[netsa-tools-discuss] unable to create directory S1 (cisco nexsus 7k)

asad a.alii85 at gmail.com
Mon Oct 12 04:15:13 EDT 2015 

Thanks cert, problem is now solved it was issue with iptables.

On 10/12/15, asad <a.alii85 at gmail.com> wrote:
> Further, im running rwflowpack as
>
> "sudo /usr/local/sbin/rwflowpack
> --sensor-configuration=/etc/nsm/NW-SEC-06-eth0/sensors.conf
> --sensor-name=S1 --site-config-file=/etc/nsm/NW-SEC-06-eth0/silk.conf
> --archive-directory=/nsm/sensor_data/NW-SEC-06-eth0/silk//archive
> --output-mode=local-storage
> --root-directory=/nsm/sensor_data/NW-SEC-06-eth0/silk/
> --pidfile=/var/log/rwflowpack.pid --log-level=debug
> --log-directory=/var/log --log-basename=rwflowpack
> "
>
> On 10/12/15, asad <a.alii85 at gmail.com> wrote:
>> hello,
>>
>> I'm unable to have v9 netflows from cisco Nexus7k write to silk
>> directory under /data. S0 folder exists but not S1, even when the
>> traffic is coming on interface with template and is verified through
>> wireshark.
>>
>>
>> # silk.conf for the "twoway" site
>> # RCSIDENT("$SiLK: silk.conf 52d8f4f62ffd 2012-05-25 21:16:30Z mthomas
>> $")
>>
>> # For a description of the syntax of this file, see silk.conf(5).
>>
>> # The syntactic format of this file
>> #    version 2 supports sensor descriptions, but otherwise identical to 1
>> version 2
>>
>> # NOTE: Once data has been collected for a sensor or a flowtype, the
>> # sensor or flowtype should never be removed or renumbered.  SiLK Flow
>> # files store the sensor ID and flowtype ID as integers; removing or
>> # renumbering a sensor or flowtype breaks this mapping.
>>
>> sensor 0 S0    "Description for sensor S0"
>> sensor 1 S1
>> sensor 2 S2    "Optional description for sensor S2"
>> sensor 3 S3
>> sensor 4 S4
>> sensor 5 S5
>> sensor 6 S6
>> sensor 7 S7
>> sensor 8 S8
>> sensor 9 S9
>> sensor 10 S10
>> sensor 11 S11
>> sensor 12 S12
>> sensor 13 S13
>> sensor 14 S14
>>
>> class all
>>     sensors S0 S1 S2 S3 S4 S5 S6 S7 S8 S9 S10 S11 S12 S13 S14
>> end class
>>
>> # Editing above this line is sufficient for sensor definition.
>>
>> # Be sure you understand the workings of the packing system before
>> # editing the class and type definitions below.  In particular, if you
>> # change or add-to the following, the C code in packlogic-twoway.c
>> # will need to change as well.
>>
>> class all
>>     type  0 in      in
>>     type  1 out     out
>>     type  2 inweb   iw
>>     type  3 outweb  ow
>>     type  4 innull  innull
>>     type  5 outnull outnull
>>     type  6 int2int int2int
>>     type  7 ext2ext ext2ext
>>     type  8 inicmp  inicmp
>>     type  9 outicmp outicmp
>>     type 10 other   other
>>
>>     default-types in inweb inicmp
>> end class
>>
>> default-class all
>>
>> # The layout of the tree below SILK_DATA_ROOTDIR.
>> # Use the default, which assumes a single class.
>> path-format "%N/%T/%Y/%m/%d/%x"
>>
>> # The plug-in to load to get the packing logic to use in rwflowpack.
>> # The --packing-logic switch to rwflowpack will override this value.
>> # If SiLK was configured with hard-coded packing logic, this value is
>> # ignored.
>> packing-logic "/usr/local/lib/silk/packlogic-twoway.so"
>>
>> ++++++++++++
>> sensors.conf
>> ++++++++++++
>>
>> probe S1 netflow-v9
>>   listen-on-port 2056
>>   protocol udp
>> end probe
>> group my-network
>>   ipblocks 192.168.0.0/16
>>   ipblocks 172.30.0.0/16
>>   ipblocks 10.0.0.0/8
>> end group
>> sensor S1
>>   netflow-v9-probes S1
>>   internal-ipblocks @my-network
>>   external-ipblocks remainder
>> end sensor
>>
>> ++++++++++++++++
>> rwflowpack.log
>> ++++++++++++++++++
>>
>> Oct 12 16:22:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120
>> seconds.
>> Oct 12 16:22:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
>> 0, ignored 0, nf9: missing-pkts 0
>> Oct 12 16:24:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120
>> seconds.
>> Oct 12 16:24:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
>> 0, ignored 0, nf9: missing-pkts 0
>> Oct 12 16:26:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120
>> seconds.
>> Oct 12 16:26:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
>> 0, ignored 0, nf9: missing-pkts 0
>> Oct 12 16:28:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120
>> seconds.
>> Oct 12 16:28:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
>> 0, ignored 0, nf9: missing-pkts 0
>> Oct 12 16:30:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120
>> seconds.
>> Oct 12 16:30:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
>> 0, ignored 0, nf9: missing-pkts 0
>> Oct 12 16:32:26 NW-SEC-06 rwflowpack[9700]: Flushing files after 120
>> seconds.
>> Oct 12 16:32:26 NW-SEC-06 rwflowpack[9700]: 'S1': forward 0, reverse
>> 0, ignored 0, nf9: missing-pkts 0
>>
>>
>> What wrong is happening? please guide.
>>
>

More information about the netsa-tools-discuss mailing list