Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Log issues after upgrade to 2.2.3

https://support.nagios.com/forum/viewtopic.php?t=41272

Page 1 of 1

Log issues after upgrade to 2.2.3

Posted: Tue Nov 22, 2016 6:59 pm
by zeero22
Hi,

After upgrading to version 2.2.3, the customer has a concern that the /var/log/message file is being flooded with the following messages:

Nov 23 09:50:59 host001 nfcapd[17532]: Process_v9: flowset zero length error.
Nov 23 09:50:59 host001 nfcapd[17532]: Process_v9: flowset zero length error.
Nov 23 09:50:59 host001 nfcapd[17532]: Process_v9: flowset length error. Expected bytes: 60983 > buffersize: 1
Nov 23 09:50:59 host001 nfcapd[17524]: Process_v9: flowset zero length error.

There is approximately 1200 of these messages per minute.
[root@host001 log]# cat /var/log/messages | grep 'Nov 23 09:50' | wc -l
1281

The server appears to be collecting netflow data without issue.

1. How do we eliminate these errors in the log file?
2. Can we write nfcapd related messages to a different log file, as the /var/log/messages file is also used to log other important system information.

Regards
Zee

Re: Log issues after upgrade to 2.2.3

Posted: Wed Nov 23, 2016 1:42 pm
by bwallace
What make / model is the source?
As a quick test, on the source side - configure it to use netflow version 5 instead of version 9 and wait at least five minutes. Do you still see these errors on NNA then?

Apart from that test, I d have to say the source is sending an invalid data flowset or template flowset.
Based on those error messages, I would check that the the data FlowSet Length field is correct. Refer to table 7 here:
http://www.cisco.com/en/US/technologies ... a3db9.html

Also, template records have a limited lifetime so they must be periodically refreshed. This responsibility falls on the sender (source device) as I understand it.

Lastly, I don't think the update to 2.2.3 would have anything to do with this: nfcapd was not changed at all in 2.2.3, we have not received any other reports about this behaviour. 2.2.3 was released 08/15/2016.
Then again, what version did you upgrade from? For your reference here is the changelog;
https://assets.nagios.com/downloads/nag ... 1456514247

Re: Log issues after upgrade to 2.2.3

Posted: Fri Nov 25, 2016 1:01 am
by zeero22
Hi ,

The customer was running v2.0.0 prior to the upgrade and we didn't see the same issue, however I was instructed to re-compile a newer release of nfdump on the old NNA version to resolve a different problem. The nfcpad messages are only occurring for Cisco 3650 and Cisco 3850 sources. I suspect this issue is related to an nfcapd extension that has not been enabled.
I have logged a support ticket, but still waiting on a response.

Regards
Zee

Re: Log issues after upgrade to 2.2.3

Posted: Mon Nov 28, 2016 10:18 am
by bwallace
Thanks for that update, Zee. Definitely let us know what comes about from the ticket you've opened - we'll leave this thread open in the meantime.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited