Hi all,
Nagios NA is supposed to be compatible with IPFIX sources. I can't figure out how to setup such a source (choices are only sFlow, Netflow).
In my case, (UTM Sophos eg Astaro) we need to specify an OID (Observation Domain ID) then a host. The destination port for this UDP flow seems to be 4739 by default.
Does somebody can help me ?
Thx
Nagios NA and IPFIX
Re: Nagios NA and IPFIX
In fact, after investigations, it seems that IPFIX is somehow based on Netflow v9. I defined a source using Netflow profil to create this IPFIX source.
The backend.log gives me:
As the message.log gives me:
To summarize, i received some datas for a while from this IPFIX source, but then i am afraid it crashed ...
Do you have some advices ?
thx
The backend.log gives me:
Code: Select all
2014-03-28 15:50:03 INFO : Parsing data for the source id: 4
2014-03-28 15:50:03 DEBUG : Arguments: /usr/local/nagiosna/var/Astaro192.168.10/flows, nfcapd.201403281545, 4
2014-03-28 15:50:03 DEBUG : Running checks...
2014-03-28 15:50:03 DEBUG : Getting relevant checks for source id: 4
2014-03-28 15:50:03 DEBUG : Checks found: ()
2014-03-28 15:50:03 INFO : Ran checks successfully
2014-03-28 15:50:03 INFO : Successfully reaped nfcapd file.
Code: Select all
Mar 28 10:43:09 idnagna nfcapd[1749]: Launcher[1750] forked
Mar 28 10:43:09 idnagna nfcapd[1749]: Startup.
Mar 28 10:43:09 idnagna nfcapd[1750]: Launcher: Startup. auto-expire enabled
Mar 28 10:43:10 idnagna nfcapd[1749]: Process_ipfix: New exporter: SysID: 1, Observation domain 1 from: 192.168.10.254
Mar 28 10:43:22 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 256
Mar 28 10:43:22 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 257
Mar 28 10:43:28 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 258
Mar 28 10:43:44 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 259
Mar 28 10:43:58 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 260
Mar 28 10:44:04 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 265
Mar 28 10:44:10 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 261
Mar 28 10:44:46 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 262
Mar 28 10:44:51 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 263
Mar 28 10:45:00 idnagna nfcapd[1749]: Ident: '4' Flows: 899, Packets: 8603, Bytes: 4533214, Sequence Errors: 93, Bad Packets: 0
Mar 28 10:45:00 idnagna nfcapd[1749]: Signal launcher
Mar 28 10:45:00 idnagna nfcapd[1749]: Total ignored packets: 0
Mar 28 10:45:00 idnagna nfcapd[1750]: Run expire on '/usr/local/nagiosna/var/Astaro192.168.10/flows'
Mar 28 10:45:00 idnagna nfcapd[1750]: Limits: Filesize <none>, Lifetime 86400 = 1.0 days, Watermark: 0%
Mar 28 10:45:00 idnagna nfcapd[1750]: Current size: 28672 = 28.0 KB, Current lifetime: 18600 = 5.2 hours, Number of files: 2
Mar 28 10:45:00 idnagna nfcapd[1750]: expire completed - nothing to expire.
Mar 28 10:45:00 idnagna nfcapd[1750]: laucher child exit 1 childs.
Mar 28 10:45:00 idnagna nfcapd[1750]: laucher waiting childs done. 0 childs
Mar 28 10:45:23 idnagna nfcapd[1749]: Process_ipfix: [1] Add template 264
Mar 28 10:50:03 idnagna nfcapd[1749]: Ident: '4' Flows: 3781, Packets: 813742, Bytes: 1598783914, Sequence Errors: 275, Bad Packets: 0
Mar 28 10:50:03 idnagna nfcapd[1749]: Signal launcher
Mar 28 10:50:03 idnagna nfcapd[1749]: Total ignored packets: 0
Mar 28 10:50:03 idnagna nfcapd[1749]: Process_ipfix: Withdraw all templates from observation domain 1
Mar 28 10:50:03 idnagna nfcapd[1750]: Run expire on '/usr/local/nagiosna/var/Astaro192.168.10/flows'
Mar 28 10:50:03 idnagna nfcapd[1750]: Limits: Filesize <none>, Lifetime 86400 = 1.0 days, Watermark: 95%
Mar 28 10:50:03 idnagna nfcapd[1750]: Current size: 81920 = 80.0 KB, Current lifetime: 18900 = 5.2 hours, Number of files: 3
Mar 28 10:50:03 idnagna nfcapd[1750]: expire completed - nothing to expire.
Mar 28 10:50:03 idnagna nfcapd[1750]: laucher child exit 1 childs.
Mar 28 10:50:03 idnagna nfcapd[1750]: laucher waiting childs done. 0 childs
Mar 28 10:50:17 idnagna kernel: nfcapd[1749]: segfault at a49 ip 0000000000420828 sp 00007fffc9279690 error 4 in nfcapd[400000+34000]Do you have some advices ?
thx
Re: Nagios NA and IPFIX
Forget it ... it seems to be stable now ... May be due to chnage of the timezone.
I received datas from one hour but impossible to have details about Top Talkers, etc ... only the bandwith.
I'll let it run for fews days and we'll see.
I received datas from one hour but impossible to have details about Top Talkers, etc ... only the bandwith.
I'll let it run for fews days and we'll see.
-
slansing
- Posts: 7698
- Joined: Mon Apr 23, 2012 4:28 pm
- Location: Travelling through time and space...
Re: Nagios NA and IPFIX
I read through this and was all ready to answer, then saw your last post. 
Let us know how it turns out, it sounds like it is a bit less granular than netflow/sflow/jflow though.
Let us know how it turns out, it sounds like it is a bit less granular than netflow/sflow/jflow though.