I have a fresh NagionNA installation running on AlmaLinux 8.5.
I see nfcapd daemon up and running:
Code: Select all
udp 0 0 0.0.0.0:2055 0.0.0.0:* 1001 552755774 1588220/nfcapd
Code: Select all
nna 1588220 0.0 0.0 32688 4048 ? S 11:36 0:00 /usr/local/bin/nfcapd -I 1 -l /usr/local/nagiosna/var/test/flows -p 2055 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/test/2055.pid -D -e -w -z -T all
nna 1588221 0.0 0.0 11556 2272 ? S 11:36 0:00 /usr/local/bin/nfcapd -I 1 -l /usr/local/nagiosna/var/test/flows -p 2055 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/test/2055.pid -D -e -w -z -T all
When I run tcpdump on port 2055, I see udp netflow packets constantly coming from two configured Cisco routers.
However, all nfcapd.* files in /usr/local/nagiosna/var/test/flows/ appear to be empty (276 bytes in size):
Code: Select all
-rw-r--r-- 1 nna nnacmd 276 Feb 11 12:10 nfcapd.202202111205
-rw-r--r-- 1 nna nnacmd 276 Feb 11 12:15 nfcapd.202202111210
-rw-r--r-- 1 nna nnacmd 276 Feb 11 12:20 nfcapd.202202111215
-rw-r--r-- 1 nna nnacmd 276 Feb 11 12:25 nfcapd.202202111220
-rw-r--r-- 1 nna nnacmd 276 Feb 11 12:25 nfcapd.current.1588217
Code: Select all
Feb 11 12:15:01 localhost nfcapd[1588220]: Ident: '1' Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Feb 11 12:15:01 localhost nfcapd[1588220]: Signal launcher
Feb 11 12:15:01 localhost nfcapd[1588220]: Total ignored packets: 0
Feb 11 12:15:01 localhost nfcapd[1588221]: Launcher: fork child.
Feb 11 12:15:01 localhost nfcapd[1588221]: Launcher: child exec done.
Feb 11 12:15:01 localhost nfcapd[1588221]: Run expire on '/usr/local/nagiosna/var/test/flows'
Feb 11 12:15:01 localhost nfcapd[1588221]: Limits: Filesize <none>, Lifetime 259200 = 3.0 days, Watermark: 95%
Feb 11 12:15:01 localhost nfcapd[1588221]: Current size: 3457024 = 3.3 MB, Current lifetime: 253800 = 2.9 days, Number of files: 844
Feb 11 12:15:01 localhost nfcapd[1588221]: expire completed - nothing to expire.
Feb 11 12:15:01 localhost nfcapd[1588221]: launcher child exit 1 children.
Feb 11 12:15:01 localhost nfcapd[1588221]: launcher child 1749761 exit status: 1
Feb 11 12:15:01 localhost nfcapd[1588221]: launcher waiting children done. 0 children
Moreover, same netflow data is being sent to FastNetMon server, which has no issues parsing it.
What could be the cause of this? Is there any way to enable debug logging mode for nfcapd?