sflow Source stops working

[DennisPR]

Hello,

We are testing Nagios Network Analyzer (v2014R1.9). We have created three sources , two for VMWare (Netflow) and one for Hp Flex virtual network (sFlow).
All sources are working fine but after a while the hp flex Sflow source stops working. The defined udp port is not listening anymore and the nfcap files are not filling up anymore
I found these errors in messages around same time the source stops working

Code: Select all

Dec 10 07:30:11 localhost kernel: sfcapd[2048] general protection ip:7fbac04107fe sp:d8134ad17d0c97f6 error:0 in libc-2.12.so[7fbac03de000+18b000]
Dec 10 13:23:13 localhost kernel: sfcapd[16080] general protection ip:7f1073d977fe sp:fc3b9273a79febbb error:0 in libc-2.12.so[7f1073d65000+18b000]
Dec 11 04:54:37 localhost kernel: sfcapd[28668] general protection ip:7fd24e4fd7fe sp:d6e64c76b5239bd4 error:0 in libc-2.12.so[7fd24e4cb000+18b000]
Dec 11 13:24:02 localhost sfcapd[1331]: SFLOW: counters_sample_element length error (expected 1410065408, found 52)
Dec 11 13:24:02 localhost kernel: sfcapd[1331] general protection ip:7f4dc93537fe sp:ab9c35129311e023 error:0 in libc-2.12.so[7f4dc9321000+18b000]
Dec 11 17:55:31 localhost sfcapd[9968]: SFLOW: counters_sample_element length error (expected 184, found 88)
Dec 11 17:55:31 localhost kernel: sfcapd[9968] general protection ip:7f152dc1f7fe sp:9bbf134a7e18b50d error:0 in libc-2.12.so[7f152dbed000+18b000]

Can someone help me with these errors ?

[lmiltchev]

What is the OS/architecture that Nagios NA was installed on? Can you run the following commands and show us the output:

Code: Select all

cat /etc/*release
uname -a

[DennisPR]

Here is the info :

Code: Select all

[root@AP-DCO163-NA ~]# cat /etc/*release
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)
[root@AP-DCO163-NA ~]# uname -a
Linux AP-DCO163-NA 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

[lmiltchev]

All sources are working fine but after a while the hp flex Sflow source stops working.

Is it possible that the time changed on either the sending device or the Nagios NA server? I would recommend verifying that time is synced, deleting the old source and recreating it (using a different name!). Wait for a day or so, and check the new source.

[DennisPR]

We have setup ntp for the NA server ad renamed the source but the issue remains.

sflow.png

[lmiltchev]

Linux AP-DCO163-NA 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Is the time issue fixed now? Run the following commands and show us the output:

Code: Select all

uname -a
date
hwclock
file /etc/localtime
cat /etc/sysconfig/clock
grep zone /etc/php.ini

[DennisPR]

Code: Select all

[root@MYHOST ~]# uname -a
Linux MYHOST 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@MYHOST ~]# date
Wed Jan 21 14:27:33 CET 2015
[root@MYHOST ~]# hwclock
Wed 21 Jan 2015 02:27:37 PM CET  -0.726699 seconds
[root@MYHOST ~]# file /etc/localtime
/etc/localtime: symbolic link to `/usr/share/zoneinfo/Europe/Brussels'
[root@MYHOST ~]# cat /etc/sysconfig/clock
ZONE="US/Eastern"
UTC=False
[root@MYHOST ~]# grep zone /etc/php.ini
; Defines the default timezone used by the date functions
; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone
date.timezone = US/Eastern

[tgriep]

It looks like your time zone settings are not matched in all of configs. Here is a document that will help you to setup the time zone in all of the files.
It also works on Network Analyzer

http://assets.nagios.com/downloads/nagi ... m_Time.pdf

[DennisPR]

We have done alle the changes mentionned in the PDF but still have the same issue

Code: Select all

[root@MYHOST ~]# uname -a
Linux MYHOST 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@MYHOST ~]# date
Fri Feb  6 09:57:10 CET 2015
[root@MYHOST ~]# hwclock
Fri 06 Feb 2015 09:57:15 AM CET  -0.532922 seconds
[root@MYHOST ~]# file /etc/localtime
/etc/localtime: timezone data, version 2, 10 gmt time flags, 10 std time flags, no leap seconds, 185 transition times, 10 abbreviation chars
[root@MYHOST ~]# cat /etc/sysconfig/clock
ZONE="Europe/Brussels"
UTC=False
[root@MYHOST ~]# grep zone /etc/php.ini
; Defines the default timezone used by the date functions
; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone
#date.timezone = US/Eastern
date.timezone = Europe/Brussels

[tgriep]

Can you verify that the NA server is receiving data from the HP device by running the tcpdump command below?

Code: Select all

tcpdump port <the port you setup to receive on>