Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Netflow in PandoraFMS - No data found
#7
(05-28-2019, 02:46 PM)srichards Wrote:
(05-28-2019, 02:24 PM)eduardo.corral Wrote:
(05-28-2019, 12:34 PM)srichards Wrote: Hi Eduardo,

I rebuilt the server with latest and it's now running Pandora FMS v7.0NG.734 - Build PC190429 - MR 27

Still the same problem, lots of big files in /var/spool/pandora/data_in/netflow but i cannot see an data in Pandora Console.

Greetings, srichards

Please do try to disable (with KILL command) nfcapd process and restart Pandora FMS server to start again nfcapd with the right parameters. 

Let us know how this works. 

Kind regards, 

Eduardo.

Thanks,

I tried this but still no data in Pandora although i notice the Date is 1970 ?!?!

[[email protected] ~]# nfdump -R /var/spool/pandora/data_in/netflow/
Date first seen          Event  XEvent Proto      Src IP Addr:Port          Dst IP Addr:Port     X-Src IP Addr:Port        X-Dst IP Addr:Port   In Byte Out Byte
1970-01-01 01:00:00.000 INVALID  Ignore TCP      x.x.x.x:55260 ->      x.x.x.x:443            0.0.0.0:0     ->          0.0.0.0:0          114        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP       x.x.x.x:52010 ->     x.x.x.x:80             0.0.0.0:0     ->          0.0.0.0:0         1535        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP      x.x.x.x:52009 ->     x.x.x.x:80             0.0.0.0:0     ->          0.0.0.0:0         1459        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP        x.x.x.x:443   ->     x.x.x.x:42499          0.0.0.0:0     ->          0.0.0.0:0           52        0

Hello srichards,

I am not so sure if it is the sender who send the netflow traffic with the timestamp of its machine or it is the nfcapd who insert the reception date in the packet. It is more matter of behavior of nfcapd daemon than Pandora itself.

Here you can find the documentation of nfdump and nfcapd: http://nfdump.sourceforge.net/

I'd said is the sender who send the netflow packets with the timestamp. Please, configure the date in sender devices and in Pandora server so that the netflow packets had the correct date.

Regards.
 Reply
Messages In This Thread
RE: Netflow in PandoraFMS - No data found - by jose.almendros - 05-30-2019, 10:22 AM


Users browsing this thread: 2 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes