gmane.network.nfsen.general

Nfsen scalability and data aggregation on graphs

Allen Chan — 2013-05-18T00:24:45

Nfsen has been running for 3 days now and we are loving it. Still working my way around the UI to understand the data.
I have a few questions that I cannot find an obvious answer for.

1. How does one scale Nfsen product to handle thousands of flows/sec? All the commercial products have ways to scale (horizontally mostly). I wonder if nfsen supports that. Multiple collectors with central nfsen server?
2. How is data aggregation handled? Most products start aggregating data after a certain amount of time. What is the raw data period for Nfsen and when does the product start aggregating data for graphs? Is it configurable?

Thanks,
Allen Chan

________________________________

CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities.
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

nfsen and sflow

Frank Meier — 2013-05-15T12:27:26

Hi there,

I want to capture netflow an sflow.

So I installed:
nfdump-1.6.9
/configure --enable-sflow --enable-nfprofile --enable-nftrack

nfsen-1.3.6p1

On my Linux Notebook I installed ipt_NETFLOW
and hsflowd for testing.

Netflows are capured, but nor sflow.

hsflow.conf:
DNSSD = off
  collector {
    ip = 10.66.20.204
    udpport = 2057
  }

On 10.66.20.204 nfsen.conf:

%sources = (
    'credne_netflow'    => { 'port' => '2055', 'col' => '#0000ff',
'type' => 'netflow' },
    'credne_sflow'    => { 'port' => '2057', 'col' => '#ff0000', 'type'
=> 'sflow' },
    'switch_sflow'    => { 'port' => '2056', 'col' => '#4b0082', 'type'
=> 'sflow' },
);

ps says:

nfsen    26635  0.0  0.0  17088  2632 ?        S    14:02   0:00
/bin/sfcapd -w -D -p 2056 -u nfsen -g omd -B 200000 -S 1 -P
/usr/local/nfsen/var/run/p2056.pid -z -I switch_sflow -l
/usr/local/nfsen/profiles-data/live/switch_sflow
nfsen    26642  0.0  0.0  17088  2628 ?        S    14:02   0:00
/bin/sfcapd -w -D -p 2057 -u nfsen -g omd -B 200000 -S 1 -P
/usr/local/nfsen/var/run/p2057.pid -z -I credne_sflow -l
/usr/local/nfsen/profiles-data/live/credne_sflow
nfsen    26651  0.0  0.0  18172  2760 ?        S    14:02   0:00
/bin/nfcapd -w -D -p 2055 -u nfsen -g omd -B 200000 -S 1 -P
/usr/local/nfsen/var/run/p2055.pid -z -I credne_netflow -l
/usr/local/nfsen/profiles-data/live/credne_netflow

The data in
profiles-data/live/credne_sflow/2013/05/15/
are all 276 bit.

Any clue where the problem is?

Thanks

Issues installing Nfsen

Allen Chan — 2013-05-10T00:32:10

Hi everyone,

I got nfcapd working and writing the flow data to file. nfdump is also showing data.
I am trying to install nfsen for the UI part of it.

I am getting this error:

[root< at >xx nfsen-1.3.6p1]# ./install.pl<http://install.pl/> ./etc/nfsen.conf
Check for required Perl modules: Failed
Required nfsen modules not found
Can't locate Mail/Header.pm in < at >INC (< at >INC contains: libexec ./libexec ./installer-items /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./install.pl<http://install.pl/> line 640.

[root< at >xx nfsen-1.3.6p1]# find / -name 'Header'
/usr/local/lib/perl5/5.16.2/x86_64-linux-thread-multi/Encode/MIME/Header
/usr/lib64/perl5/Encode/MIME/Header

Pretty sure i have all the requirements so this is a little puzzling. Googling the error has mostly just gotten advice to install the cpan packages...

Thanks
Allen Chan

________________________________

CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities.
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Message Details For Email Alerts ... ?

Wilkinson, Alex — 2013-04-26T07:24:52

Hi all,

Any progress on email body contents/details for alerts ? As question here in 2010:

http://www.mail-archive.com/nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org/msg01866.html ?

   -Alex

************** IMPORTANT MESSAGE *****************************       
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential. 
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. 
We can be contacted through our web site: commbank.com.au. 
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line. 
**************************************************************




------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

Non-latin names in profiles

Naim Shafiev — 2013-04-24T09:33:27

Hello.Is there way to make a non-latin(ascii) names in profile name?
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

nfsen 1.3.6p1 not doing graphics on debian 6!

Abel Guzmán Sánchez — 2013-04-24T06:06:40

Hello, I'm new to nfsen, I've installed fprobe, nfdump and nfsen on a
Debian 6 box, every thing seems to be working fine and I tested to run
nfcap as follows:

/bin/nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l
/var/netflow/

And it's able to get the responses from the client side... I've run a
nfdump comand with the -r option with the path to the file and it
shows every thing that was captured...

But nfsen is unable to show any thing on the graphics and I don't know
how to get any proper information about why is it not working or how
to troubleshoot it...
Can you please give me some light on this issue?
Kind Regards and thank you in advanced.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

"flow-export: destination with same IP alreadyexists" ... ?

Wilkinson, Alex — 2013-04-24T03:26:37

Hi all,

I am successfully exporting flows from one interface on multiple ASAs. Today I
went to export flows from another interface and was greeted with the following
error:

ASA(config)# flow-export destination dmz x.x.x.x 2055
ERROR: flow-export: destination with same IP already exists

Can I not export flows from multiple interfaces on a single device ?

Regards

-Alex

************** IMPORTANT MESSAGE *****************************
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential.
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries.
We can be contacted through our web site: commbank.com.au.
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line.
**************************************************************

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

About nfsen not doing graphics!

Abel Guzmán Sánchez — 2013-04-23T10:07:28

Hello, I'm new to nfsen I've installed fprobe, nfdump and nfsen on a Debian
6 box, every thing seems to be working fine and I tested to run nfcap as
follows:

/bin/nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l
/var/netflow/

And it's able to get the responses from the client side... I've run a
nfdump comand with the -r option with the path to the file and it
shows every thing that was captures...
but nfsen is unable to show any thing on the graphics and I don't know
how to get any proper information about why is it not working, how to
troubleshoot it...
Can you please give me some light on this issue?
Kind Regards and thank you in advanced.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

nfdump-1.6.9 + ASA (8.2) - Packets(%) - Empty(zero) ... ?

Wilkinson, Alex — 2013-04-23T07:45:55

Hi all,

Firstly superb piece of software Peter!

I have two questions:

Question one:
~~~~~~~~~~~~~

I am successfully using nfdump-1.6.9/nfsen-1.3.6p1 on FreeBSD 9.1-STABLE to
monitor ASAs running Version 8.2(5)33. Things seem to work well, except for the fact
that "Packets(%)", "pps" and "bpp" are all zero and never increment e.g

  Top 10 IP Addr ordered by packets:
  Date first seen          Duration Proto           IP Addr    Flows(%)     Packets(%)       Bytes(%)         pps      bps   bpp
  2013-04-23 17:08:53.859   191.039 any       x.x.x.x       11( 0.0)        0( 0.0)    73797( 0.0)        0     3090     0
  2013-04-23 17:04:23.717    71.253 any       x.x.x.x        7( 0.0)        0( 0.0)    33930( 0.0)        0     3809     0
  2013-04-23 17:04:58.374   195.439 any       x.x.x.x        9( 0.0)        0( 0.0)   906003( 0.1)        0    37085     0
  2013-04-23 17:18:13.639   313.166 any       x.x.x.x       15( 0.1)        0( 0.0)   528703( 0.1)        0    13506     0
  2013-04-23 17:13:18.240    29.137 any       x.x.x.x        2( 0.0)        0( 0.0)      287( 0.0)        0       78     0
  2013-04-23 17:11:57.899     0.000 any       x.x.x.x        1( 0.0)        0( 0.0)      203( 0.0)        0        0     0
  2013-04-23 17:12:04.468   233.405 any       x.x.x.x       14( 0.1)        0( 0.0)   531998( 0.1)        0    18234     0
  2013-04-23 17:12:34.695    62.923 any       x.x.x.x        3( 0.0)        0( 0.0)   131622( 0.0)        0    16734     0
  2013-04-23 17:05:26.531   246.503 any       x.x.x.x       21( 0.1)        0( 0.0)     4735( 0.0)        0      153     0
  2013-04-23 17:08:34.931    64.883 any       x.x.x.x        4( 0.0)        0( 0.0)    56680( 0.0)        0     6988     0

I was under the impression that the NSEL fork is no longer needed since it has been merged into nfdump-1.6.9 ?
(The reason I ask this is because I have seen in the archives others with same problem and the solution was the NSEL fork).

So can anyone suggest how I can troubleshoot the aforementioned issue ?

Question two:
~~~~~~~~~~~~~

Apparently Cisco wrote and released a plugin called "NSELTracker", however, I cannot see it here: http://sourceforge.net/apps/trac/nfsen-plugins/.

Is the "NSELTracker" plugin still relevant ? If yes, can someone tell me where to get it from ?

Regards

  -Alex


************** IMPORTANT MESSAGE *****************************       
This e-mail message is intended only for the addressee(s) and contains information which may be
confidential. 
If you are not the intended recipient please advise the sender by return email, do not use or
disclose the contents, and delete the message and any attachments from your system. Unless
specifically indicated, this email does not constitute formal advice or commitment by the sender
or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. 
We can be contacted through our web site: commbank.com.au. 
If you no longer wish to receive commercial electronic messages from us, please reply to this
e-mail by typing Unsubscribe in the subject line. 
**************************************************************




------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

nfsen

Dp Singh — 2013-04-22T12:11:16

hi,

I am new to nfsen, i am trying install nfsen as user manual in online.

while i am at this stage

nfdump tools installation error: 'nfcapd' not found in '/usr/local/bin' at
./install.pl line 197, <STDIN> line 1.

kindly advice.

Thanks & Regards
Devendra Prasad
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

reading from socket

Matt Zagrabelny — 2013-04-17T19:58:22

Hi all,

I am still having the issue of the web application having trouble
reading from the socket for the first time. Successive reads don't
have the issue. Here are the debug logs (when setting $DEBUG=1) for
the php file:

nfsend STATUS 'OK Timeout reading from socket! at
/usr/share/nfsen/lib/Nfcomm.pm line 1129, <STDIN> line 15.'
Tab: Set tab to 0: Home
Subtab: Set tab to 0: Flows
nfsend INTERNAL '.debug=1'
nfsend COMMAND 'get-profile' binary: 0
nfsend 1st write() failed: reason: Broken pipe

I see the "Broken pipe" message, but I don't know if that is a result
of the timeout or the cause of the timeout.

Any help would be much appreciated.

Thanks,

-mz

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

Re-eposrting flow data

Tore Anderson — 2013-04-17T10:26:03

Hi,

I have a customer who would like access to his own flow data. I can't
give him access to *all* my flow data, but I was wondering if is somehow
possible to have nfcapd apply a filter that matches his network ranges,
and then re-export the matching flows to the customer's  collector?

Or any other way to accomplish this in a nice way? One of the use-cases
is to quickly determine what's going on during DoS attacks, so it has to
be (near-)realtime.

Tore


------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

Plugin backend: persistent variables between runs

Luuk Hendriks — 2013-04-16T08:24:27

Hello all,

Regarding the backend of an NfSen plugin:
Is there a way to implement variables that are persistent between runs? Right now I use the Storable module to write the content of a variable to disk at the end of a run, and read it again from disk in the next run.

Furthermore it seems that variables set in the Init routine are available in runs, but alterations to their content are lost in the next run: the value is the next run will be like it was after Init. Is this correct? Are variables set in the Init routine only to be used in a 'constant'-like way?


Thanks in advance,

Luuk Hendriks
University of Twente, the Netherlands

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

session problems?

Matt Zagrabelny — 2013-04-15T21:14:47

Greetings,

I've come across three warnings/errors in the web UI. The first
"Frontend - Backend version missmatch!" is fixed via the following
patch:

http://sourceforge.net/mailarchive/forum.php?thread_name=CC36D0621A8F654D988D6C3542FF6ADC0434FC356C%40EXCHANGE2.grove.ad.uconn.edu&forum_name=nfsen-discuss

I still have two more - they only show when my browser if first
loaded. If I refresh the page, or if the meta-refresh of the page
occurs, the error and warning go away. Here they are:

ERROR: nfsend socket_write() communication error: Broken pipe!
WARNING: Fall back to profile live!

Am I suffering a similar "session" problem with these second two messages?

Thanks for any hints.

-mz

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

nfsen + two different nfcapd

dzr — 2013-04-10T11:49:20

hello.

i have the nfsen 1.3.6p1 from freebsd ports.

how to set up nfsen for two different nfcapd binaries
* first nfcapd patched for 'smartedge redback' and his location at
/usr/local/bin/nfcapd
* second bin nfcapd patched for 'cisco asa' and located at
/usr/local/nfdump-nsel/bin/nfcapd

how to make them work on the same nfsen? its possible?

thanx and big hugs!
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

memory problem

Mitja Podlogar — 2013-04-10T11:00:01

I installed Nfsen 1.3.6p1 and nfdump 1.6.9 on FreeBSD 9.1. I'm using these
plugins: SURFmap, PortTracker, Botnets (with Events) and nfsight.

Everything was working great for more then a month. Today I noticed strange
behavior of process "nfsend-comm" which started using 2 CPU and entire RAM
+ entire SWAP. At that time nothing really special was done except watching
graphs.

I tried restarting nfsen service and it was working for a minute and then
again nfsend-comm starts using RAM and CPU.

Yesterday I added plugin PortTracker and upgraded nfdump from 1.6.8 to
1.6.9. I don't really know if it has anything to do with this problem since
everything was working fine for 24 hours.

I tried and disabled PortTracker but it didn't help.

If logs are needed I can provide them but I didn't see anything interesting
in messages and nfsen log.

I would be very grateful if anyone could tell me how to proceed with
debugging this or if anyone already had this problem and knows a solution.

Thank you in advance.
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

dynamic average values based on the average for thetime of day

James Mcloughlin — 2013-04-08T15:16:19

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Apologies if this has already been discussed.

Within the Alerts section of NFSEN, you can configure alerting based
on average values.
Rather than the mean average, I think that it would be useful to have:
 "average for this time of the day".

This way I can build a traffic profile with upper and lower
thresholds, and have alerting trigger if the traffic profile goes
outside of the threshold.

Has anyone done anything like this with NFSEN?

Rgds

- -- 
Jamie Mcloughlin+44 1235 822 383PGP: FF7746C1
JANET CSIRT0870 850 2340(+44 1235 822 340)
Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFi30MACgkQk+nTdv93RsH0CQCdGMhKNpUlxAcS9XwOpftmSu2E
h9cAoOvpUajBLRYhDksS7LJRB9LHJdlN
=6S16
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html

greetings!

JS — 2013-04-08T14:14:51

http://www.khorshidweb.com/includes/newsphoto.php?fjptvmsfw712znas









































































































--------
I was called a sex thimble. -- Dudley Moore------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Question about profile creation

Borja Marcos — 2013-04-08T07:44:17

Hello,

I've been using nfsen for some time, and lately I have noticed a problem: when I create a new profile that includes historical (but still available) data,
graphs are correctly generated but not populated until the profile begins to collect data after the creation. 

Is there  any difference in behavior between nfprofile (which, I understand, creates the new rrd files) executed from the PHP front-end and being executed
by the main nfsen process?

My nfsen is installed on FreeBSD 9.1-RELEASE, the web server is nginx 1.2.6, PHP version is 5.4.10, rrd 1.4.7.

Runnning the latest version of nfdump (1.6.9) and nfsen (1.3.6p1).

I've been wondering about a permissions problem. Most of the files in the 'live' profile are owned by netflow:www and have 664 permissions, but the story is different for the files living under profiles-data/PROFILE/SOURCE, where I see the permissions:

-rw-r--r--  1 netflow  www  107 Apr  8 07:36 .nfstat
drwxr-xr-x  5 netflow  www    5 Apr  1 00:05 2013/
-rw-r--r--  1 netflow  www  276 Apr  8 07:40 nfcapd.current

2013:
drwxr-xr-x  20 netflow  www  20 Mar 31 00:12 02/
drwxr-xr-x  33 netflow  www  33 Mar 31 00:05 03/
drwxr-xr-x  10 netflow  www  10 Apr  8 00:05 04/

04:
total 43
drwxr-xr-x  2 netflow  www  290 Apr  2 00:00 01/
drwxr-xr-x  2 netflow  www  290 Apr  3 00:00 02/
drwxr-xr-x  2 netflow  www  290 Apr  4 00:00 03/
drwxr-xr-x  2 netflow  www  290 Apr  5 00:00 04/
drwxr-xr-x  2 netflow  www  290 Apr  6 00:00 05/
drwxr-xr-x  2 netflow  www  290 Apr  7 00:00 06/
drwxr-xr-x  2 netflow  www  290 Apr  8 00:00 07/
drwxr-xr-x  2 netflow  www   94 Apr  8 07:40 08/

08:
-rw-r--r--  1 netflow  www  268700 Apr  8 00:05 nfcapd.201304080000
-rw-r--r--  1 netflow  www  278444 Apr  8 00:10 nfcapd.201304080005
-rw-r--r--  1 netflow  www  272648 Apr  8 00:15 nfcapd.201304080010
-rw-r--r--  1 netflow  www  268448 Apr  8 00:20 nfcapd.201304080015
-rw-r--r--  1 netflow  www  269792 Apr  8 00:25 nfcapd.201304080020
-rw-r--r--  1 netflow  www  259376 Apr  8 00:30 nfcapd.201304080025
....


Any hints? I've checked if nfprofile is linked against the right libraries and indeed it is. 

My nfsen is installed in the default location of /usr/local/var/nfsen/ and the front-end is at /var/www/



Thanks,




Borja.




------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html

nfsen new install - my first time...

Aaron — 2013-04-05T21:17:24

I think I might be close but still not able to see any nice web pages yet. 

 

When I open up a firefox browser on my nfsen centos machine and go to.
http://127.0.0.1/nfsen/nfsen.php  .I see 3 red lines with the following
message.

 

---------------------------------------------------------------------------

Frontend - Backend version missmatch!

 

ERROR: nfsend connect() error: Permission denied!

ERROR: nfsend - connection failed!!

ERROR: Can not initialize globals!

---------------------------------------------------------------------------

 

 

.any idea what is causing this ?

 

Aaron

 

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f< at >public.gmane.org
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

whois shortcircuit

James Mcloughlin — 2013-04-02T10:39:52

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apologies if this has already been covered elsewhere.

We have a custom whois server that outputs data specific to our
constituency.

using nfsen-1.3.6p1, is it possible to short circuit the lookup and
send it to a pre-defined whois server, rather than the relevant
RIPE/ARIN/APNIC/etc whois servers?



- -- 
Jamie Mcloughlin+44 1235 822 383PGP: FF7746C1
JANET CSIRT0870 850 2340(+44 1235 822 340)
Lumen House, Library Avenue, Didcot, Oxfordshire, OX11 0SG
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFatXgACgkQk+nTdv93RsEB4ACg5Nu1bZEFOPaVYulQBY5TG3ls
aHoAoLkontVxRylqVDfT1swzxULC/Y1k
=zzRE
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2