...
opFlow 2 uses the tool "flowd" to receive (and temporarily store) flow data:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
ps -ef | grep flowd |
You should see a few entries besides the grep one, the relevant one here being the two "flowd
" lines:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
[root@thor opmantek]# ps -ef | grep flowd root 13356 1 0 Jun18 ? 00:00:10 flowd: monitor _flowd 13357 13356 0 Jun18 ? 00:00:30 flowd: net root 27114 1 0 12:40 ? 00:00:00 NMIS opflowd debug=0 root 32567 27106 0 12:51 pts/5 00:00:00 grep flowd |
...
Start it with the command below
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
sudo service opflowd start |
...
Code Block |
---|
/usr/local/opmantek/bin/opflow_purge_raw_files.sh /var/opflow 7 /usr/local/opmantek/bin/opflowd.pl type=purge |
...
8. Are NetFlow packets arriving at the server?
...
with the desired agent ip address and in and out interface indices. If you omit the in_if
and out_if
arguments, all flow data from this agent is ignored; otherwise only flows that pass the specifed interfaces in the given direction are filtered out. Please note that deactivating an agent does not affect flows that have already been processed; only future inputs are filtered.
11. opFlow and opFlowSP are both included in opCommon.
...
...
nmis 'omkd' => 'load_applications'
Either opFlow or opFlowSP should be set, not both.
Otherwise, for example, opFlow uses the incorrect database in mongodb, flowsp rather than flows.