[Cflowd] Big Problem with cflowdmux

Tue, 30 Apr 2002 11:43:39 +0200

Hello,

I think i have a serious problem with cflowdmux : it seems to start
good, but there is unfortunately no UDP socket listening .  Maybe
someone had the same problem, it would be great to explain me what's
happens because i'm really lost :

  According to syslog there is :

Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] cflowdmux (version
cflowd-2-1-b1) started.
Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] created 1052672 byte
packet queue shmem segment {CflowdPacketQueue.cc:247}
Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] attached to 1052672 byte
packet queue at 0x4016a000
Apr 30 09:15:46 jbertsch1 cflowdmux[26653]: [I] created semaphore: id
622597
Apr 30 09:17:13 jbertsch1 cflowd[26659]: [I] cflowd (version
cflowd-2-1-b1) started.
Apr 30 09:17:13 jbertsch1 cflowd[26659]: [I] got semaphore: id 622597
Apr 30 09:17:13 jbertsch1 cflowd[26659]: [I] attached to 1052672 byte
packet queue at 0x4016a000

My file cflowd.conf is :

OPTIONS {
   LOGFACILITY:          local6
  TCPCOLLECTPORT:       2222
  PKTBUFSIZE:           2097152
  TABLESOCKFILE:        /usr/local/arts/etc/cflowdtable.socket
  FLOWDIR:              /usr/local/arts/data/cflowd/flows
  FLOWFILELEN:          1000000
  NUMFLOWFILES:         10
  MINLOGMISSED:         1000
}
COLLECTOR {
  HOST:         10.100.20.40    # IP address of central collector
  ADDRESSES:    { 10.100.20.40 }
  AUTH:         none
}
CISCOEXPORTER {
  HOST:         195.202.0.93            #  IP address of Cisco sending
data.
  ADDRESSES:    { 195.202.0.93          #  Addresses of interfaces on
Cisco
                  }                     #   sending data.
  CFDATAPORT:   36401                   #  Port on which to listen for
data.
  SNMPCOMM:     'public'                #  SNMP community name.
                                        #  Local AS of Cisco sending
data.
  COLLECT:{ flows }
}

but netstat -an gives :
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address
State
tcp        0      0 0.0.0.0:1313            0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:515             0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:37              0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:2056            0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:9               0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:32906           0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:13              0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:113             0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:21              0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:5432            0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*
LISTEN
tcp        0      0 10.100.20.40:22         10.100.20.4:40276
ESTABLISHED
tcp        0      0 10.100.20.40:22         10.100.20.4:40277
ESTABLISHED
tcp        0      0 10.100.20.40:22         10.100.20.4:40465
ESTABLISHED
tcp        0      0 10.100.20.40:22         10.100.20.4:40339
ESTABLISHED
udp        0      0 0.0.0.0:32772           0.0.0.0:*
udp        0      0 127.0.0.1:32773         127.0.0.1:32773
ESTABLISHED
udp        0      0 0.0.0.0:9               0.0.0.0:*
udp        0      0 0.0.0.0:965             0.0.0.0:*
 udp        0      0 0.0.0.0:111             0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     63747  @
unix  2      [ ACC ]     STREAM     LISTENING     44250  /dev/printer
unix  2      [ ACC ]     STREAM     LISTENING     23232
/var/run/postgresql/.s.PGSQL.5432
unix  6      [ ]         DGRAM                    144    /dev/log
unix  2      [ ]         DGRAM                    63746
unix  2      [ ]         DGRAM                    62816
unix  2      [ ]         DGRAM                    44249
unix  2      [ ]         DGRAM                    181

jbertsch1:/var/log# lsof -p 26653
COMMAND     PID USER   FD   TYPE     DEVICE    SIZE    NODE NAME
cflowdmux 26653 root  cwd    DIR        3,3    4096 2284801
/home/jbertsch/cflowd/usr/local/arts/sbin
cflowdmux 26653 root  rtd    DIR        3,2    4096       2 /
cflowdmux 26653 root  txt    REG        3,3  487792 2284802
/home/jbertsch/cflowd/usr/local/arts/sbin/cflowdmux
cflowdmux 26653 root  mem    REG        3,2   90210  179185
/lib/ld-2.2.5.so
cflowdmux 26653 root  mem    REG        3,2   69472  179209
/lib/libnsl-2.2.5.so
cflowdmux 26653 root  mem    REG        3,2  130088  179208
/lib/libm-2.2.5.so
cflowdmux 26653 root  mem    REG        3,2 1153816  179192
/lib/libc-2.2.5.so
cflowdmux 26653 root  mem    DEL        0,5          262145
/SYSVffffffff
cflowdmux 26653 root    0u   CHR      136,3               5 /dev/pts/3
cflowdmux 26653 root    1u   CHR      136,3               5 /dev/pts/3
cflowdmux 26653 root    2u   CHR      136,3               5 /dev/pts/3
cflowdmux 26653 root    3u  unix 0xc68ebcc0           62816 socket

I think cflowdmux does not care about my file cflowd.conf, maybe the
problem comes because of that ??