Netflow in PandoraFMS

***eduardo.corral*** · 06-04-2019, 03:46 PM

(06-03-2019, 08:49 AM)srichards Wrote:
(06-03-2019, 08:03 AM)eduardo.corral Wrote:
(05-30-2019, 03:09 PM)srichards Wrote: I'm not sure how to proceed,

I am collecting Netflow data and storing it but cannot see anything in Pandora.

I've tried multiple versions of NFDUMP but always not thing shows up in PandoraConsole

My HTTPD log shows this when i try to search netflow in Pandora:

Quote:[Thu May 30 17:02:32.554151 2019] [mpm_prefork:notice] [pid 4433] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.19 configured -- resuming normal operations
[Thu May 30 17:02:32.554168 2019] [core:notice] [pid 4433] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Of course i can see the files and the path is correct in the Pandora config

Greetings, srichards

Can you please send us the result of executing a grep command of the process to see if its running with the right parameters?

It would be extremely helpful too if you can send us a screenshot of the Netflow configuration screen in your Pandora FMS console.

Kind regards,

Eduardo.

Hi Eduardo,

No problem, please find below:

Best

Simon

Code:
[email protected]:~# sudo /etc/init.d/pandora_server start Pandora FMS Server 7.0NG.734 Build 190429 Copyright (c) 2004-2018 Artica ST This program is OpenSource, licensed under the terms of GPL License version 2. You can download latest versions and documentation at official web page. [*]Backgrounding Pandora FMS Server process. Pandora FMS Server is now running with PID 3829 [email protected]:~# ps aux | grep -i nfcapd root 3848 0.2 0.0 35000 1152 ? S 09:53 0:00 /usr/bin/nfcapd -D -T all -w -t 1500 -P /var/run/pandora_nfcapd.pid -l /var/spool/pandora/data_in/netflow/ root 3887 0.0 0.0 113176 1532 pts/0 Ss 09:53 0:00 bash -c cd "/root" && bash -i -c " ps aux | grep -i nfcapd" root 3898 0.0 0.0 115432 1836 pts/0 S 09:53 0:00 bash -i -c ps aux | grep -i nfcapd root 3912 0.0 0.0 112708 964 pts/0 S+ 09:53 0:00 grep --color=auto -i nfcapd

[*]

Greetings, Simon

As I can see, the configuration is right. There is one thing that escaped our eye the last time we checked your Netflow problem, though. Take a look to the data found in /var/spool/pandora/data_in/netflow/, as you can see the date displayed is 1970/01/01. You need to change that in the server or in the machine that sends the data.

When you try to display Netflow info in the console, the start date is 2019. It can't show any data because the flow you have is dated as of 1970.

Let's see if changing the date fixes your problem.

Kind regards,

Eduardo.