[netsa-tools-discuss] unable to create directory S1 (cisco nexsus 7k)

asad a.alii85 at gmail.com
Mon Oct 12 02:46:43 EDT 2015


hello,

I'm unable to have v9 netflows from cisco Nexus7k write to silk
directory under /data. S0 folder exists but not S1, even when the
traffic is coming on interface with template and is verified through
wireshark.


# silk.conf for the "twoway" site
# RCSIDENT("$SiLK: silk.conf 52d8f4f62ffd 2012-05-25 21:16:30Z mthomas $")

# For a description of the syntax of this file, see silk.conf(5).

# The syntactic format of this file
#    version 2 supports sensor descriptions, but otherwise identical to 1
version 2

# NOTE: Once data has been collected for a sensor or a flowtype, the
# sensor or flowtype should never be removed or renumbered.  SiLK Flow
# files store the sensor ID and flowtype ID as integers; removing or
# renumbering a sensor or flowtype breaks this mapping.

sensor 0 S0    "Description for sensor S0"
sensor 1 S1
sensor 2 S2    "Optional description for sensor S2"
sensor 3 S3
sensor 4 S4
sensor 5 S5
sensor 6 S6
sensor 7 S7
sensor 8 S8
sensor 9 S9
sensor 10 S10
sensor 11 S11
sensor 12 S12
sensor 13 S13
sensor 14 S14

class all
    sensors S0 S1 S2 S3 S4 S5 S6 S7 S8 S9 S10 S11 S12 S13 S14
end class

# Editing above this line is sufficient for sensor definition.

# Be sure you understand the workings of the packing system before
# editing the class and type definitions below.  In particular, if you
# change or add-to the following, the C code in packlogic-twoway.c
# will need to change as well.

class all
    type  0 in      in
    type  1 out     out
    type  2 inweb   iw
    type  3 outweb  ow
    type  4 innull  innull
    type  5 outnull outnull
    type  6 int2int int2int
    type  7 ext2ext ext2ext
    type  8 inicmp  inicmp
    type  9 outicmp outicmp
    type 10 other   other

    default-types in inweb inicmp
end class

default-class all

# The layout of the tree below SILK_DATA_ROOTDIR.
# Use the default, which assumes a single class.
path-format "%N/%T/%Y/%m/%d/%x"

# The plug-in to load to get the packing logic to use in rwflowpack.
# The --packing-logic switch to rwflowpack will override this value.
# If SiLK was configured with hard-coded packing logic, this value is
# ignored.
packing-logic "/usr/local/lib/silk/packlogic-twoway.so"

++++++++++++
sensors.conf
++++++++++++

probe S1 netflow-v9
  listen-on-port 2056
  protocol udp
end probe
group my-network
  ipblocks 192.168.0.0/16
  ipblocks 172.30.0.0/16
  ipblocks 10.0.0.0/8
end group
sensor S1
  netflow-v9-probes S1
  internal-ipblocks @my-network
  external-ipblocks remainder
end sensor

++++++++++++++++
rwflowpack.log
++++++++++++++++++

Oct 12 16:22:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120 seconds.
Oct 12 16:22:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
0, ignored 0, nf9: missing-pkts 0
Oct 12 16:24:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120 seconds.
Oct 12 16:24:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
0, ignored 0, nf9: missing-pkts 0
Oct 12 16:26:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120 seconds.
Oct 12 16:26:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
0, ignored 0, nf9: missing-pkts 0
Oct 12 16:28:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120 seconds.
Oct 12 16:28:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
0, ignored 0, nf9: missing-pkts 0
Oct 12 16:30:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120 seconds.
Oct 12 16:30:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
0, ignored 0, nf9: missing-pkts 0
Oct 12 16:32:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120 seconds.
Oct 12 16:32:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
0, ignored 0, nf9: missing-pkts 0


What wrong is happening? please guide.


More information about the netsa-tools-discuss mailing list