NetFlow log

[Sergio]

Like it

Up

0

Down

Drop it

::

Hello Luca,

There are no netflow logs to review.

Netflow in PandoraFMS startsup the nfcapd process which will store the information it collects inside /var/spool/pandora/data_in/netflow

If you have any information inside that folder you should be able to see it in PanodraFMS.

Verify that you have nfcapd running with a ps aux command and make sure you have data stored inside the netflow folder.

Kind regards,

Sergio B.

[Luca]

Like it

Up

0

Down

Drop it

::

Hi Sergio,

nfcapd daemon is running.

[xxxx@xxxxx util]# ps -ef | grep nfcapd
root 2345 1 0 Nov27 ? 00:03:06 /usr/bin/nfcapd -D -T all -w -t 3600 -P /var/run/pandora_nfcapd.pid -l /data/netflow

Folder where store netflow data is /data/netflow and is populated.

Also if i run nfdump -R /data/netflow i see the flows correctly but via GUI not.

Any suggestion?

Thanks in advance

BR

[Sergio]

Like it

Up

0

Down

Drop it

::

Hello Luca,

Can you please share an screenshot of your netflow folder contents in order to see the permissions you have in the files and the files size?

Thanks in advance.

Kind regards,

Sergio B.

[Luca]

Like it

Up

0

Down

Drop it

::

Hello Sergio,

-rw-r—– 1 root apache 336326212 Nov 30 09:00 nfcapd.202311300800
-rw-r—– 1 root apache 404077696 Nov 30 10:00 nfcapd.202311300900
-rw-r—– 1 root apache 417703324 Nov 30 11:00 nfcapd.202311301000
-rw-r—– 1 root apache 433702144 Nov 30 12:00 nfcapd.202311301100
-rw-r—– 1 root apache 417862588 Nov 30 13:00 nfcapd.202311301200
-rw-r—– 1 root apache 358700380 Nov 30 14:00 nfcapd.202311301300
-rw-r—– 1 root apache 389623396 Nov 30 15:00 nfcapd.202311301400
-rw-r—– 1 root apache 415244116 Nov 30 16:00 nfcapd.202311301500
-rw-r—– 1 root apache 13631780 Nov 27 16:11 nfcapd.current.1098506
-rw-r—– 1 root apache 32509952 Nov 27 16:16 nfcapd.current.1117656
-rw-r—– 1 root apache 1048816 Nov 27 16:39 nfcapd.current.124823
-rw-r—– 1 root apache 27263288 Nov 27 16:44 nfcapd.current.129925
-rw-r—– 1 root apache 2097420 Nov 27 16:45 nfcapd.current.174126
-rw-r—– 1 root apache 29360540 Nov 27 16:28 nfcapd.current.21466
-rw-r—– 1 root apache 276 Nov 27 16:00 nfcapd.current.2233
-rw-r—– 1 root apache 12583196 Nov 27 16:24 nfcapd.current.2297
-rw-r—– 1 root apache 222300080 Nov 30 16:31 nfcapd.current.2343
-rw-r—– 1 root apache 154142120 Nov 20 18:28 nfcapd.current.5565
-rw-r—– 1 root apache 276 Nov 27 16:29 nfcapd.current.65346
-rw-r—– 1 root apache 13631696 Nov 27 16:33 nfcapd.current.67757
-rw-r—– 1 root apache 2097400 Nov 27 16:34 nfcapd.current.90836
-rw-r—– 1 root apache 17826032 Nov 27 16:38 nfcapd.current.96658
-rw-r–r– 1 pandora apache 105 Nov 29 17:01 .nfstat

BR

[Sergio]

Like it

Up

0

Down

Drop it

::

Hello Luca,

Sizes seem to be ok and permissions too.

Are you filtering inside the Console with the correct dates that this information was provided?

Is the Netflow server active and running?

Kind regards,

Sergio B.

[Luca]

Like it

Up

0

Down

Drop it

::

Hi Sergio,

the filter from GUI is ok. I filter with the correct date.

How can I verify that the netflow server is active and running?

BR