Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Netflow in PandoraFMS - No data found
#1
Pandora FMS v7.0NG.734 - Build 181105 - MR 9

I'm unable to see any NetFlow data.

I can see that nfcapd is running and nfdump is installed

/var/spool/pandora/data_in/netflow# ls -l --block-size=M
total 1481M

-rw-r----- 1 root apache 131M May 24 16:00 nfcapd.201905241500
-rw-r----- 1 root apache 467M May 24 16:25 nfcapd.201905241600
-rw-r----- 1 root apache  74M May 24 15:34 nfcapd.current.12863
-rw-r----- 1 root apache  37M May 24 15:55 nfcapd.current.15646
-rw-r----- 1 root apache 144M May 24 16:05 nfcapd.current.15917
-rw-r----- 1 root apache  52M May 24 16:07 nfcapd.current.18055
-rw-r----- 1 root apache 458M May 24 16:42 nfcapd.current.18558
-rw-r----- 1 root apache  93M May 24 16:46 nfcapd.current.21559
 Reply
#2
(05-24-2019, 03:43 PM)srichards Wrote: Pandora FMS v7.0NG.734 - Build 181105 - MR 9

I'm unable to see any NetFlow data.

I can see that nfcapd is running and nfdump is installed

/var/spool/pandora/data_in/netflow# ls -l --block-size=M
total 1481M

-rw-r----- 1 root apache 131M May 24 16:00 nfcapd.201905241500
-rw-r----- 1 root apache 467M May 24 16:25 nfcapd.201905241600
-rw-r----- 1 root apache  74M May 24 15:34 nfcapd.current.12863
-rw-r----- 1 root apache  37M May 24 15:55 nfcapd.current.15646
-rw-r----- 1 root apache 144M May 24 16:05 nfcapd.current.15917
-rw-r----- 1 root apache  52M May 24 16:07 nfcapd.current.18055
-rw-r----- 1 root apache 458M May 24 16:42 nfcapd.current.18558
-rw-r----- 1 root apache  93M May 24 16:46 nfcapd.current.21559

Good afternoon, srichards

Please do try to change the permissions of the files in /var/spool/pandora/data_in/netflow to: 


Code:
-rw-r--r--


Can you send us please a screenshot of the configuration you have in Setup > Netflow? It would be extremely useful. 

It is important to note too that the MR you have is outdated. To update it, please execute the following command in /var/www/html/pandora_console/extras/mr: 

Code:
for i in `ls | sort -n`; do mysql -u root -ppandora pandora -e "source $i"; done


Kind regards, 

Eduardo.
 Reply
#3
(05-27-2019, 12:44 PM)eduardo.corral Wrote:
(05-24-2019, 03:43 PM)srichards Wrote: Pandora FMS v7.0NG.734 - Build 181105 - MR 9

I'm unable to see any NetFlow data.

I can see that nfcapd is running and nfdump is installed

/var/spool/pandora/data_in/netflow# ls -l --block-size=M
total 1481M

-rw-r----- 1 root apache 131M May 24 16:00 nfcapd.201905241500
-rw-r----- 1 root apache 467M May 24 16:25 nfcapd.201905241600
-rw-r----- 1 root apache  74M May 24 15:34 nfcapd.current.12863
-rw-r----- 1 root apache  37M May 24 15:55 nfcapd.current.15646
-rw-r----- 1 root apache 144M May 24 16:05 nfcapd.current.15917
-rw-r----- 1 root apache  52M May 24 16:07 nfcapd.current.18055
-rw-r----- 1 root apache 458M May 24 16:42 nfcapd.current.18558
-rw-r----- 1 root apache  93M May 24 16:46 nfcapd.current.21559

Good afternoon, srichards

Please do try to change the permissions of the files in /var/spool/pandora/data_in/netflow to: 


Code:
-rw-r--r--


Can you send us please a screenshot of the configuration you have in Setup > Netflow? It would be extremely useful. 

It is important to note too that the MR you have is outdated. To update it, please execute the following command in /var/www/html/pandora_console/extras/mr: 

Code:
for i in `ls | sort -n`; do mysql -u root -ppandora pandora -e "source $i"; done


Kind regards, 

Eduardo.

Hi Eduardo,

Thanks for the fast reply. I've tried running the db updates directly into MYSQL CLI and via Heidi but the MR stays the same at MR 9

I have my output from your script here if it helps?

:/var/www/html/pandora_console/extras/mr# ./simon.ps
ERROR 1064 (42000) at line 1 in file: 'simon.ps': You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'for i in `ls | sort -n`' at line 1
ERROR 1064 (42000) at line 1 in file: 'simon.ps': You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'root -pXXXXXXXXXXXXXXX pandora -e "source $i"' at line 1
ERROR 1064 (42000) at line 1 in file: 'simon.ps': You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'done' at line 1
ERROR at line 1: Can't initialize batch_readline
ERROR 1060 (42S21) at line 3 in file: '1.sql': Duplicate column name 'default_event_filter'
+---+
| 1 |
+---+
| 1 |
+---+
+---+
| 1 |
+---+
| 1 |
+---+
ERROR 1060 (42S21) at line 3 in file: '3.sql': Duplicate column name 'is_password_type'
ERROR 1060 (42S21) at line 3 in file: '4.sql': Duplicate column name 'autorefresh_white_list'
+---+
| 1 |
+---+
| 1 |
+---+
ERROR 1060 (42S21) at line 13 in file: '6.sql': Duplicate column name 'exec_proxy'
ERROR 1060 (42S21) at line 15 in file: '6.sql': Duplicate column name 'server_to_exec'
ERROR 1062 (23000) at line 17 in file: '6.sql': Duplicate entry '8' for key 'PRIMARY'
ERROR 1062 (23000) at line 19 in file: '6.sql': Duplicate entry '25' for key 'PRIMARY'
ERROR 1060 (42S21) at line 3 in file: '7.sql': Duplicate column name 'show_statistics'
ERROR 1060 (42S21) at line 2 in file: '8.sql': Duplicate column name 'time_autorefresh'
ERROR 1060 (42S21) at line 3 in file: '8.sql': Duplicate column name 'lapse_calc'
ERROR 1060 (42S21) at line 4 in file: '8.sql': Duplicate column name 'lapse'
ERROR 1060 (42S21) at line 5 in file: '8.sql': Duplicate column name 'visual_format'
ERROR 1060 (42S21) at line 6 in file: '8.sql': Duplicate column name 'lapse_calc'
ERROR 1060 (42S21) at line 7 in file: '8.sql': Duplicate column name 'lapse'
ERROR 1060 (42S21) at line 8 in file: '8.sql': Duplicate column name 'visual_format'
+---+
| 1 |
+---+
| 1 |
+---+
ERROR 1060 (42S21) at line 13 in file: '9.sql': Duplicate column name 'safe_mode_module'
ERROR 1060 (42S21) at line 14 in file: '9.sql': Duplicate column name 'safe_mode_module'
ERROR 1060 (42S21) at line 16 in file: '9.sql': Duplicate column name 'element_group'
ERROR 1060 (42S21) at line 18 in file: '9.sql': Duplicate column name 'id_layout_linked_weight'
ERROR 1060 (42S21) at line 20 in file: '9.sql': Duplicate column name 'show_on_top'
ERROR 1060 (42S21) at line 22 in file: '9.sql': Duplicate column name 'cells_slideshow'
ERROR 1060 (42S21) at line 3 in file: '10.sql': Duplicate column name 'unified_filters_id'
ERROR 1060 (42S21) at line 4 in file: '10.sql': Duplicate column name 'hide_no_data'
ERROR 1060 (42S21) at line 5 in file: '10.sql': Duplicate column name 'field_order'
ERROR 1060 (42S21) at line 8 in file: '10.sql': Duplicate column name 'summatory_series'
ERROR 1060 (42S21) at line 9 in file: '10.sql': Duplicate column name 'average_series'
ERROR 1060 (42S21) at line 10 in file: '10.sql': Duplicate column name 'modules_series'
ERROR 1060 (42S21) at line 3 in file: '11.sql': Duplicate column name 'is_favourite'
ERROR 1060 (42S21) at line 10 in file: '11.sql': Duplicate column name 'fullscale'
ERROR 1060 (42S21) at line 12 in file: '11.sql': Duplicate column name 'fullscale'
ERROR 1060 (42S21) at line 14 in file: '11.sql': Duplicate column name 'hide_no_data'
ERROR 1060 (42S21) at line 16 in file: '11.sql': Duplicate column name 'last_unknown_update'
ERROR 1060 (42S21) at line 3 in file: '12.sql': Duplicate column name 'type_graph'
ERROR 1060 (42S21) at line 5 in file: '12.sql': Duplicate column name 'clock_animation'
ERROR 1060 (42S21) at line 6 in file: '12.sql': Duplicate column name 'time_format'
ERROR 1060 (42S21) at line 7 in file: '12.sql': Duplicate column name 'timezone'
ERROR 1062 (23000) at line 13 in file: '13.sql': Duplicate entry '100' for key 'PRIMARY'
ERROR 1060 (42S21) at line 40 in file: '14.sql': Duplicate column name 'update_secondary_groups'
ERROR 1060 (42S21) at line 41 in file: '14.sql': Duplicate column name 'update_secondary_groups'
ERROR 1064 (42000) at line 50 in file: '14.sql': You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '0' at line 1
ERROR 1243 (HY000) at line 51 in file: '14.sql': Unknown prepared statement handler (pr_oum721) given to EXECUTE
ERROR 1243 (HY000) at line 52 in file: '14.sql': Unknown prepared statement handler (pr_oum721) given to DEALLOCATE PREPARE
ERROR 1025 (HY000) at line 3 in file: '15.sql': Error on rename of './pandora/tcluster' to './pandora/#sql2-1b94-14' (errno: 152)
ERROR 1025 (HY000) at line 5 in file: '15.sql': Error on rename of './pandora/tcluster_agent' to './pandora/#sql2-1b94-14' (errno: 152)
ERROR 1025 (HY000) at line 7 in file: '15.sql': Error on rename of './pandora/tcluster_agent' to './pandora/#sql2-1b94-14' (errno: 152)
ERROR 1060 (42S21) at line 15 in file: '17.sql': Duplicate column name 'custom_fields'
ERROR 1060 (42S21) at line 3 in file: '18.sql': Duplicate column name 'quiet'
ERROR 1060 (42S21) at line 4 in file: '18.sql': Duplicate column name 'cps'
ERROR 1060 (42S21) at line 5 in file: '18.sql': Duplicate column name 'cascade_protection'
ERROR 1060 (42S21) at line 7 in file: '18.sql': Duplicate column name 'cps'
ERROR 1060 (42S21) at line 9 in file: '18.sql': Duplicate column name 'cps'
ERROR 1060 (42S21) at line 11 in file: '18.sql': Duplicate column name 'cps'
ERROR 1060 (42S21) at line 13 in file: '18.sql': Duplicate column name 'evaluate_sla'
ERROR 1060 (42S21) at line 15 in file: '18.sql': Duplicate column name 'cps'
ERROR 1060 (42S21) at line 19 in file: '18.sql': Duplicate column name 'id_node'
ERROR 1060 (42S21) at line 23 in file: '18.sql': Duplicate column name 'data'
ERROR 1060 (42S21) at line 25 in file: '18.sql': Duplicate column name 'data'
ERROR 1060 (42S21) at line 27 in file: '18.sql': Duplicate column name 'data'
ERROR 1060 (42S21) at line 29 in file: '18.sql': Duplicate column name 'module_status'
ERROR 1060 (42S21) at line 31 in file: '18.sql': Duplicate column name 'module_status'
ERROR 1060 (42S21) at line 33 in file: '18.sql': Duplicate column name 'module_status'
ERROR 1050 (42S01) at line 35 in file: '18.sql': Table 'tautoconfig' already exists
ERROR 1050 (42S01) at line 44 in file: '18.sql': Table 'tautoconfig_rules' already exists
ERROR 1050 (42S01) at line 58 in file: '18.sql': Table 'tautoconfig_actions' already exists
ERROR 1060 (42S21) at line 59 in file: '19.sql': Duplicate column name 'no_hierarchy'
ERROR 1060 (42S21) at line 3 in file: '20.sql': Duplicate column name 'recursion'
ERROR 1060 (42S21) at line 5 in file: '20.sql': Duplicate column name 'user_comment'
ERROR 1060 (42S21) at line 6 in file: '20.sql': Duplicate column name 'source'
ERROR 1060 (42S21) at line 7 in file: '20.sql': Duplicate column name 'id_extra'
ERROR 1060 (42S21) at line 12 in file: '20.sql': Duplicate column name 'linked_layout_status_type'
ERROR 1060 (42S21) at line 13 in file: '20.sql': Duplicate column name 'linked_layout_status_as_service_warning'
ERROR 1060 (42S21) at line 14 in file: '20.sql': Duplicate column name 'linked_layout_status_as_service_critical'
ERROR 1060 (42S21) at line 15 in file: '20.sql': Duplicate column name 'linked_layout_node_id'
ERROR 1060 (42S21) at line 16 in file: '20.sql': Duplicate column name 'linked_layout_status_type'
ERROR 1060 (42S21) at line 17 in file: '20.sql': Duplicate column name 'linked_layout_status_as_service_warning'
ERROR 1060 (42S21) at line 18 in file: '20.sql': Duplicate column name 'linked_layout_status_as_service_critical'
ERROR 1060 (42S21) at line 19 in file: '20.sql': Duplicate column name 'linked_layout_node_id'
ERROR 1060 (42S21) at line 25 in file: '20.sql': Duplicate column name 'hidden'
ERROR 1060 (42S21) at line 27 in file: '20.sql': Duplicate column name 'snmp_version'
ERROR 1060 (42S21) at line 28 in file: '20.sql': Duplicate column name 'snmp_auth_user'
ERROR 1060 (42S21) at line 29 in file: '20.sql': Duplicate column name 'snmp_auth_pass'
ERROR 1060 (42S21) at line 30 in file: '20.sql': Duplicate column name 'snmp_auth_method'
ERROR 1060 (42S21) at line 31 in file: '20.sql': Duplicate column name 'snmp_privacy_method'
ERROR 1060 (42S21) at line 32 in file: '20.sql': Duplicate column name 'snmp_privacy_pass'
ERROR 1060 (42S21) at line 33 in file: '20.sql': Duplicate column name 'snmp_security_level'
ERROR 1060 (42S21) at line 34 in file: '20.sql': Duplicate column name 'custom_fields'
ERROR 1062 (23000) at line 45 in file: '20.sql': Duplicate entry '1' for key 'PRIMARY'
ERROR 1060 (42S21) at line 3 in file: '21.sql': Duplicate column name 'is_favourite'
ERROR 1060 (42S21) at line 6 in file: '21.sql': Duplicate column name 'show_last_value'
ERROR 1060 (42S21) at line 7 in file: '21.sql': Duplicate column name 'show_last_value'
ERROR 1060 (42S21) at line 10 in file: '21.sql': Duplicate column name 'meta_dbuser'
ERROR 1060 (42S21) at line 11 in file: '21.sql': Duplicate column name 'meta_dbpass'
ERROR 1060 (42S21) at line 12 in file: '21.sql': Duplicate column name 'meta_dbhost'
ERROR 1060 (42S21) at line 13 in file: '21.sql': Duplicate column name 'meta_dbport'
ERROR 1060 (42S21) at line 14 in file: '21.sql': Duplicate column name 'meta_dbname'
ERROR 1060 (42S21) at line 3 in file: '22.sql': Duplicate column name 'id_group'
ERROR 1091 (42000) at line 5 in file: '22.sql': Can't DROP 'flash_chart'; check that column/key exists
ERROR 1060 (42S21) at line 7 in file: '22.sql': Duplicate column name 'default_custom_view'
ERROR 1060 (42S21) at line 3 in file: '23.sql': Duplicate column name 'group_search'
ERROR 1060 (42S21) at line 5 in file: '23.sql': Duplicate column name 'module_status'
ERROR 1060 (42S21) at line 7 in file: '23.sql': Duplicate column name 'recursion'
ERROR 1060 (42S21) at line 9 in file: '23.sql': Duplicate column name 'group_recursion'
ERROR 1060 (42S21) at line 3 in file: '24.sql': Duplicate column name 'orientation'
ERROR 1060 (42S21) at line 7 in file: '25.sql': Duplicate column name 'wmi_enabled'
ERROR 1060 (42S21) at line 8 in file: '25.sql': Duplicate column name 'auth_strings'
ERROR 1060 (42S21) at line 9 in file: '25.sql': Duplicate column name 'autoconfiguration_enabled'
ERROR 1050 (42S01) at line 25 in file: '25.sql': Table 'tnotification_source' already exists
ERROR 1060 (42S21) at line 50 in file: '25.sql': Duplicate column name 'url'
ERROR 1060 (42S21) at line 51 in file: '25.sql': Duplicate column name 'response_mode'
ERROR 1060 (42S21) at line 52 in file: '25.sql': Duplicate column name 'citicity'
ERROR 1060 (42S21) at line 53 in file: '25.sql': Duplicate column name 'id_source'
ERROR 1060 (42S21) at line 54 in file: '25.sql': Duplicate column name 'subtype'
ERROR 1242 (21000) at line 56 in file: '25.sql': Subquery returns more than 1 row
ERROR 1005 (HY000) at line 57 in file: '25.sql': Can't create table 'pandora.#sql-1b94_1e' (errno: 121)
ERROR 1242 (21000) at line 119 in file: '25.sql': Subquery returns more than 1 row
ERROR 1062 (23000) at line 120 in file: '25.sql': Duplicate entry '2-0' for key 'PRIMARY'
ERROR 1060 (42S21) at line 14 in file: '26.sql': Duplicate column name 'show_extended_events'
ERROR 1060 (42S21) at line 20 in file: '26.sql': Duplicate column name 'combo_values'
ERROR 1060 (42S21) at line 22 in file: '26.sql': Duplicate column name 'summary'
ERROR 1091 (42000) at line 3 in file: '27.sql': Can't DROP 'output'; check that column/key exists
ERROR 1060 (42S21) at line 5 in file: '27.sql': Duplicate column name 'ff_type'
ERROR 1060 (42S21) at line 6 in file: '27.sql': Duplicate column name 'ff_type'
ERROR 1060 (42S21) at line 7 in file: '27.sql': Duplicate column name 'ff_type'
ERROR 1060 (42S21) at line 8 in file: '27.sql': Duplicate column name 'ff_type'
ERROR 1060 (42S21) at line 10 in file: '27.sql': Duplicate column name 'ff_normal'
ERROR 1060 (42S21) at line 11 in file: '27.sql': Duplicate column name 'ff_warning'
ERROR 1060 (42S21) at line 12 in file: '27.sql': Duplicate column name 'ff_critical'
ERROR 1146 (42S02) at line 14 in file: '27.sql': Table 'pandora.tuser_task' doesn't exist
ERROR 1060 (42S21) at line 16 in file: '27.sql': Duplicate column name 'total_time'
ERROR 1060 (42S21) at line 17 in file: '27.sql': Duplicate column name 'time_failed'
ERROR 1060 (42S21) at line 18 in file: '27.sql': Duplicate column name 'time_in_ok_status'
ERROR 1060 (42S21) at line 19 in file: '27.sql': Duplicate column name 'time_in_unknown_status'
ERROR 1060 (42S21) at line 20 in file: '27.sql': Duplicate column name 'time_of_not_initialized_module'
ERROR 1060 (42S21) at line 21 in file: '27.sql': Duplicate column name 'time_of_downtime'
ERROR 1060 (42S21) at line 22 in file: '27.sql': Duplicate column name 'total_checks'
ERROR 1060 (42S21) at line 23 in file: '27.sql': Duplicate column name 'checks_failed'
ERROR 1060 (42S21) at line 24 in file: '27.sql': Duplicate column name 'checks_in_ok_status'
ERROR 1060 (42S21) at line 25 in file: '27.sql': Duplicate column name 'unknown_checks'
ERROR 1060 (42S21) at line 26 in file: '27.sql': Duplicate column name 'agent_max_value'
ERROR 1060 (42S21) at line 27 in file: '27.sql': Duplicate column name 'agent_min_value'
ERROR 1060 (42S21) at line 29 in file: '27.sql': Duplicate column name 'total_time'
ERROR 1060 (42S21) at line 30 in file: '27.sql': Duplicate column name 'time_failed'
ERROR 1060 (42S21) at line 31 in file: '27.sql': Duplicate column name 'time_in_ok_status'
ERROR 1060 (42S21) at line 32 in file: '27.sql': Duplicate column name 'time_in_unknown_status'
ERROR 1060 (42S21) at line 33 in file: '27.sql': Duplicate column name 'time_of_not_initialized_module'
ERROR 1060 (42S21) at line 34 in file: '27.sql': Duplicate column name 'time_of_downtime'
ERROR 1060 (42S21) at line 35 in file: '27.sql': Duplicate column name 'total_checks'
ERROR 1060 (42S21) at line 36 in file: '27.sql': Duplicate column name 'checks_failed'
ERROR 1060 (42S21) at line 37 in file: '27.sql': Duplicate column name 'checks_in_ok_status'
ERROR 1060 (42S21) at line 38 in file: '27.sql': Duplicate column name 'unknown_checks'
ERROR 1060 (42S21) at line 39 in file: '27.sql': Duplicate column name 'agent_max_value'
ERROR 1060 (42S21) at line 40 in file: '27.sql': Duplicate column name 'agent_min_value'
ERROR 1060 (42S21) at line 42 in file: '27.sql': Duplicate column name 'type'
ERROR 1060 (42S21) at line 43 in file: '27.sql': Duplicate column name 'type'
[email protected]:/var/www/html/pandora_console/extras/mr#
 Reply
#4
Hi Eduardo,

I rebuilt the server with latest and it's now running Pandora FMS v7.0NG.734 - Build PC190429 - MR 27

Still the same problem, lots of big files in /var/spool/pandora/data_in/netflow but i cannot see an data in Pandora Console.
 Reply
#5
(05-28-2019, 12:34 PM)srichards Wrote: Hi Eduardo,

I rebuilt the server with latest and it's now running Pandora FMS v7.0NG.734 - Build PC190429 - MR 27

Still the same problem, lots of big files in /var/spool/pandora/data_in/netflow but i cannot see an data in Pandora Console.

Greetings, srichards

Please do try to disable (with KILL command) nfcapd process and restart Pandora FMS server to start again nfcapd with the right parameters. 

Let us know how this works. 

Kind regards, 

Eduardo.
 Reply
#6
(05-28-2019, 02:24 PM)eduardo.corral Wrote:
(05-28-2019, 12:34 PM)srichards Wrote: Hi Eduardo,

I rebuilt the server with latest and it's now running Pandora FMS v7.0NG.734 - Build PC190429 - MR 27

Still the same problem, lots of big files in /var/spool/pandora/data_in/netflow but i cannot see an data in Pandora Console.

Greetings, srichards

Please do try to disable (with KILL command) nfcapd process and restart Pandora FMS server to start again nfcapd with the right parameters. 

Let us know how this works. 

Kind regards, 

Eduardo.

Thanks,

I tried this but still no data in Pandora although i notice the Date is 1970 ?!?!

[[email protected] ~]# nfdump -R /var/spool/pandora/data_in/netflow/
Date first seen          Event  XEvent Proto      Src IP Addr:Port          Dst IP Addr:Port     X-Src IP Addr:Port        X-Dst IP Addr:Port   In Byte Out Byte
1970-01-01 01:00:00.000 INVALID  Ignore TCP      x.x.x.x:55260 ->      x.x.x.x:443            0.0.0.0:0     ->          0.0.0.0:0          114        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP       x.x.x.x:52010 ->     x.x.x.x:80             0.0.0.0:0     ->          0.0.0.0:0         1535        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP      x.x.x.x:52009 ->     x.x.x.x:80             0.0.0.0:0     ->          0.0.0.0:0         1459        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP        x.x.x.x:443   ->     x.x.x.x:42499          0.0.0.0:0     ->          0.0.0.0:0           52        0
 Reply
#7
(05-28-2019, 02:46 PM)srichards Wrote:
(05-28-2019, 02:24 PM)eduardo.corral Wrote:
(05-28-2019, 12:34 PM)srichards Wrote: Hi Eduardo,

I rebuilt the server with latest and it's now running Pandora FMS v7.0NG.734 - Build PC190429 - MR 27

Still the same problem, lots of big files in /var/spool/pandora/data_in/netflow but i cannot see an data in Pandora Console.

Greetings, srichards

Please do try to disable (with KILL command) nfcapd process and restart Pandora FMS server to start again nfcapd with the right parameters. 

Let us know how this works. 

Kind regards, 

Eduardo.

Thanks,

I tried this but still no data in Pandora although i notice the Date is 1970 ?!?!

[[email protected] ~]# nfdump -R /var/spool/pandora/data_in/netflow/
Date first seen          Event  XEvent Proto      Src IP Addr:Port          Dst IP Addr:Port     X-Src IP Addr:Port        X-Dst IP Addr:Port   In Byte Out Byte
1970-01-01 01:00:00.000 INVALID  Ignore TCP      x.x.x.x:55260 ->      x.x.x.x:443            0.0.0.0:0     ->          0.0.0.0:0          114        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP       x.x.x.x:52010 ->     x.x.x.x:80             0.0.0.0:0     ->          0.0.0.0:0         1535        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP      x.x.x.x:52009 ->     x.x.x.x:80             0.0.0.0:0     ->          0.0.0.0:0         1459        0
1970-01-01 01:00:00.000 INVALID  Ignore TCP        x.x.x.x:443   ->     x.x.x.x:42499          0.0.0.0:0     ->          0.0.0.0:0           52        0

Hello srichards,

I am not so sure if it is the sender who send the netflow traffic with the timestamp of its machine or it is the nfcapd who insert the reception date in the packet. It is more matter of behavior of nfcapd daemon than Pandora itself.

Here you can find the documentation of nfdump and nfcapd: http://nfdump.sourceforge.net/

I'd said is the sender who send the netflow packets with the timestamp. Please, configure the date in sender devices and in Pandora server so that the netflow packets had the correct date.

Regards.
 Reply
#8
I'm not sure how to proceed,

I am collecting Netflow data and storing it but cannot see anything in Pandora.

I've tried multiple versions of NFDUMP but always not thing shows up in PandoraConsole

My HTTPD log shows this when i try to search netflow in Pandora:


Quote:[Thu May 30 17:02:32.554151 2019] [mpm_prefork:notice] [pid 4433] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.19 configured -- resuming normal operations
[Thu May 30 17:02:32.554168 2019] [core:notice] [pid 4433] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Of course i can see the files and the path is correct in the Pandora config


Attached Files


.jpg   flows.jpg (Size: 399.9 KB / Downloads: 12)
.jpg   Capture.JPG (Size: 121.88 KB / Downloads: 12)
 Reply
#9
(05-30-2019, 03:09 PM)srichards Wrote: I'm not sure how to proceed,

I am collecting Netflow data and storing it but cannot see anything in Pandora.

I've tried multiple versions of NFDUMP but always not thing shows up in PandoraConsole

My HTTPD log shows this when i try to search netflow in Pandora:


Quote:[Thu May 30 17:02:32.554151 2019] [mpm_prefork:notice] [pid 4433] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.19 configured -- resuming normal operations
[Thu May 30 17:02:32.554168 2019] [core:notice] [pid 4433] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Of course i can see the files and the path is correct in the Pandora config

Greetings, srichards

Can you please send us the result of executing a grep command of the process to see if its running with the right parameters?

It would be extremely helpful too if you can send us a screenshot of the Netflow configuration screen in your Pandora FMS console. 

Kind regards, 

Eduardo.
 Reply
#10
(06-03-2019, 08:03 AM)eduardo.corral Wrote:
(05-30-2019, 03:09 PM)srichards Wrote: I'm not sure how to proceed,

I am collecting Netflow data and storing it but cannot see anything in Pandora.

I've tried multiple versions of NFDUMP but always not thing shows up in PandoraConsole

My HTTPD log shows this when i try to search netflow in Pandora:


Quote:[Thu May 30 17:02:32.554151 2019] [mpm_prefork:notice] [pid 4433] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.19 configured -- resuming normal operations
[Thu May 30 17:02:32.554168 2019] [core:notice] [pid 4433] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Empty file list. No files to process

Of course i can see the files and the path is correct in the Pandora config

Greetings, srichards

Can you please send us the result of executing a grep command of the process to see if its running with the right parameters?

It would be extremely helpful too if you can send us a screenshot of the Netflow configuration screen in your Pandora FMS console. 

Kind regards, 

Eduardo.

Hi Eduardo,

No problem, please find below:

Best

Simon

Code:
[email protected]:~# sudo /etc/init.d/pandora_server start
Pandora FMS Server 7.0NG.734 Build 190429 Copyright (c) 2004-2018 Artica ST
This program is OpenSource, licensed under the terms of GPL License version 2.
You can download latest versions and documentation at official web page.
 
[*]Backgrounding Pandora FMS Server process.

Pandora FMS Server is now running with PID 3829
[email protected]:~#  ps aux | grep -i nfcapd
root      3848  0.2  0.0  35000  1152 ?        S    09:53   0:00 /usr/bin/nfcapd -D -T all -w -t 1500 -P /var/run/pandora_nfcapd.pid -l /var/spool/pandora/data_in/netflow/
root      3887  0.0  0.0 113176  1532 pts/0    Ss   09:53   0:00 bash -c cd "/root" && bash -i -c " ps aux | grep -i nfcapd"
root      3898  0.0  0.0 115432  1836 pts/0    S    09:53   0:00 bash -i -c  ps aux | grep -i nfcapd
root      3912  0.0  0.0 112708   964 pts/0    S+   09:53   0:00 grep --color=auto -i nfcapd


Attached Files


.jpg   Capture.JPG (Size: 142.9 KB / Downloads: 12)
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes