Cacti Flowview - no data in files

General discussion about Plugins for Cacti

Moderators: Moderators, Developers

Post Reply
Author
Message
tollair
Posts: 8
Joined: Wed Nov 13, 2013 1:44 am

Cacti Flowview - no data in files

#1 Post by tollair » Tue Nov 19, 2013 11:31 pm

Hi all, I have configured flow viewer for cacti 8.8b, I think I have it configured correctly.
I can see the files getting generated in my flow directory.

-rw-r--r-- 1 root root 92 Nov 20 11:58 ft-v05.2013-11-20.115721+0800
-rw-r--r-- 1 root root 92 Nov 20 11:59 ft-v05.2013-11-20.115801+0800
-rw-r--r-- 1 root root 92 Nov 20 12:00 ft-v05.2013-11-20.115901+0800

But they are all empty. All showing 92 bytes.

[[email protected] 2013-11-20]# flow-print < ft-v05.2013-11-20.115721+0800
srcIP dstIP prot srcPort dstPort octets packets

I have done a tcpdump and I can see the packets coming through from my cisco switch.

Any ideas here?

User avatar
DreamHunter
Posts: 21
Joined: Tue Oct 08, 2013 4:04 am

Re: Cacti Flowview - no data in files

#2 Post by DreamHunter » Sun Nov 24, 2013 11:55 pm

tollair wrote:Hi all, I have configured flow viewer for cacti 8.8b, I think I have it configured correctly.
I can see the files getting generated in my flow directory.

-rw-r--r-- 1 root root 92 Nov 20 11:58 ft-v05.2013-11-20.115721+0800
-rw-r--r-- 1 root root 92 Nov 20 11:59 ft-v05.2013-11-20.115801+0800
-rw-r--r-- 1 root root 92 Nov 20 12:00 ft-v05.2013-11-20.115901+0800

But they are all empty. All showing 92 bytes.

[[email protected] 2013-11-20]# flow-print < ft-v05.2013-11-20.115721+0800
srcIP dstIP prot srcPort dstPort octets packets

I have done a tcpdump and I can see the packets coming through from my cisco switch.

Any ideas here?
1) Show your cisco config?..

Code: Select all

#sh run | in flow
???
2) What is your collector? Flow-tools support v1 and v5 of netflow protocol. In case of using Switch, it can be incompatible.

tollair
Posts: 8
Joined: Wed Nov 13, 2013 1:44 am

Re: Cacti Flowview - no data in files

#3 Post by tollair » Mon Nov 25, 2013 1:00 am

Heres all the info.

** Cisco 6509 settings **

interface TenGigabitEthernet5/1
ip flow ingress
ip flow egress
ip route-cache flow

ip flow-export source TenGigabitEthernet5/1
ip flow-export version 5
ip flow-export destination 172.23.9.90 2055

** TCPDUMP **

tcpdump -i eth3 port 2055

13:33:32.757283 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1464
13:33:35.756786 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1464
13:33:37.758526 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1464
13:33:48.756892 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1128


** FLOW TOOLS **

NOTE: Starting Flow Tools
NOTE: Launching flow-capture as '/usr/bin/flow-capture -w /var/netflow/PTC-South 0/0/2055 -S5 -V5 -z 0 -n 1439 -e 2880 -N -1'

User avatar
DreamHunter
Posts: 21
Joined: Tue Oct 08, 2013 4:04 am

Re: Cacti Flowview - no data in files

#4 Post by DreamHunter » Mon Nov 25, 2013 1:14 am

tollair wrote:Heres all the info.

** Cisco 6509 settings **

interface TenGigabitEthernet5/1
ip flow ingress
ip flow egress
ip route-cache flow

ip flow-export source TenGigabitEthernet5/1
ip flow-export version 5
ip flow-export destination 172.23.9.90 2055

** TCPDUMP **

tcpdump -i eth3 port 2055

13:33:32.757283 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1464
13:33:35.756786 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1464
13:33:37.758526 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1464
13:33:48.756892 IP 192.168.12.2.52276 > 172.23.9.90.iop: UDP, length 1128


** FLOW TOOLS **

NOTE: Starting Flow Tools
NOTE: Launching flow-capture as '/usr/bin/flow-capture -w /var/netflow/PTC-South 0/0/2055 -S5 -V5 -z 0 -n 1439 -e 2880 -N -1'
1) my mistake about versions:

Code: Select all

man  flow-capture
....
-V pdu_version
          Use pdu_version format output.

    1    NetFlow version 1 (No sequence numbers, AS, or mask)
    5    NetFlow version 5
    6    NetFlow version 6 (5+ Encapsulation size)
    7    NetFlow version 7 (Catalyst switches)
    8.1  NetFlow AS Aggregation
    8.2  NetFlow Proto Port Aggregation
    8.3  NetFlow Source Prefix Aggregation
    8.4  NetFlow Destination Prefix Aggregation
    8.5  NetFlow Prefix Aggregation
    8.6  NetFlow Destination (Catalyst switches)
    8.7  NetFlow Source Destination (Catalyst switches)
    8.8  NetFlow Full Flow (Catalyst switches)
    8.9  NetFlow ToS AS Aggregation
    8.10 NetFlow ToS Proto Port Aggregation
    8.11 NetFlow ToS Source Prefix Aggregation
    8.12 NetFlow ToS Destination Prefix Aggregation
    8.13 NetFlow ToS Prefix Aggregation
    8.14 NetFlow ToS Prefix Port Aggregation
    1005 Flow-Tools tagged version 5
....
2) is this file exactly empty? zero bytes in files?

tollair
Posts: 8
Joined: Wed Nov 13, 2013 1:44 am

Re: Cacti Flowview - no data in files

#5 Post by tollair » Mon Nov 25, 2013 1:44 am

Hi, yep they are all empty.
All showing 92 bytes.

[[email protected] 2013-11-20]# flow-print < ft-v05.2013-11-20.115721+0800
srcIP dstIP prot srcPort dstPort octets packet

Nothing showing.

ls -l

-rw-r--r-- 1 root root 92 Nov 25 13:59 ft-v05.2013-11-25.135802+0800
-rw-r--r-- 1 root root 92 Nov 25 14:00 ft-v05.2013-11-25.135901+0800
-rw-r--r-- 1 root root 92 Nov 25 14:01 ft-v05.2013-11-25.140001+0800
-rw-r--r-- 1 root root 92 Nov 25 14:02 ft-v05.2013-11-25.140101+0800
-rw-r--r-- 1 root root 92 Nov 25 14:03 ft-v05.2013-11-25.140201+0800

tollair
Posts: 8
Joined: Wed Nov 13, 2013 1:44 am

Re: Cacti Flowview - no data in files

#6 Post by tollair » Mon Nov 25, 2013 1:59 am

Have a look at this command. Seems to be a common problem, any chance this might be the cause of the issue?

[[email protected] 2013-11-25]# flow-receive 0/0/2055 | flow-print

flow-receive: setsockopt(size=4194304)
flow-receive: bind(): Address already in use
flow-print: ftiheader_read(): Warning, short read while loading header top.
flow-print: ftiheader_read(): failed
flow-print: ftio_init(): failed

User avatar
DreamHunter
Posts: 21
Joined: Tue Oct 08, 2013 4:04 am

Re: Cacti Flowview - no data in files

#7 Post by DreamHunter » Mon Nov 25, 2013 2:10 am

tollair wrote:Have a look at this command. Seems to be a common problem, any chance this might be the cause of the issue?

[[email protected] 2013-11-25]# flow-receive 0/0/2055 | flow-print

flow-receive: setsockopt(size=4194304)
flow-receive: bind(): Address already in use
flow-print: ftiheader_read(): Warning, short read while loading header top.
flow-print: ftiheader_read(): failed
flow-print: ftio_init(): failed
You need to shutdown flow-capture first. Port in use.

tollair
Posts: 8
Joined: Wed Nov 13, 2013 1:44 am

Re: Cacti Flowview - no data in files

#8 Post by tollair » Mon Nov 25, 2013 2:17 am

I stop and started and still getting this.

[[email protected] 2013-11-25]# flow-capture 0/0/2055 | flow-print
flow-capture: Specify workdir with -w.
flow-print: ftiheader_read(): Warning, short read while loading header top.
flow-print: ftiheader_read(): failed
flow-print: ftio_init(): failed

User avatar
DreamHunter
Posts: 21
Joined: Tue Oct 08, 2013 4:04 am

Re: Cacti Flowview - no data in files

#9 Post by DreamHunter » Mon Nov 25, 2013 3:56 am

tollair wrote:I stop and started and still getting this.

[[email protected] 2013-11-25]# flow-capture 0/0/2055 | flow-print
flow-capture: Specify workdir with -w.
flow-print: ftiheader_read(): Warning, short read while loading header top.
flow-print: ftiheader_read(): failed
flow-print: ftio_init(): failed
there is obviously another error message. You need to point on workdir by using -w parameter. Also in previous message you entered another command - flow-recieve

Post Reply