...
Based on this the following script was created to pull all the role, user, object and privilege data out of a customer system.
opFlow Troubleshooting
If flows are not rendering in the opFlow GUI take the following actions.
Check Log Files
Review the log files in /usr/local/omk/log.
- opFlow.log
- common.log
- opDaemon.log
Verify Flow Data is Received
using tcpdump we can verify that flow data is being received by the server. This example uses the default opFlow UDP port of 9995. Specify the specific host that needs to be verified.
Code Block |
---|
[root@poller001 nfdump]# tcpdump -nn -i eth2 host 10.10.1.1 and port 9995
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
13:24:55.767037 IP 10.10.1.1.62757 > 10.215.1.7.9995: UDP, length 168
13:25:07.827152 IP 10.10.1.1.62757 > 10.215.1.7.9995: UDP, length 168 |
When we see output such as the example above we know this server is receiving flow data from the network device.
Check the Flow Data
The next step is to ensure the host in question is providing valid data that nfdump can process. Move to the /var/lib/nfdump directory and look for nfcapd files that end in a datestamp. The datestamp denotes the time the capture file was started. Select a file that is likely to contain samples from the host we with to verify and execute the following command.
Code Block |
---|
[root@poller001 nfdump]# nfdump -r nfcapd.201707111327 -o raw > ~/raw.txt |
Now view the new text file with less or a text editor. It will provide flow records such as the following. The 'ip router' field denotes the source router for this flow sample.
Code Block |
---|
Flow Record:
Flags = 0x00 FLOW, Unsampled
export sysid = 1
size = 76
first = 1499779596 [2017-07-11 22:26:36]
last = 1499779596 [2017-07-11 22:26:36]
msec_first = 447
msec_last = 447
src addr = 10.10.1.4
dst addr = 10.10.1.1
src port = 23232
dst port = 179
fwd status = 0
tcp flags = 0x02 ....S.
proto = 6 TCP
(src)tos = 192
(in)packets = 1
(in)bytes = 44
input = 4
output = 0
src as = 0
dst as = 0
src mask = 32 10.10.1.4/32
dst mask = 32 10.10.1.1/32
dst tos = 0
direction = 0
ip next hop = 0.0.0.0
ip router = 10.10.1.1
engine type = 0
engine ID = 0
received at = 1499747221750 [2017-07-11 13:27:01.750] |
Look for things are are not correct in the flow record. The following issues have been found in past support cases.
- input/output: These fields should be the SNMP index number of the input or output interfaces.
- first/last: This is a timestamp that the router assigns. It's important that the router time is in sync with opFlow time. opFlow uses this time to calculate statisitcs. For example, if the router time is an hour earlier than the server time, opFlow will not display the data until the server time catches up with the router time.
OMK General
Node synchronization with NMIS
...