[HOWTO] Netflow

If you figure out how to do something interesting/cool in Cacti and want to share it with the community, please post your experience here.

Moderators: Developers, Moderators

justinchudgar
Posts: 9
Joined: Thu Oct 19, 2006 7:59 pm
Location: Weed, Siskiyou County, CA, USA
Contact:

Re: Also...

Post by justinchudgar »

caseinpoint wrote:This never worked for me

Code: Select all

apt-get install -t testing flowscan-cuflow 
I'm looking at the standard and unvirse apt lists and I can't find those anywhere.

Where did you get that?
CuFlow is part of the flow-tools package IIRC.
joez
Posts: 34
Joined: Mon Feb 11, 2008 7:03 am

Post by joez »

You are my last hope!! :)

I am running a suse linux 10.3 box and a cisco 3640 router with ios 12.1.

I would like to use flowscan to visualize netflows from the router.

I have EXACTLY followed the howto at http://www.dynamicnetworks.us/netflow. Doublechecked everything three times.

Flow-capture words perfect but I keep getting this damn error message when starting flowscan:

"/var/netflow/ft-v05.2008-04-22.151000+0200: Invalid index in cflowd flow file: 0xCF100103! Version 5 flow-export is required with *all* fields being saved.
2008/04/22 15:15:07 flowscan-1.020 CUFlow: Cflow::find took 0 wallclock secs ( 0.00 usr + 0.00 sys = 0.00 CPU) for 240653 flow file bytes, flow hit ratio: 0/0
2008/04/22 15:15:07 flowscan-1.020 CUFlow: report took 0 wallclock secs ( 0.00 usr 0.00 sys + 0.01 cusr 0.00 csys = 0.01 CPU)"

I have googled around for hours to find possible causes for the problem. All posts refer to cflow-module compiled without proper support for flow-tools. BUT I have exactly followed the howto to make cflow from the contrib Directory of flow-tools. First confiure, make, make install flow-tools and then perl Makefile.PL, make, make install for cflow...

I have tried other flow-tools versions, tried RPM, SRPM, I keep getting this damn error message.

I reconfigured to router with flow source and "peer-as" which I didnt have in the frist place but no change...

How the HELL can I find out what the problem is? Is there any way to test if my cflow module has proper support built in?? Is it possible to test the flow-files somehow to find out why flowscan cant parse them??

I can view them with flow-tools without problem. I have version 5 export, etc...

Please advice!

Kind Regards
elpiako
Cacti User
Posts: 85
Joined: Tue Jul 01, 2008 10:02 am
Location: Lille (FRANCE)

Post by elpiako »

I've succeeded in creating rrds files from netflow files.
Here is my simple configuration of CUFlow.cf :

Subnet 192.168.85.0/24
Network 192.168.168.85.130/32 netflow1
Network 192.168.168.85.131/32 netflow2
Router 192.168.200.100 myrouter

flowscan creates those folder & files :

Folder myrouter with files protocol_multicast.rrd & total.rrd
+ network_netflow1.rrd < seems to be netflow1 trafic
+ network_netflow2.rrd < seems to be netflow2 trafic
+ protocol_multicast.rrd
+ total.rrd < this file seems to be all traffic from netflow files.

I made a test : netflow1 and netflow2 generate some traffic.
When I graph all rrd files in cacti :
- network_netflow1.rrd displays the traffic of netflow1 correctly
- network_netflow2.rrd displays the traffic of netflow2 correctly
- total.rrd displays ALL the traffic (netflow1+netflow2)

But ALL the others display EMPTY graphs.
My question is : what are the other files ??? what does mean "protocol_multicast" ?
Server1
Cacti : 0.8.7h | Architecture : 3.0
autom8 : 0.35 | aggregate : 0.75 | settings : 0.71 | thold : 0.4.7 | weathermap : 0.97a

Server2
Cacti : 0.8.7g | Architecture : 2.8
autom8 : 0.35 | aggregate : 0.75 | settings : 0.7 | thold : 0.4.3 | weathermap : 0.97a | flowview : 0.6
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests