Nagios Support Forum

Posted: **Sat Jan 04, 2014 4:41 pm**

Hello,

On the latest nna, I generate a query and run it. I have a couple of issues, and they may be related.

I generated a query, and ran it OK using the baa default query (24 hours). I then select the drop down and change to Custom Elapsed Time. I put in 60 minutes. I get nothing back. I change it to 180, and on until I get to about 5-6 hours back. Finally I get some data.

However, I know for a fact that data samples should be there in the last 1 hour, 2 hours and 3 hours because the process I am testing with I have used extensively the last few hours. It's a backup application transmitting encrypted data on https (443). I know the destination IP because it's my server offsite.

After looking at some time stamps on the 24 hour query, I think the data being logged is not logged with correct times. My naa server is time synced and correct. My router shows the correct time. My desktop I'm running the application from shows the correct time.

What time does naa use when logging data samples? I'm just wondering if its using GMT while I am using EDT...

Posted: **Sat Jan 04, 2014 5:42 pm**

So I setup a query for port 25, and sent a test email at 17:37. After about 5 minutes naa updated at the time stamp on the last flow was displayed as 12:37. Is there a way to fix this?

Posted: **Mon Jan 06, 2014 9:34 am**

What is the version of the Nagios NA that you are currently using? What is the output of the following commands?

Code: Select all

tail -50 /var/log/messages
cat /etc/sysconfig/clock
grep "date.timezone =" /etc/php.ini

Can you show us a screenshot of the failing report? I haven't been able to recreate the issue - here's what I have:

nna.PNG

Do you have something similar?

Posted: **Tue Jan 07, 2014 7:48 am**

This is a test VM running, and so there are a few vm errors, but below is the info

[root@sc ~]# tail -50 /var/log/messages
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:40:03 localhost nfcapd[40713]: Ident: '2' Flows: 137, Packets: 748, Bytes: 247964, Sequence Errors: 0, Bad Packets: 0
Jan 7 07:40:03 localhost nfcapd[40713]: Signal launcher
Jan 7 07:40:03 localhost nfcapd[40713]: Total ignored packets: 0
Jan 7 07:40:03 localhost nfcapd[40714]: Run expire on '/usr/local/nagiosna/var/PROBE-HOME/flows'
Jan 7 07:40:03 localhost nfcapd[40714]: Limits: Filesize <none>, Lifetime 345600 = 4.0 days, Watermark: 95%
Jan 7 07:40:03 localhost nfcapd[40714]: Current size: 9105408 = 8.7 MB, Current lifetime: 257100 = 3.0 days, Number of files: 858
Jan 7 07:40:03 localhost nfcapd[40714]: expire completed - nothing to expire.
Jan 7 07:40:03 localhost nfcapd[40714]: laucher child exit 1 childs.
Jan 7 07:40:03 localhost nfcapd[40714]: laucher waiting childs done. 0 childs
Jan 7 07:40:04 localhost nfcapd[28994]: Ident: '1' Flows: 383, Packets: 2827, Bytes: 1192228, Sequence Errors: 0, Bad Packets: 0
Jan 7 07:40:04 localhost nfcapd[28994]: Signal launcher
Jan 7 07:40:04 localhost nfcapd[28994]: Total ignored packets: 0
Jan 7 07:40:04 localhost nfcapd[28996]: Run expire on '/usr/local/nagiosna/var/WRT-Home/flows'
Jan 7 07:40:04 localhost nfcapd[28996]: Limits: Filesize <none>, Lifetime 432000 = 5.0 days, Watermark: 95%
Jan 7 07:40:04 localhost nfcapd[28996]: Current size: 34496512 = 32.9 MB, Current lifetime: 398700 = 4.6 days, Number of files: 1330
Jan 7 07:40:04 localhost nfcapd[28996]: expire completed - nothing to expire.
Jan 7 07:40:04 localhost nfcapd[28996]: laucher child exit 1 childs.
Jan 7 07:40:04 localhost nfcapd[28996]: laucher waiting childs done. 0 childs
[root@sc ~]# tail -50 /var/log/messages
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:38:10 localhost vmusr[38206]: [ warning] [GLib-GObject] Two different plugins tried to register 'BasicEngineFc'.
Jan 7 07:38:10 localhost vmusr[38206]: [critical] [GLib-GObject] g_object_new: assertion `G_TYPE_IS_OBJECT (object_type)' failed
Jan 7 07:40:03 localhost nfcapd[40713]: Ident: '2' Flows: 137, Packets: 748, Bytes: 247964, Sequence Errors: 0, Bad Packets: 0
Jan 7 07:40:03 localhost nfcapd[40713]: Signal launcher
Jan 7 07:40:03 localhost nfcapd[40713]: Total ignored packets: 0
Jan 7 07:40:03 localhost nfcapd[40714]: Run expire on '/usr/local/nagiosna/var/PROBE-HOME/flows'
Jan 7 07:40:03 localhost nfcapd[40714]: Limits: Filesize <none>, Lifetime 345600 = 4.0 days, Watermark: 95%
Jan 7 07:40:03 localhost nfcapd[40714]: Current size: 9105408 = 8.7 MB, Current lifetime: 257100 = 3.0 days, Number of files: 858
Jan 7 07:40:03 localhost nfcapd[40714]: expire completed - nothing to expire.
Jan 7 07:40:03 localhost nfcapd[40714]: laucher child exit 1 childs.
Jan 7 07:40:03 localhost nfcapd[40714]: laucher waiting childs done. 0 childs
Jan 7 07:40:04 localhost nfcapd[28994]: Ident: '1' Flows: 383, Packets: 2827, Bytes: 1192228, Sequence Errors: 0, Bad Packets: 0
Jan 7 07:40:04 localhost nfcapd[28994]: Signal launcher
Jan 7 07:40:04 localhost nfcapd[28994]: Total ignored packets: 0
Jan 7 07:40:04 localhost nfcapd[28996]: Run expire on '/usr/local/nagiosna/var/WRT-Home/flows'
Jan 7 07:40:04 localhost nfcapd[28996]: Limits: Filesize <none>, Lifetime 432000 = 5.0 days, Watermark: 95%
Jan 7 07:40:04 localhost nfcapd[28996]: Current size: 34496512 = 32.9 MB, Current lifetime: 398700 = 4.6 days, Number of files: 1330
Jan 7 07:40:04 localhost nfcapd[28996]: expire completed - nothing to expire.
Jan 7 07:40:04 localhost nfcapd[28996]: laucher child exit 1 childs.
Jan 7 07:40:04 localhost nfcapd[28996]: laucher waiting childs done. 0 childs

[root@sc ~]# cat /etc/sysconfig/clock
# The time zone of the system is defined by the contents of /etc/localtime.
# This file is only for evaluation by system-config-date, do not rely on its
# contents elsewhere.
ZONE="America/New_York"
[root@sc ~]#

[root@sc ~]# grep date.time /etc/php.ini
; http://www.php.net/manual/en/datetime.c ... e.timezone
date.timezone = America/New_York

Posted: **Tue Jan 07, 2014 7:49 am**

version

[root@sc ~]# ls /root/Downloads/
nagiosna-2014r1.3.tar.gz

Posted: **Tue Jan 07, 2014 7:58 am**

Here is a run of a default report provided by naa for the Top 5 Sources in the last 24 hours. My laptop, which I have been using since 6AM (it's now 7:50) is listed (10.0.1.44). Notice the time stamp of that source (2:49 AM). It seems to be logging in GMT time, but I am GMT-5. So it's not that it's wrong, just the time entries into the database seem to be logged with the wrong timezone.

So, if I modify this report, and rerun with "last 60 minutes" I get no data back.

I've attached both screenshots.

Posted: **Tue Jan 07, 2014 11:46 am**

Alright, so if you wouldn't mind, lets go to the command line of your Nagios Network Analyzer server to get to the bottom of it.

You said that the times on the NNA server, were proper, so lets take a look at the flows that are coming in. We'll need to know the name of the source that is giving strange timestamp, in this case it looks like its wrt-home, so log in to your server and change directory to Nagios NA's var directory:

Code: Select all

cd /usr/local/nagiosna/var

Then do

Code: Select all

ls

There should be a folder named something very similar to wrt-home, cd into that directory's flow directory

Code: Select all

cd wrt-home/flows

This is where all the flow files are kept, so we're going to see what times they are being reported as. Pick the newest file (they are labeled like so: nfcapd.{year}{month}{day}{hour}{minute}. So the nfcapd file that shows information for January 7th, 2014, 10:30AM is nfcapd.201401071030. We will use this one as the example, but please pick the latest one. We are simply going to dump the file

Code: Select all

nfdump -r nfcapd.201401071030

This is going to dump A LOT of text to the console, we don't need to grab all of it, but we are interested in the time window that will be in the summary. Could you post that summary for us?

Posted: **Tue Jan 07, 2014 11:57 am**

OK!! Isn't this fun?

So first...

[root@sc var]# date
Tue Jan 7 11:52:37 EST 2014

Well, this gets good quick...
[root@sc flows]# nfdump -r nfcapd.201401071145

2014-01-07 06:49:44.335 0.619 TCP 72.250.168.71:993 -> 10.0.1.44:57946 16 2190 1
2014-01-07 06:49:44.208 0.747 TCP 10.0.1.44:57946 -> 72.250.168.71:993 16 1394 1
2014-01-07 06:49:44.323 0.801 TCP 173.194.68.108:993 -> 10.0.1.44:58698 10 712 1
2014-01-07 06:49:44.207 0.918 TCP 10.0.1.44:58698 -> 173.194.68.108:993 10 685 1
2014-01-07 06:49:48.771 0.000 UDP 10.0.1.41:123 -> 107.22.169.155:123 1 76 1
2014-01-07 06:49:49.293 0.000 UDP 107.22.169.155:123 -> 10.0.1.41:123 1 76 1
Summary: total flows: 732, total bytes: 2.7 M, total packets: 7621, avg bps: 62451, avg pps: 22, avg bpp: 347
Time window: 2014-01-07 06:44:18 - 2014-01-07 06:49:58
Total flows processed: 732, Blocks skipped: 0, Bytes read: 38192
Sys: 0.017s flows/second: 40673.4 Wall: 0.027s flows/second: 26632.7
[root@sc flows]#

Posted: **Tue Jan 07, 2014 12:15 pm**

Yes, thanks!

So we see that the times being reported in the flows match up with exactly what you are saying, they appear to be lagging several hours behind. There must be some issue with devices that are sending the flow data, as those are hardcoded into flows. What kinds of devices are sending flow data? Are they properly setup as far as timezone, UTC goes?

Posted: **Tue Jan 07, 2014 12:23 pm**

OK, so I am using a couple of small routers with dd-wrt on them. They are setup for UTC-5:00, and indicate the correct time in the GUI. But at the prompt they show the correct time as UTC only... so that's my issue.

Nagios Support Forum

data time issue or query issue

data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue

Re: data time issue or query issue