Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Netflow data not appearing in PandoraFMS
#1
Hello

We are running PandoraFMS Community Edition

I have installed the nfdump suite as per instructions https://wiki.pandorafms.com/index.php?ti...en:Netflow
nfcapd: Version: 1.6.8p1 $Date: 2012-11-10 12:40:54 +0100 (Sat, 10 Nov 2012) $

Netflow is configured inside the PandoraFMS console

Data storage path                                          /var/spool/pandora/data_in/netflow
Daemon interval                                            3600
Daemon binary path                                      /usr/local/bin/nfcapd
Nfdump binary path                                       /usr/local/bin/nfdumpd
Nfexpire binary path                                      /usr/local/bin/nfexpire
Maximum chart resolution                               50
Disable custom live view filters                         No
Max. Netflow lifespan                                      5
Enable IP address name resolution                   No


nfcapd is starting when Pandora server service does
root     32026     1  0 Nov02 ?        00:00:56 /usr/local/bin/nfcapd -D -T all -w -t 3600 -P /var/run/pandora_nfcapd.pid -l /var/spool/pandora/data_in/netflow

The server is receiving flows from a router correctly on UDP/9995
[[email protected] ~]# nfdump -R /var/spool/pandora/data_in/netflow/
Date flow start          Duration Proto      Src IP Addr:Port          Dst IP Addr:Port   Packets    Bytes Flows
2018-11-22 16:59:44.082     0.000 TCP     192.168.86.147:51893 ->   114.134.160.71:443          2      250     1
2018-11-22 16:59:44.122     0.000 TCP        52.98.0.146:443   ->    114.134.165.2:54143        2      166     1
2018-11-22 16:59:44.162     0.000 TCP     114.134.160.71:443   ->    114.134.165.2:51893        2       80     1
2018-11-22 16:59:44.162     0.000 TCP      192.168.86.90:54143 ->      52.98.0.146:443          2       80     1
2018-11-22 16:59:44.192     0.000 TCP      52.88.214.249:443   ->    114.134.165.2:62601        3      243     1
2018-11-22 16:59:35.602     8.610 TCP     192.168.86.100:50033 ->    52.25.124.129:443          5      509     1
2018-11-22 16:59:44.232     0.000 TCP      192.168.86.39:33070 ->   172.217.167.74:443          3      180     1
2018-11-22 16:58:36.542    67.700 TCP      192.168.86.67:62601 ->    52.88.214.249:443         23    15642     1
2018-11-22 16:59:44.362     0.000 TCP        52.98.2.194:443   ->    114.134.165.2:52781        2      166     1
2018-11-22 16:59:44.402     0.000 TCP      192.168.86.61:52781 ->      52.98.2.194:443          2       80     1
2018-11-22 16:59:44.452     0.000 TCP      192.168.86.51:51144 ->     13.107.18.11:443          2       82     1
2018-11-22 16:59:44.482     0.000 TCP       13.107.18.11:443   ->    114.134.165.2:51144        2      104     1
2018-11-22 16:59:44.502     0.000 UDP     192.168.86.147:8999  ->     85.245.38.20:57860        2      264     1
2018-11-22 16:59:44.522     0.000 TCP      192.168.86.32:55168 ->    54.206.49.218:8041         3      134     1
2018-11-22 16:59:44.552     0.000 TCP      54.206.49.218:8041  ->    114.134.165.2:55168        3      145     1
2018-11-22 16:59:44.662     0.000 TCP      192.168.86.55:46158 ->    198.61.165.71:443          9     1633     1
2018-11-22 16:59:44.852     0.000 TCP      198.61.165.71:443   ->    114.134.165.2:46158        8      914     1
2018-11-22 16:59:44.942     0.000 TCP     54.213.110.103:443   ->    114.134.165.2:65074        2      324     1
2018-11-22 16:59:44.952     0.000 TCP        52.98.2.194:443   ->    114.134.165.2:51691        2      166     1
2018-11-22 16:59:44.962     0.000 TCP     192.168.86.100:50028 ->    52.25.124.129:443          3      318     1
2018-11-22 16:59:44.992     0.000 TCP      192.168.86.32:51691 ->      52.98.2.194:443          2       80     1
2018-11-22 16:59:45.122     0.000 TCP     40.100.145.162:443   ->    114.134.165.2:55960        2      166     1
2018-11-22 16:59:37.122     8.020 TCP      192.168.86.73:65074 ->   54.213.110.103:443          3      318     1
2018-11-22 16:59:45.162     0.000 TCP      52.25.124.129:443   ->    114.134.165.2:50028        2      324     1
2018-11-22 16:59:45.172     0.000 TCP      192.168.86.43:55960 ->   40.100.145.162:443          2       80     1
2018-11-22 16:59:45.252     0.000 TCP          52.98.0.2:443   ->    114.134.165.2:54769        2      166     1
2018-11-22 16:59:45.272     0.000 TCP      93.92.100.173:443   ->    114.134.165.2:51820        2       80     1
2018-11-22 16:59:45.292     0.000 TCP      192.168.86.43:54769 ->        52.98.0.2:443          2       80     1
2018-11-22 16:59:45.342     0.000 UDP       85.245.38.20:57860 ->    114.134.165.2:8999         2      690     1
2018-11-22 16:59:45.382     0.000 TCP      192.168.86.55:46159 ->    198.61.165.71:443         11     1907     1

And judging by timestamps in /var/spool/pandora/data_in/netflow nfexpire is deleting old caps after 5 days as setup in the configuration


I have had flows hitting the server for approximately 2mths, however no matter what settings/filters I try I get 'No data to show' when attempting to use Netflow Live View inside PandoraFMS.

Can anyone assist?

I have attached the pandora_server.conf file (renamed *.txt) and can provide additional data if requested


Thanks in advance
Jodi


Attached Files


.txt   pandora_server.txt (Size: 19.24 KB / Downloads: 3)
 Reply
#2
(11-27-2018, 02:49 AM)jwthomson Wrote: Hello

We are running PandoraFMS Community Edition

I have installed the nfdump suite as per instructions https://wiki.pandorafms.com/index.php?ti...en:Netflow
nfcapd: Version: 1.6.8p1 $Date: 2012-11-10 12:40:54 +0100 (Sat, 10 Nov 2012) $

Netflow is configured inside the PandoraFMS console

Data storage path                                          /var/spool/pandora/data_in/netflow
Daemon interval                                            3600
Daemon binary path                                      /usr/local/bin/nfcapd
Nfdump binary path                                       /usr/local/bin/nfdumpd
Nfexpire binary path                                      /usr/local/bin/nfexpire
Maximum chart resolution                               50
Disable custom live view filters                         No
Max. Netflow lifespan                                      5
Enable IP address name resolution                   No


nfcapd is starting when Pandora server service does
root     32026     1  0 Nov02 ?        00:00:56 /usr/local/bin/nfcapd -D -T all -w -t 3600 -P /var/run/pandora_nfcapd.pid -l /var/spool/pandora/data_in/netflow

The server is receiving flows from a router correctly on UDP/9995
[[email protected] ~]# nfdump -R /var/spool/pandora/data_in/netflow/
Date flow start          Duration Proto      Src IP Addr:Port          Dst IP Addr:Port   Packets    Bytes Flows
2018-11-22 16:59:44.082     0.000 TCP     192.168.86.147:51893 ->   114.134.160.71:443          2      250     1
2018-11-22 16:59:44.122     0.000 TCP        52.98.0.146:443   ->    114.134.165.2:54143        2      166     1
2018-11-22 16:59:44.162     0.000 TCP     114.134.160.71:443   ->    114.134.165.2:51893        2       80     1
2018-11-22 16:59:44.162     0.000 TCP      192.168.86.90:54143 ->      52.98.0.146:443          2       80     1
2018-11-22 16:59:44.192     0.000 TCP      52.88.214.249:443   ->    114.134.165.2:62601        3      243     1
2018-11-22 16:59:35.602     8.610 TCP     192.168.86.100:50033 ->    52.25.124.129:443          5      509     1
2018-11-22 16:59:44.232     0.000 TCP      192.168.86.39:33070 ->   172.217.167.74:443          3      180     1
2018-11-22 16:58:36.542    67.700 TCP      192.168.86.67:62601 ->    52.88.214.249:443         23    15642     1
2018-11-22 16:59:44.362     0.000 TCP        52.98.2.194:443   ->    114.134.165.2:52781        2      166     1
2018-11-22 16:59:44.402     0.000 TCP      192.168.86.61:52781 ->      52.98.2.194:443          2       80     1
2018-11-22 16:59:44.452     0.000 TCP      192.168.86.51:51144 ->     13.107.18.11:443          2       82     1
2018-11-22 16:59:44.482     0.000 TCP       13.107.18.11:443   ->    114.134.165.2:51144        2      104     1
2018-11-22 16:59:44.502     0.000 UDP     192.168.86.147:8999  ->     85.245.38.20:57860        2      264     1
2018-11-22 16:59:44.522     0.000 TCP      192.168.86.32:55168 ->    54.206.49.218:8041         3      134     1
2018-11-22 16:59:44.552     0.000 TCP      54.206.49.218:8041  ->    114.134.165.2:55168        3      145     1
2018-11-22 16:59:44.662     0.000 TCP      192.168.86.55:46158 ->    198.61.165.71:443          9     1633     1
2018-11-22 16:59:44.852     0.000 TCP      198.61.165.71:443   ->    114.134.165.2:46158        8      914     1
2018-11-22 16:59:44.942     0.000 TCP     54.213.110.103:443   ->    114.134.165.2:65074        2      324     1
2018-11-22 16:59:44.952     0.000 TCP        52.98.2.194:443   ->    114.134.165.2:51691        2      166     1
2018-11-22 16:59:44.962     0.000 TCP     192.168.86.100:50028 ->    52.25.124.129:443          3      318     1
2018-11-22 16:59:44.992     0.000 TCP      192.168.86.32:51691 ->      52.98.2.194:443          2       80     1
2018-11-22 16:59:45.122     0.000 TCP     40.100.145.162:443   ->    114.134.165.2:55960        2      166     1
2018-11-22 16:59:37.122     8.020 TCP      192.168.86.73:65074 ->   54.213.110.103:443          3      318     1
2018-11-22 16:59:45.162     0.000 TCP      52.25.124.129:443   ->    114.134.165.2:50028        2      324     1
2018-11-22 16:59:45.172     0.000 TCP      192.168.86.43:55960 ->   40.100.145.162:443          2       80     1
2018-11-22 16:59:45.252     0.000 TCP          52.98.0.2:443   ->    114.134.165.2:54769        2      166     1
2018-11-22 16:59:45.272     0.000 TCP      93.92.100.173:443   ->    114.134.165.2:51820        2       80     1
2018-11-22 16:59:45.292     0.000 TCP      192.168.86.43:54769 ->        52.98.0.2:443          2       80     1
2018-11-22 16:59:45.342     0.000 UDP       85.245.38.20:57860 ->    114.134.165.2:8999         2      690     1
2018-11-22 16:59:45.382     0.000 TCP      192.168.86.55:46159 ->    198.61.165.71:443         11     1907     1

And judging by timestamps in /var/spool/pandora/data_in/netflow nfexpire is deleting old caps after 5 days as setup in the configuration


I have had flows hitting the server for approximately 2mths, however no matter what settings/filters I try I get 'No data to show' when attempting to use Netflow Live View inside PandoraFMS.

Can anyone assist?

I have attached the pandora_server.conf file (renamed *.txt) and can provide additional data if requested


Thanks in advance
Jodi

Good morning jwthomson,

First of all, seeing your Pandora server version, you can update to 728, and in a few days to 729. It could be a problem with the version and MR. Can you please show me this version, build and MR.

Also, when drawing the data, you must select a filter in the netflow, are you doing it?

Alberto
 Reply
#3
Quote:Good morning jwthomson,

First of all, seeing your Pandora server version, you can update to 728, and in a few days to 729. It could be a problem with the version and MR. Can you please show me this version, build and MR.

Also, when drawing the data, you must select a filter in the netflow, are you doing it?

Alberto

Hello Alberto

Thanks for your response

I have upgraded to the 728 as you suggested

Pandora FMS v7.0NG.728 - Build 181126 - MR 1

Still no data for the graphs Sad

I have tried with and without filters - both normal and advanced syntax


Regards
Jodi
 Reply
#4
(11-27-2018, 10:19 PM)jwthomson Wrote:
Quote:Good morning jwthomson,

First of all, seeing your Pandora server version, you can update to 728, and in a few days to 729. It could be a problem with the version and MR. Can you please show me this version, build and MR.

Also, when drawing the data, you must select a filter in the netflow, are you doing it?

Alberto

Hello Alberto

Thanks for your response

I have upgraded to the 728 as you suggested

Pandora FMS v7.0NG.728 - Build 181126 - MR 1

Still no data for the graphs Sad

I have tried with and without filters - both normal and advanced syntax


Regards
Jodi

Good morning jwthomson,

Now you have an error on the MR of your installation. To upgrade to the last MR you must follow this steps:

1- Enter MySQL with root.
2- Use pandora;
3- source /var/www/html/pandora_console/extras/mr/X.sql (go 1 by 1.. 1,2,3,4 to the last one).

Try this please and let us know.

Alberto
 Reply
#5
(11-28-2018, 01:37 PM)alberto.sanchez Wrote:
(11-27-2018, 10:19 PM)jwthomson Wrote:
Quote:Good morning jwthomson,

First of all, seeing your Pandora server version, you can update to 728, and in a few days to 729. It could be a problem with the version and MR. Can you please show me this version, build and MR.

Also, when drawing the data, you must select a filter in the netflow, are you doing it?

Alberto

Hello Alberto

Thanks for your response

I have upgraded to the 728 as you suggested

Pandora FMS v7.0NG.728 - Build 181126 - MR 1

Still no data for the graphs Sad

I have tried with and without filters - both normal and advanced syntax


Regards
Jodi

Good morning jwthomson,

Now you have an error on the MR of your installation. To upgrade to the last MR you must follow this steps:

1- Enter MySQL with root.
2- Use pandora;
3- source /var/www/html/pandora_console/extras/mr/X.sql (go 1 by 1.. 1,2,3,4 to the last one).

Try this please and let us know.

Alberto

I had already run the SQL according to MR update procedure https://wiki.pandorafms.com/index.php?ti...xo_Upgrade

Have re-run inside MySQL console as requested - output attached

We have yet to put the server into full production for our monitoring, so am happy to rebuild it from scratch to get this working

Regards
Jodi


Attached Files


.txt   pandora-mr-updates.txt (Size: 19.3 KB / Downloads: 3)
 Reply
#6
I have update to 729 and now netflow data is being seen by Pandora

Thanks for the assist


Regards
Jodi
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes