[NFDB-users] Netflowdashboard doesn't write flows to the database.

Filip Palian filip.palian at expro.pl
Tue May 19 06:28:02 EDT 2009 

Hy guys,

I've got problems with writing flows to the database. I tried to debug where the problem may be on my own, but unfortunately
without luck. I decided to ask here for your help guys. Below are some information, which may be usefull.


$ uname -a
OpenBSD netflow.lan 4.5 GENERIC#1749 i386


$ pkg_info
db-4.6.21           Berkeley DB package, revision 4
flowd-0.9.1         NetFlow collector
mod_perl-1.30p6     module that embeds a Perl interpreter into Apache
p5-DBD-Pg-2.11.8    access to PostgreSQL databases through the DBI
p5-DBI-1.607        unified perl interface for database access
p5-Net-Daemon-0.43  extension for portable daemons
p5-PlRPC-0.2018p0   module for writing rpc servers and clients
p5-flowd-0.9.1      Perl API to flowd binary logfiles
postgresql-client-8.3.6 PostgreSQL RDBMS (client)
postgresql-server-8.3.6 PostgreSQL RDBMS (server)


I tried to find out why flows are not written to the database and I used the following trivial patch for this:
$ diff -puN netflowdb.pl netflowdb.pl.new
--- netflowdb.pl        Tue May 19 11:35:41 2009
+++ netflowdb.pl.new    Tue May 19 11:37:39 2009
@@ -38,7 +38,9 @@ my $sth_flow_update = $dbh->prepare($flow_update);

 # Open our NetFlow collector
 start_flowd();
+print "before\n";
 my $flowd = Flowd->new($flowd_socket);
+print "after\n";
 read_flows();
 tidy_up();


Executing patched "netflowdb.pl" results with:
$ sudo /var/www/netflowdashboard/sbin/netflowdb.pl -D
before
^C
/var/www/netflowdashboard/sbin/netflowdb.pl exiting

Can't call method "read_flow" on an undefined value at /var/www/netflowdashboard/sbin/netflowdb.pl line 50.


Script "netflowdb.pl" hangs on line 41 (in the original script):
-- cut --
my $flowd = Flowd->new($flowd_socket);
-- cut --


In the end no flows are stored in the PostgreSQL database:
nfdb=> select count(*) from flows;
 count
-------
     0
(1 row)


Everything else IMO is configured correctly:
$ pfctl -vvss
...
all tcp x.x.x.x:22 <- y.y.y.y:38593       ESTABLISHED:ESTABLISHED
   [1405092619 + 48192] wscale 0  [2543354441 + 17376] wscale 6
   age 03:01:21, expires in 23:55:54, 3673:2320 pkts, 257584:211897 bytes, rule 1, pflow
   id: 4a0a9e7000000177 creatorid: ef9672cf


$ ifconfig pflow0
pflow0: flags=41<UP,RUNNING> mtu 1492
        priority: 0
        pflow: sender: x.x.x.x receiver: x.x.x.x:12345
        groups: pflow


$ netstat -I pflow0
Name    Mtu   Network     Address              Ipkts Ierrs    Opkts Oerrs Colls
pflow0  1492  <Link>                               0     0       32     0     0


$ flowd-reader /var/log/flowd
...
FLOW recv_time 2009-05-18T13:59:27.986918 proto 6 tcpflags 00 tos 00 agent [x.x.x.x] src [y.y.y.y]:46615 dst [x.x.x.x]:80
packets 15 octets 3247
FLOW recv_time 2009-05-18T13:59:27.986918 proto 6 tcpflags 00 tos 00 agent [x.x.x.x] src [x.x.x.x]:80 dst [y.y.y.y]:46615
packets 9 octets 2926


Do you have any ideas what may be messed up? I'm really determinated to run netflowdashboard on my router;-)


Best regards,
-- 
Filip Palian
admin at expro.pl



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
Url : http://www.dixongroup.net/pipermail/nfdb-users/attachments/20090519/d43e4dac/attachment.asc

More information about the nfdb-users mailing list