[pmacct-discussion] Trying to collect NetFlow data from a Cisco router

Discussion:

Tech Support

2018-07-13 17:00:08 UTC

All;

I have a Cisco router running IOS and have NetFlow enabled. What I want
to do is simply collect that data using nfacctd. No biggie, just collect the
data containing the src and dst IP addresses and store it in MySQL. I don't
even need to store it in MySQL, I could simply store it pretty much
anywhere. The problem is that no data is being collected. This is my
nfacctd.conf file:

daemonize: true

#debug: true

networks_file: /usr/local/etc/pmacct/nfacctd.networks

aggregate: src_host,dst_host

nfacctd_port: 2100

plugins: mysql

sql_optimize_clauses: true

sql_table_schema: /usr/local/etc/pmacct/pmacct-create-db_v1.sql

sql_refresh_time: 60

sql_history: 1d

sql_history_roundoff: d

sql_db: accounting

sql_table: tkue_%Y_%m_%d

sql_host: localhost

sql_passwd: root

sql_user: xxxxxxxx

So, my question is, what am I missing? What am I doing wrong? Any insight at
all would be greatly appreciated.

Thanks in Advance;

John V.

Kafui Akyea

2018-07-13 21:11:36 UTC

Permalink

I think you need to figure out if nfacctd is receiving any Netflow data at
all and if it is aggregating it first.

So from a terminal do this

# *nfacctd -l 2100*

where 2100 is the port to listen for netflow records. it will default to
memory plugin. you should see a few messages printed out.

make sure you see something like this

*OK ( default_memory/memory ): waiting for data on: '/tmp/collect.pipe'*

Then in another terminal do this

# *pmacct -s -p /tmp/collect.pipe*

It should display a nice table of the aggregates it has collected in memory
for source host.

If everything is ok with the above then you at least know it is getting and
aggregating Netflow data.

Kafui

Post by Tech Support
All;
I have a Cisco router running IOS and have NetFlow enabled. What I
want to do is simply collect that data using nfacctd. No biggie, just
collect the data containing the src and dst IP addresses and store it in
MySQL. I donât even need to store it in MySQL, I could simply store it
pretty much anywhere. The problem is that no data is being collected. This
daemonize: true
#debug: true
networks_file: /usr/local/etc/pmacct/nfacctd.networks
aggregate: src_host,dst_host
nfacctd_port: 2100
plugins: mysql
sql_optimize_clauses: true
sql_table_schema: /usr/local/etc/pmacct/pmacct-create-db_v1.sql
sql_refresh_time: 60
sql_history: 1d
sql_history_roundoff: d
sql_db: accounting
sql_table: tkue_%Y_%m_%d
sql_host: localhost
sql_passwd: root
sql_user: xxxxxxxx
So, my question is, what am I missing? What am I doing wrong? Any insight
at all would be greatly appreciated.
Thanks in Advance;
John V.
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Aaron Finney

2018-07-13 23:23:25 UTC

Permalink

And also post the netflow config section from your router.

Post by Kafui Akyea
I think you need to figure out if nfacctd is receiving any Netflow data at
all and if it is aggregating it first.
So from a terminal do this
# *nfacctd -l 2100*
where 2100 is the port to listen for netflow records. it will default to
memory plugin. you should see a few messages printed out.
make sure you see something like this
*OK ( default_memory/memory ): waiting for data on: '/tmp/collect.pipe'*
Then in another terminal do this
# *pmacct -s -p /tmp/collect.pipe*
It should display a nice table of the aggregates it has collected in
memory for source host.
If everything is ok with the above then you at least know it is getting
and aggregating Netflow data.
Kafui

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Tech Support

2018-07-16 20:09:26 UTC

Permalink

Hello;

This has been very, very useful. I can't thank you enough. The problem was on the Cisco end.

Best Regards;

John V.

From: pmacct-discussion [mailto:pmacct-discussion-***@pmacct.net] On Behalf Of Kafui Akyea
Sent: Friday, July 13, 2018 05:12 PM
To: pmacct-***@pmacct.net
Subject: Re: [pmacct-discussion] Trying to collect NetFlow data from a Cisco router

I think you need to figure out if nfacctd is receiving any Netflow data at all and if it is aggregating it first.

So from a terminal do this

# nfacctd -l 2100

where 2100 is the port to listen for netflow records. it will default to memory plugin. you should see a few messages printed out.

make sure you see something like this

OK ( default_memory/memory ): waiting for data on: '/tmp/collect.pipe'

Then in another terminal do this

# pmacct -s -p /tmp/collect.pipe

It should display a nice table of the aggregates it has collected in memory for source host.

If everything is ok with the above then you at least know it is getting and aggregating Netflow data.

Kafui

On Fri, Jul 13, 2018 at 1:00 PM, Tech Support <***@voipbusiness.us <mailto:***@voipbusiness.us> > wrote:

All;

I have a Cisco router running IOS and have NetFlow enabled. What I want to do is simply collect that data using nfacctd. No biggie, just collect the data containing the src and dst IP addresses and store it in MySQL. I donât even need to store it in MySQL, I could simply store it pretty much anywhere. The problem is that no data is being collected. This is my nfacctd.conf file:

daemonize: true

#debug: true

networks_file: /usr/local/etc/pmacct/nfacctd.networks

aggregate: src_host,dst_host

nfacctd_port: 2100

plugins: mysql

sql_optimize_clauses: true

sql_table_schema: /usr/local/etc/pmacct/pmacct-create-db_v1.sql

sql_refresh_time: 60

sql_history: 1d

sql_history_roundoff: d

sql_db: accounting

sql_table: tkue_%Y_%m_%d

sql_host: localhost

sql_passwd: root

sql_user: xxxxxxxx

So, my question is, what am I missing? What am I doing wrong? Any insight at all would be greatly appreciated.

Thanks in Advance;

John V.