[Flow-tools] problem with flow-capture
Benjamin Bach
benjaoming at gmail.com
Tue Oct 2 02:11:02 EDT 2007
On 10/1/07, sarah belkhiria <sarah_bel13 at yahoo.fr> wrote:
>
> hi;
> I hope that someone can help me with capturing version 5
> netflow.
> i installed flow-tools 0.68.1 successfully on SUSE 10.0.
> my command for capturing data is :
> /usr/bin/flow-capture -w /var/log/netflow 0/0/2055 -V 5 - E1G -n 287 -N3
> IT WORKS.
> I SEE THE tmp and ft-v05 files in /var/log/netflow, but when i try to see
> the collected
> data with flow-print; the result is like this :
> Start End Sif SrcIPaddress SrcP DIf
> DstIPaddress DstP
> P Fl Pkts Octets
> without data.(it seems like empty files)
>
> I have run tcpdump using the command line "tcpdump -ni port
> 2055" which shows traffic being received as below:
> 09:27:20.852231 IP 130.199.xxx.xx.50968 >
> 192.168.47.xxx.2055: UDP, length:
> 1416
> 09:27:20.852536 IP 130.199.xxx.xx.50968 >
> 192.168.47.xxx.2055: UDP, length:
> 1416
>
> I run netstat -lnp
> udp 0 flow-capture
>
> In syslog: ...FLOW-TOOLS...setsockopt(size=4194304)
>
It seems that you are in fact receiving flows. But try this command instead:
/usr/bin/flow-receive 0/0/2055 | flow-print
And see what you get. In order to print received flow-files from
flow-capture, remember that you have to use flow-cat to first concatenate
the data and then pipe it to flow-print or similar.
flow-cat /var/log/netflow | flow-print
/ Benjamin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20071002/e2397a47/attachment.htm
More information about the Flow-tools
mailing list