Welcome to Pandora FMS Community!

Find answers, ask questions, and connect with our community around the world.

  • Posted by Luca on noviembre 30, 2023 at 12:27

    Hello team,

    Where are the netflow logs stored? Can anyone point me to the log file?

    My problem is that from the command line I can see netflow streams entering correctly but via GUI no results are shown.


    Luca replied 10 months ago 2 Members · 6 Replies
  • 6 Replies
  • Sergio

    noviembre 30, 2023 at 12:50
    1205 Karma points
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Drop it

    Hello Luca,

    There are no netflow logs to review.

    Netflow in PandoraFMS startsup the nfcapd process which will store the information it collects inside /var/spool/pandora/data_in/netflow

    If you have any information inside that folder you should be able to see it in PanodraFMS.

    Verify that you have nfcapd running with a ps aux command and make sure you have data stored inside the netflow folder.

    Kind regards,

    Sergio B.

  • Luca

    noviembre 30, 2023 at 12:59
    429 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Drop it

    Hi Sergio,

    nfcapd daemon is running.

    [xxxx@xxxxx util]# ps -ef | grep nfcapd
    root 2345 1 0 Nov27 ? 00:03:06 /usr/bin/nfcapd -D -T all -w -t 3600 -P /var/run/pandora_nfcapd.pid -l /data/netflow

    Folder where store netflow data is /data/netflow and is populated.

    Also if i run nfdump -R /data/netflow i see the flows correctly but via GUI not.

    Any suggestion?

    Thanks in advance


  • Sergio

    noviembre 30, 2023 at 15:39
    1205 Karma points
    Community rank: tentacle_master_icon Tentacle Master
    Like it
    Drop it

    Hello Luca,

    Can you please share an screenshot of your netflow folder contents in order to see the permissions you have in the files and the files size?

    Thanks in advance.

    Kind regards,

    Sergio B.

    • Luca

      noviembre 30, 2023 at 16:32
      429 Karma points
      Community rank: tentacle-noob-1 Tentacle noob
      Like it
      Drop it

      Hello Sergio,

      -rw-r—– 1 root apache 336326212 Nov 30 09:00 nfcapd.202311300800
      -rw-r—– 1 root apache 404077696 Nov 30 10:00 nfcapd.202311300900
      -rw-r—– 1 root apache 417703324 Nov 30 11:00 nfcapd.202311301000
      -rw-r—– 1 root apache 433702144 Nov 30 12:00 nfcapd.202311301100
      -rw-r—– 1 root apache 417862588 Nov 30 13:00 nfcapd.202311301200
      -rw-r—– 1 root apache 358700380 Nov 30 14:00 nfcapd.202311301300
      -rw-r—– 1 root apache 389623396 Nov 30 15:00 nfcapd.202311301400
      -rw-r—– 1 root apache 415244116 Nov 30 16:00 nfcapd.202311301500
      -rw-r—– 1 root apache 13631780 Nov 27 16:11 nfcapd.current.1098506
      -rw-r—– 1 root apache 32509952 Nov 27 16:16 nfcapd.current.1117656
      -rw-r—– 1 root apache 1048816 Nov 27 16:39 nfcapd.current.124823
      -rw-r—– 1 root apache 27263288 Nov 27 16:44 nfcapd.current.129925
      -rw-r—– 1 root apache 2097420 Nov 27 16:45 nfcapd.current.174126
      -rw-r—– 1 root apache 29360540 Nov 27 16:28 nfcapd.current.21466
      -rw-r—– 1 root apache 276 Nov 27 16:00 nfcapd.current.2233
      -rw-r—– 1 root apache 12583196 Nov 27 16:24 nfcapd.current.2297
      -rw-r—– 1 root apache 222300080 Nov 30 16:31 nfcapd.current.2343
      -rw-r—– 1 root apache 154142120 Nov 20 18:28 nfcapd.current.5565
      -rw-r—– 1 root apache 276 Nov 27 16:29 nfcapd.current.65346
      -rw-r—– 1 root apache 13631696 Nov 27 16:33 nfcapd.current.67757
      -rw-r—– 1 root apache 2097400 Nov 27 16:34 nfcapd.current.90836
      -rw-r—– 1 root apache 17826032 Nov 27 16:38 nfcapd.current.96658
      -rw-r–r– 1 pandora apache 105 Nov 29 17:01 .nfstat


      • Sergio

        noviembre 30, 2023 at 17:05
        1205 Karma points
        Community rank: tentacle_master_icon Tentacle Master
        Like it
        Drop it

        Hello Luca,

        Sizes seem to be ok and permissions too.

        Are you filtering inside the Console with the correct dates that this information was provided?

        Is the Netflow server active and running?

        Kind regards,

        Sergio B.

  • Luca

    noviembre 30, 2023 at 17:13
    429 Karma points
    Community rank: tentacle-noob-1 Tentacle noob
    Like it
    Drop it

    Hi Sergio,

    the filter from GUI is ok. I filter with the correct date.

    How can I verify that the netflow server is active and running?
