[Flow-tools] new install
Kirk Olson
kholson at gmail.com
Fri Jan 8 12:49:46 EST 2010
Do the following lines provide any clues:
Jan 8 17:40:46 Monitor02 flow-capture[12371]: ftpdu version not set.
Jan 8 17:40:46 Monitor02 flow-capture[12371]: ftpdu_verify():
src_ip=192.168.222.1 failed.
Kirk
On Fri, Jan 8, 2010 at 11:19 AM, Ed Ravin <eravin at panix.com> wrote:
> On Fri, Jan 08, 2010 at 10:33:07AM -0600, Kirk Olson wrote:
> > flow-capture is running and tcpdump reports incoming udp packets but
> > files are not being written in the directory specified. I am using the
> > following command to start the capture:
> >
> > flow-capture -w /flows/mkflows 0/0/9800 -S5 -n287
>
> Put the "0/0/9800" last on the command line, after all the hyphenated
> options.
>
> Make sure the /flows/mkflows directory exists.
>
> Also, check with tcpdump that the incoming UDP packets are destined for
> port 9800.
>
> Check the syslogs for any errors from flow-capture.
>
> Use "lsof -p <pid-of-flow-capture>" to make sure flow-capture is listening
> to the right UDP port.
>
> If all else fails, use "strace -p <pid-of-flow-capture>" to trace through
> what it's doing or not doing.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20100108/1a59dbdb/attachment.htm
More information about the Flow-tools
mailing list