I'm having again problems with the network flows. I'm running 9.1-RELEASE, and the last week I had at last my machine with net-mgmt/flow-tools and net-mgmt/softflowd working fine.
The only thing that changed is that today I did a full portsnap(8) update, and now even if I've my collector and sensor running on the network cards I cannot get any flow information.
Here are the processes as launched from rc.conf:
Now, since no file was created in the /var/db/flows/em* directory any more, I checked the exports from the sensor, and got what I suspect is the problem:
The em1 interface is the one I'm connected to the machine via ssh(1), and therefore should be generating traffic!
I've tried to deinstall and reinstall both packages from ports, but nothing changed.
Of course, flow-capture(1) is running fine, and it seems softflowd(1) is able to speak to it too:
This is driving me crazy, any help is appreciated.
The only thing that changed is that today I did a full portsnap(8) update, and now even if I've my collector and sensor running on the network cards I cannot get any flow information.
Here are the processes as launched from rc.conf:
Code:
# ps -auxww | grep flow
nobody 10495 0.0 0.6 9628 1452 ?? Is 5:15PM 0:00.00 /usr/local/sbin/softflowd -i em0 -n 192.168.1.222:8888 -m 16000 -p /var/run/softflowd.em0.pid -c /var/run/softflowd.em0.ctl -t maxlife=300
nobody 10502 0.0 0.6 9628 1452 ?? Is 5:15PM 0:00.00 /usr/local/sbin/softflowd -i em1 -n 192.168.1.222:4444 -m 16000 -p /var/run/softflowd.em1.pid -c /var/run/softflowd.em1.ctl -t maxlife=300
flowtools 10514 0.0 0.6 9788 1468 ?? Ss 5:15PM 0:00.07 /usr/local/bin/flow-capture -E 2G -n 287 -N 3 -S 5 -w /var/db/flows/em1 -p /var/run/flow-capture/flow-capture.pid 192.168.1.222/0.0.0.0/4444
flowtools 10521 0.0 0.6 9788 1504 ?? Ss 5:15PM 0:00.08 /usr/local/bin/flow-capture -E 2G -n 287 -N 3 -S 5 -w /var/db/flows/em0 -p /var/run/flow-capture/flow-capture.pid 192.168.1.222/0.0.0.0/8888Now, since no file was created in the /var/db/flows/em* directory any more, I checked the exports from the sensor, and got what I suspect is the problem:
Code:
# softflowctl -c /var/run/softflowd.em1.ctl statistics
softflowd[10502]: Accumulated statistics:
[color="Red"]Number of active flows: 0
Packets processed: 0
[/color]Fragments: 0
Ignored packets: 0 (0 non-IP, 0 too short)
Flows expired: 0 (0 forced)
Flows exported: 0 in 0 packets (0 failures)
Packets received by libpcap: 614
Packets dropped by libpcap: 0
Packets dropped by interface: 0The em1 interface is the one I'm connected to the machine via ssh(1), and therefore should be generating traffic!
I've tried to deinstall and reinstall both packages from ports, but nothing changed.
Of course, flow-capture(1) is running fine, and it seems softflowd(1) is able to speak to it too:
Code:
# netstat -n
...
udp4 0 0 192.168.1.222.8888 *.*
udp4 0 0 192.168.1.222.4444 *.*
udp4 0 0 192.168.1.222.53342 192.168.1.222.4444
udp4 0 0 192.168.1.222.53000 192.168.1.222.8888This is driving me crazy, any help is appreciated.