<br><font size=2 face="sans-serif">So I'm thinking the exported packets
are all empty. They arrive every 26 seconds and are exactly 72 bytes long.</font>
<br>
<br><font size=2 face="sans-serif">Probably my switch configuration ...<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Joe Loiacono/CIV/CSC@CSC</b>
</font>
<br><font size=1 face="sans-serif">Sent by: flow-tools-bounces@list.splintered.net</font>
<p><font size=1 face="sans-serif">12/27/2007 12:18 PM</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif">flow-tools@list.splintered.net</font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">[Flow-tools] flow-capture runs but does
not create files</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2 face="sans-serif"><br>
I've started flow-capture and found it to be listening on the specified
port. The following messages look good:</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
>From /var/log/messages:</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
Dec 27 11:59:12 localhost flow-capture[8894]: setsockopt(size=4194304)</font><font size=3>
<br>
</font><font size=2 face="sans-serif"><br>
[root@localhost Lab_RightRack_6509]$ netstat -an | grep 4003</font><font size=3>
</font><font size=2 face="sans-serif"><br>
udp 0 0 0.0.0.0:4003
0.0.0.0:*</font><font size=3>
<br>
</font><font size=2 face="sans-serif"><br>
I am exporting version 5 packet from a 6509 and have verified via tcpdump
that packets are arriving at the collector. I've given the target directory
full 0777 permissions.</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
But flow-capture is not writing any directories (e.g., 2007/2007-12/2007-12-27)
or any data files.</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
Any ideas?</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
Thanks,</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
Joe</font><font size=3> <br>
</font><font size=2 face="sans-serif"><br>
flow-tools version 0.68.3</font><font size=3> </font><font size=2 face="sans-serif"><br>
Red Hat: Linux localhost.localdomain 2.6.9-67.0.1.ELsmp #1 SMP Fri Nov
30 11:51:05 EST 2007 i686 i686 i386 GNU/Linux</font><font size=2><tt>_______________________________________________<br>
Flow-tools mailing list<br>
flow-tools@splintered.net<br>
http://mailman.splintered.net/mailman/listinfo/flow-tools</tt></font>
<br>