Flowview : No data in cacti web interface

[stephanetomas]

Hello,

I would like to used flowview pluggin in cacti, but I can not make it work.

1. I have configure "listeners"

2. flow-capture is running

3. I have any files in directory of flowview and Directory setting of cacti is ok

ScreenShot0003.jpg (300.54 KiB) Viewed 3106 times

ScreenShot0003bis.jpg (444.88 KiB) Viewed 3106 times

4. I would like to view statistic but no statistic is displayed (the result is void)

ScreenShot0004.jpg (237.75 KiB) Viewed 3106 times

ScreenShot0005.jpg (143.41 KiB) Viewed 3106 times

5. But in command line, I have a result

ScreenShot0008.jpg (236.66 KiB) Viewed 3106 times

What is the problem ? Can you help me ?

[ibr]

Hello Stephanetomas,

I have the same problem.
I installed flowview plugin 1.1 in my Cacti 0.8.8a.
When I attempt to view a filter on my flowview I do not see anything but system is registering flows.

[root@stats 2013-07-12]# /etc/init.d/flow-capture start
NOTE: Starting Flow Tools
NOTE: Launching flow-capture as '/usr/bin/flow-capture -w /var/flow-tools/nap4 0/0/2056 -S5 -V5 -z 0 -n 1439 -e 2880 -N -1'

Note the flows arriving,

[root@stats 2013-07-12]# tcpdump -i eth0 port 2056
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:33:46.857844 IP nap4loopback1.nap.etecsa.net.52896 > stats.nap.etecsa.net.omnisky: UDP, length 1464
14:33:48.853988 IP nap4loopback1.nap.etecsa.net.52896 > stats.nap.etecsa.net.omnisky: UDP, length 1464
14:33:50.854228 IP nap4loopback1.nap.etecsa.net.52896 > stats.nap.etecsa.net.omnisky: UDP, length 1464
14:33:51.861247 IP nap4loopback1.nap.etecsa.net.52896 > stats.nap.etecsa.net.omnisky: UDP, length 1464

The system is registering flows.

[root@stats ~]# ls -l /var/flow-tools/nap4/2013-07-12/
total 11060
-rw-r--r--. 1 root root 21216 Jul 12 14:13 ft-v05.2013-07-12.141243-0400
-rw-r--r--. 1 root root 78816 Jul 12 14:14 ft-v05.2013-07-12.141301-0400
-rw-r--r--. 1 root root 138336 Jul 12 14:15 ft-v05.2013-07-12.141401-0400
-rw-r--r--. 1 root root 99936 Jul 12 14:16 ft-v05.2013-07-12.141501-0400
-rw-r--r--. 1 root root 130656 Jul 12 14:17 ft-v05.2013-07-12.141601-0400
-rw-r--r--. 1 root root 74976 Jul 12 14:18 ft-v05.2013-07-12.141701-0400


all flows can be printed with "flow-print"

[root@stats ~]# cd /var/flow-tools/nap4/2013-07-12/
[root@stats 2013-07-12]# flow-print < ft-v05.2013-07-12.141243-0400
srcIP dstIP prot srcPort dstPort octets packets
186.9.127.229 200.13.145.195 17 2152 2152 29650 131
200.13.145.195 200.71.247.149 17 2152 2152 6251 33
200.13.145.195 83.224.34.71 17 2152 2152 1431 8
200.13.145.29 145.7.74.188 17 35198 53 90 1
83.224.34.97 200.13.145.195 17 2152 2152 292 1
194.33.25.68 200.13.145.193 17 2123 2123 40 1
200.13.145.193 194.33.25.68 17 2123 2123 42 1
91.135.96.99 200.13.145.193 17 2123 2123 40 1
200.13.145.193 91.135.96.99 17 2123 2123 42 1




But I can not see any data from my cati view.


Also I checked the date. Both cacti and my router have the same time, I am using ntp server.

These are the dates of the cacti and my router. They are synchronized.

NAP4#sh clock
16:06:36.479 EDT Fri Jul 12 2013

[root@stats ~]# date
Fri Jul 12 16:06:37 EDT 2013


I have something else. When I click on the view button I can see the following in my /var/log/httpd/error_log

flow-cat: stat(ft-v05.2013-07-16.124700-0400): Permission denied
flow-cat: load_dir(): failed: Permission denied
flow-cat: ftfile_loaddir(/var/flow-tools/nap4/2013-07-16): failed
flow-nfilter: ftiheader_read(): Warning, short read while loading header top.
flow-nfilter: ftiheader_read(): failed
flow-nfilter: ftio_init(): failed
flow-stat: ftiheader_read(): Warning, short read while loading header top.
flow-stat: ftiheader_read(): failed
flow-stat: ftio_init(): failed
flow-cat: stat(ft-v05.2013-07-16.124700-0400): Permission denied
flow-cat: load_dir(): failed: Permission denied
flow-cat: ftfile_loaddir(/var/flow-tools/nap4/2013-07-16): failed
flow-nfilter: ftiheader_read(): Warning, short read while loading header top.
flow-nfilter: ftiheader_read(): failed
flow-nfilter: ftio_init(): failed
flow-stat: ftiheader_read(): Warning, short read while loading header top.
flow-stat: ftiheader_read(): failed
flow-stat: ftio_init(): failed


What should I do?
I would appreciate if someone can help me,

IBR

[kav1979]

Hi!
I have a similar situation was on RedHat 6.3.
It turned out that SELinux prohibits flow-cat to read the directory with flow:

Code: Select all

# grep flow /var/log/audit/audit.log
type=SYSCALL msg=audit(1404968173.089:3127949): arch=40000003 syscall=195 success=no exit=-13 a0=e7e45b a1=bfdae7a4 a2=a56ff4 a3=e56120 items=0 ppid=19020 pid=19021 auid=501 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=515222 comm="flow-cat" exe="/usr/local/flow-tools/bin/flow-cat" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1404968173.089:3127949): avc:  denied  { getattr } for  pid=19021 comm="flow-cat" path="/var/flow/flow-data/2014/2014-07/2014-07-09/ft-v05.2014-07-09.203544+0400" dev=cciss!c0d0p3 ino=3932431 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file

Decided in such a way:
1. Installed the policycoreutils-python
2. Created file flowcatlocal.te with the policy for the flow-cat:

Code: Select all

module flowcatlocal 1.0;

require {
        type var_t;
        type httpd_t;
        type default_t;
        class file { read getattr open };
        class dir read;
}

allow httpd_t default_t:dir read;
allow httpd_t default_t:file getattr;
allow httpd_t var_t:file open;
allow httpd_t var_t:file { read getattr };

3. Then converted this policy in clear view for selinux and set it:

Code: Select all

# checkmodule -M -m -o flowcatlocal.mod flowcatlocal.te
# semodule_package -o flowcatlocal.pp -m flowcatlocal.mod
# semodule -i flowcatlocal.pp

PS Of course, access to more than necessary, but better than disabling SELinux