flow capture not starting at all

[fluca1978]

I'm trying to start flow-capture(1) installed from the port net-mgmt/flow-tools on a 9.1-RELEASE, but I'm not getting it working at all.
First of all the version of the flow-tools:

# pkg info flow-tools
flow-tools-0.68_7

I've tried to run either the flow-capture via rc.conf or by command line, and the result is the same: the pid file is created, but the process dies immediatly without any trace.
The command line I'm using is:

# flow-capture -w /var/db/flows/em1 -E 2G -n 287 -N 3 -d 1 0/0/4444
# cat /var/run/flow-capture.pid.4444 
40744
# ps -p 40744
PID TT  STAT TIME COMMAND
#

As you can see the process writes the pid correctly, but no process is available with such pid, and in fact nothing is listening on port 4444.
I've then tried to inspect more the process using truss(1):

# truss flow-capture -w /var/db/flows/em1 -E 2G -n 287 -N 3 -d 1 0/0/4444
...
fork()                                           = 40751 (0x9f2f)
open("/var/run/flow-capture.pid.4444",O_WRONLY|O_CREAT|O_TRUNC,0644) = 3 (0x3)
write(3,"40751\n",6)                             = 6 (0x6)
close(3)                                         = 0 (0x0)
sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0)
sigprocmask(SIG_SETMASK,0x0,0x0)                 = 0 (0x0)
sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0)
sigprocmask(SIG_SETMASK,0x0,0x0)                 = 0 (0x0)
sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0)
sigprocmask(SIG_SETMASK,0x0,0x0)                 = 0 (0x0)
sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0)
sigprocmask(SIG_SETMASK,0x0,0x0)                 = 0 (0x0)
sigprocmask(SIG_BLOCK,SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2,0x0) = 0 (0x0)
sigprocmask(SIG_SETMASK,0x0,0x0)                 = 0 (0x0)
process exit, rval = 0

As you can see the process writes the pid and then exits, even if I suspect a subprocess should be running (there is a fork(2)).

Any idea of what is going wrong or about how to get flow-capture to tell me what is going wrong?

 

[fluca1978]

I've removed the flow-tools from the system and tried the net-mgmt/flow-tools-ng, that are at a different version number:

# pkg info | grep flow
flow-tools-ng-0.68.5.1         Suite of tools and library to work with netflow data

even if it seems to me the ng is older than the standard one, that was at version 68.7. Anyway, I did the same try and without any luck:

# flow-capture -E 2G -n 287 -N 3 -d 1 -w /var/db/flows/em1 0/0/4444
# cat /var/run/flow-capture.pid.4444 
1017
# ps -p 1017
PID TT  STAT TIME COMMAND
#

No process at all.
So now the questions are (i) which port is the one to use and (ii) what am I missing to get it working?

 

[fluca1978]

I switched back to net-mgmt/flow-tools.
After a few trials I found that changing the -w directory to /tmp made the process working, at least I was able to see the UDP port listed via netstat(1).
I then configured the LOCAL6 logging facility to see what was going on, and a message about a directory non-existent appeared. Therefore I was simply using the program with a mispelled directory name.

I don't understand why such kind of errors are only logged via syslog(3) and not to stderr; that would have saved me a lot of time!