gotten advice to install the cpan packages...

Thanks
Allen Chan

________________________________

CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities.
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Message Details For Email Alerts ... ?

Wilkinson, Alex — 2013-04-26T07:24:52

Hi all,

Any progress on email body contents/details for alerts ? As question here in 2010:

http://www.mail-archive.com/nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org/msg01866.html ?

   -Alex

************** IMPORTANT MESSAGE *****************************       
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential. 
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. 
We can be contacted through our web site: commbank.com.au. 
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line. 
**************************************************************




------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

Non-latin names in profiles

Naim Shafiev — 2013-04-24T09:33:27

Hello.Is there way to make a non-latin(ascii) names in profile name?
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

nfsen 1.3.6p1 not doing graphics on debian 6!

Abel Guzmán Sánchez — 2013-04-24T06:06:40

Hello, I'm new to nfsen, I've installed fprobe, nfdump and nfsen on a
Debian 6 box, every thing seems to be working fine and I tested to run
nfcap as follows:

/bin/nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l
/var/netflow/

And it's able to get the responses from the client side... I've run a
nfdump comand with the -r option with the path to the file and it
shows every thing that was captured...

But nfsen is unable to show any thing on the graphics and I don't know
how to get any proper information about why is it not working or how
to troubleshoot it...
Can you please give me some light on this issue?
Kind Regards and thank you in advanced.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

"flow-export: destination with same IP alreadyexists" ... ?

Wilkinson, Alex — 2013-04-24T03:26:37

Hi all,

I am successfully exporting flows from one interface on multiple ASAs. Today I
went to export flows from another interface and was greeted with the following
error:

ASA(config)# flow-export destination dmz x.x.x.x 2055
ERROR: flow-export: destination with same IP already exists

Can I not export flows from multiple interfaces on a single device ?

Regards

-Alex

************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

About nfsen not doing graphics!

Abel Guzmán Sánchez — 2013-04-23T10:07:28

Hello, I'm new to nfsen I've installed fprobe, nfdump and nfsen on a Debian
6 box, every thing seems to be working fine and I tested to run nfcap as
follows:

/bin/nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l
/var/netflow/

And it's able to get the responses from the client side... I've run a
nfdump comand with the -r option with the path to the file and it
shows every thing that was captures...
but nfsen is unable to show any thing on the graphics and I don't know
how to get any proper information about why is it not working, how to
troubleshoot it...
Can you please give me some light on this issue?
Kind Regards and thank you in advanced.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

nfdump-1.6.9 + ASA (8.2) - Packets(%) - Empty(zero) ... ?

Wilkinson, Alex — 2013-04-23T07:45:55

Hi all,

Firstly superb piece of software Peter!

I have two questions:

Question one:
~~~~~~~~~~~~~

I am successfully using nfdump-1.6.9/nfsen-1.3.6p1 on FreeBSD 9.1-STABLE to
monitor ASAs running Version 8.2(5)33. Things seem to work well, except for the fact
that "Packets(%)", "pps" and "bpp" are all zero and never increment e.g

  Top 10 IP Addr ordered by packets:
  Date first seen          Duration Proto           IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp
  2013-04-23 17:08:53.859   191.039 any       x.x.x.x       11( 0.0)        0( 0.0)    73797( 0.0)        0     3090     0
  2013-04-23 17:04:23.717    71.253 any       x.x.x.x        7( 0.0)        0( 0.0)    33930( 0.0)        0     3809     0
  2013-04-23 17:04:58.374   195.439 any       x.x.x.x        9( 0.0)        0( 0.0)   906003( 0.1)        0    37085     0
  2013-04-23 17:18:13.639   313.166 any       x.x.x.x       15( 0.1)        0( 0.0)   528703( 0.1)        0    13506     0
  2013-04-23 17:13:18.240    29.137 any       x.x.x.x        2( 0.0)        0( 0.0)      287( 0.0)        0       78     0
  2013-04-23 17:11:57.899     0.000 any       x.x.x.x        1( 0.0)        0( 0.0)      203( 0.0)        0        0     0
  2013-04-23 17:12:04.468   233.405 any       x.x.x.x       14( 0.1)        0( 0.0)   531998( 0.1)        0    18234     0
  2013-04-23 17:12:34.695    62.923 any       x.x.x.x        3( 0.0)        0( 0.0)   131622( 0.0)        0    16734     0
  2013-04-23 17:05:26.531   246.503 any       x.x.x.x       21( 0.1)        0( 0.0)     4735( 0.0)        0      153     0
  2013-04-23 17:08:34.931    64.883 any       x.x.x.x        4( 0.0)        0( 0.0)    56680( 0.0)        0     6988     0

I was under the impression that the NSEL fork is no longer needed since it has been merged into nfdump-1.6.9 ?
(The reason I ask this is because I have seen in the archives others with same problem and the solution was the NSEL fork).

So can anyone suggest how I can troubleshoot the aforementioned issue ?

Question two:
~~~~~~~~~~~~~

Apparently Cisco wrote and released a plugin called "NSELTracker", however, I cannot see it here: http://sourceforge.net/apps/trac/nfsen-plugins/.

Is the "NSELTracker" plugin still relevant ? If yes, can someone tell me where to get it from ?

Regards

  -Alex


************** IMPORTANT MESSAGE *****************************       
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential. 
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. 
We can be contacted through our web site: commbank.com.au. 
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line. 
**************************************************************




------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

nfsen

Dp Singh — 2013-04-22T12:11:16

hi,

I am new to nfsen, i am trying install nfsen as user manual in online.

while i am at this stage

nfdump tools installation error: 'nfcapd' not found in '/usr/local/bin' at
./install.pl line 197, <STDIN> line 1.

kindly advice.

Thanks & Regards
Devendra Prasad
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

reading from socket

Matt Zagrabelny — 2013-04-17T19:58:22

Hi all,

I am still having the issue of the web application having trouble
reading from the socket for the first time. Successive reads don't
have the issue. Here are the debug logs (when setting $DEBUG=1) for
the php file:

nfsend STATUS 'OK Timeout reading from socket! at
/usr/share/nfsen/lib/Nfcomm.pm line 1129, <STDIN> line 15.'
Tab: Set tab to 0: Home
Subtab: Set tab to 0: Flows
nfsend INTERNAL '.debug=1'
nfsend COMMAND 'get-profile' binary: 0
nfsend 1st write() failed: reason: Broken pipe

I see the "Broken pipe" message, but I don't know if that is a result
of the timeout or the cause of the timeout.

Any help would be much appreciated.

Thanks,

-mz

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

Re-eposrting flow data

Tore Anderson — 2013-04-17T10:26:03

Hi,

I have a customer who would like access to his own flow data. I can't
give him access to *all* my flow data, but I was wondering if is somehow
possible to have nfcapd apply a filter that matches his network ranges,
and then re-export the matching flows to the customer's  collector?

Or any other way to accomplish this in a nice way? One of the use-cases
is to quickly determine what's going on during DoS attacks, so it has to
be (near-)realtime.

Tore


------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

Plugin backend: persistent variables between runs

Luuk Hendriks — 2013-04-16T08:24:27

Hello all,

Regarding the backend of an NfSen plugin:
Is there a way to implement variables that are persistent between runs? Right now I use the Storable module to write the content of a variable to disk at the end of a run, and read it again from disk in the next run.

Furthermore it seems that variables set in the Init routine are available in runs, but alterations to their content are lost in the next run: the value is the next run will be like it was after Init. Is this correct? Are variables set in the Init routine only to be used in a 'constant'-like way?


Thanks in advance,

Luuk Hendriks
University of Twente, the Netherlands

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

session problems?

Matt Zagrabelny — 2013-04-15T21:14:47

Greetings,

I've come across three warnings/errors in the web UI. The first
"Frontend - Backend version missmatch!" is fixed via the following
patch:

http://sourceforge.net/mailarchive/forum.php?thread_name=CC36D0621A8F654D988D6C3542FF6ADC0434FC356C%40EXCHANGE2.grove.ad.uconn.edu&forum_name=nfsen-discuss

I still have two more - they only show when my browser if first
loaded. If I refresh the page, or if the meta-refresh of the page
occurs, the error and warning go away. Here they are:

ERROR: nfsend socket_write() communication error: Broken pipe!
WARNING: Fall back to profile live!

Am I suffering a similar "session" problem with these second two messages?

Thanks for any hints.

-mz

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

nfsen + two different nfcapd

dzr — 2013-04-10T11:49:20

hello.

i have the nfsen 1.3.6p1 from freebsd ports.

how to set up nfsen for two different nfcapd binaries
* first nfcapd patched for 'smartedge redback' and his location at
/usr/local/bin/nfcapd
* second bin nfcapd patched for 'cisco asa' and located at
/usr/local/nfdump-nsel/bin/nfcapd

how to make them work on the same nfsen? its possible?

thanx and big hugs!
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

memory problem

Mitja Podlogar — 2013-04-10T11:00:01

I installed Nfsen 1.3.6p1 and nfdump 1.6.9 on FreeBSD 9.1. I'm using these
plugins: SURFmap, PortTracker, Botnets (with Events) and nfsight.

Everything was working great for more then a month. Today I noticed strange
behavior of process "nfsend-comm" which started using 2 CPU and entire RAM
+ entire SWAP. At that time nothing really special was done except watching
graphs.

I tried restarting nfsen service and it was working for a minute and then
again nfsend-comm starts using RAM and CPU.

Yesterday I added plugin PortTracker and upgraded nfdump from 1.6.8 to
1.6.9. I don't really know if it has anything to do with this problem since
everything was working fine for 24 hours.

I tried and disabled PortTracker but it didn't help.

If logs are needed I can provide them but I didn't see anything interesting
in messages and nfsen log.

I would be very grateful if anyone could tell me how to proceed with
debugging this or if anyone already had this problem and knows a solution.

Thank you in advance.
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

dynamic average values based on the average for thetime of day

James Mcloughlin — 2013-04-08T15:16:19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Apologies if this has already been discussed.

Within the Alerts section of NFSEN, you can configure alerting based
on average values.
Rather than the mean average, I think that it would be useful to have:
 "average for this time of the day".

This way I can build a traffic profile with upper and lower
thresholds, and have alerting trigger if the traffic profile goes
outside of the threshold.

Has anyone done anything like this with NFSEN?

Rgds

- -- 
Jamie Mcloughlin+44 1235 822 383PGP: FF7746C1
JANET CSIRT0870 850 2340(+44 1235 822 340)
Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFi30MACgkQk+nTdv93RsH0CQCdGMhKNpUlxAcS9XwOpftmSu2E
h9cAoOvpUajBLRYhDksS7LJRB9LHJdlN
=6S16
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html