Error: "host" network_mode is incompatible with port_bindings

[chinookpt]

Hi,

I was deploying your old nfcollector and was able to get all working, was only having trouble because the aplication ended up giving error after some time of working.

As this version was deprecated I switched to the new version and I think I managed once again to have almost everything working.

When I ran the command to start the container I received this error on the console.

I can access the graphana dashboard but I always have the indication that there is no data on the existing dashboards.

All my other deployment was working on Windows machine and I have almost 0 experience with Linux. I don't know if this error will be normal or if that's why I'm not collecting Netflow data to show on grafana dashboard.

Can you help? Thanks in advance.

[javadmohebbi]

Hi @chinookpt

change these line in docker-compose.yml file:

ports:
            - "6859:6859/udp"

to

# ports:
#            - "6859:6859/udp"

and update me with the result ;-)

[chinookpt]

Hi @javadmohebbi

Thank you for the help. I tried the change what you said but with no success. Unfortunately I still don't have this working.

So i comment the lines like o say but with no success. I always restarted the service with the documentation commands. I was testing other changes to the file that you say and I noticed this error in the graphana dashboards

Grafana is giving this error, i tried to check the configuration on the settings and when i save&test it gives this.

Another curious thing is that in the configuration file, the nfcollector comments on the network field, but the other previous options of influxdb and grafana are not like that.

I left everything by default in the installation and so far I just changed what you requested.

if you could point me in the right direction I would appreciate it Thanks once again.

[javadmohebbi]

Hi @chinookpt

Please provide me the output of docker ps -a and also let me know if you can open influxDB web UI http://YOUR-IP:8086 in your browser

[chinookpt]

Hi @javadmohebbi

Here it is the output of the comand docker ps -a

Regarding the influxDB webUI is working.

Once again thanks :)

[javadmohebbi]

Hi @chinookpt

It seems your influxdb is not initialized yet. Please run the further command to initialize it with default (my own default actually) configuration:

docker exec -t oi24_influxdb_1 influx setup --org OPENINTELLIGENCE --bucket nfCollector --retention 7d --username admin --password influx_admin_secret --token 5vqt0q0b4g_lZwNgp7-8GgPq5Nxf3YY37xbVZP_ypeK_G3dwdNlTrAkcKN_Q6QzbmG-Th96lT_65Kp0j2UD1HA== --force

cd $HOME/oi24

docker-compose down

docker-compose up  

Hope these command would help ;-)

[chinookpt]

Hi @javadmohebbi

Now the data is flowing in :) but i have the same problem as your previous project, after some time on the dashboard I am again without data.

Previously it was because the nfcollector was getting an random error after some random time and the process ended. In this case I don't know if it will be the same problem but the symptoms are identical, influx and grafana working but no data showing. Only if i restart the services.

Were can i check if it is the nfcollector?

Another question, on the Netflow Host Dashboard i never get data in, this is supposed to be like this?

Thanks, almost there ;)

[javadmohebbi]

Hi @chinookpt

In order to check your nfcollector logs, would you please let me have the output of this command docker logs oi24_nfcollector_1.

Also to get output from Host Dashboard, You need to fill the IP address in the text box on the dashboard page' upper left. If there is data in database about that IP address, It will show you ;)

Kind regards, M. Javad Mohebbi

[chinookpt]

Hi @javadmohebbi

Here you have the log files. I added the influxdb log to because when reading the nfcollector log it had some errors regarding writing to influxdb.

OutputnfCollector.log OutputInfluxDB.log

Another thing was that the Status of the nfcollector container was 2 hours and the influxdb and graphana was 19h. You can check this out at influxdb log, I listed the containers there. So maybe the nfcollector is really giving an error and always restarting.

Thanks.

[javadmohebbi]

Hi @chinookpt

Whats your netflow version & the device you are exporting from?

It seems nfcollector could not decode your netflow packets

Please provide these info & I will send you a special debugging app for troubleshooting ;-)

kind regards,

[javadmohebbi]

Hi @chinookpt

Whats your netflow version & the device you are exporting from?

It seems nfcollector could not decode your netflow packets

Please provide these info & I will send you a special debugging app for troubleshooting ;-)

kind regards,

Hi @chinookpt

please run the following commad for gathering some logs for further investigations. This command will run a special version of nfcollector which logs decoded netflow packets to a log file /tmp/nfcollector-dump.log

cd $HOME/oi24/nfcollector
docker-compose down
wget -O /tmp/nfcollector-logger https://github.com/javadmohebbi/goNfCollector/raw/main/build/linux/amd64/nfcollector-logger
chmod +x /tmp/nfcollector-logger
sudo /tmp/nfcollector-logger 

To stop this app, press CTRL + C After that, log file will be /tmp/nfcollector-dump.log. This file might include some confidential info about IPs. Due to security reason, you can file & replace your confidential information

Please let me know the result.

Kind regards

[chinookpt]

Hi @javadmohebbi

The idea I have is that the errors that are in the logs related to "Can not decode netflow packets" are normal when the instance is started because until the nfcollector catches a complete netflow packet it cannot interpret what is coming in. Until then, it generates these entries for a few seconds. It happened previously to with the old project. The differences in the timing inside the logs between these decode errors and the following ones show that it remains functional for long periods of time until its stop with the influxdb error. Now it may not even be normal behavior, it's just my personal understanding.

Regarding the Netflow version is 9. The device is a SonicWall.

Here is the log file.

Thanks once again.

[javadmohebbi]

Hi @javadmohebbi

The idea I have is that the errors that are in the logs related to "Can not decode netflow packets" are normal when the instance is started because until the nfcollector catches a complete netflow packet it cannot interpret what is coming in. Until then, it generates these entries for a few seconds. It happened previously to with the old project. The differences in the timing inside the logs between these decode errors and the following ones show that it remains functional for long periods of time until its stop with the influxdb error. Now it may not even be normal behavior, it's just my personal understanding.

Regarding the Netflow version is 9. The device is a SonicWall.

Here is the log file. nfcollector-dumpV1.log

Thanks once again.

Thank you for the provided information @chinookpt

In order to fix the issue, Is it possible to schedule a remote session (eg: TeamViewer) to investigate & resolve this problem?

Because logs told me that everything is right but the behavior you mentioned might be a problem I probably missed.

Let me know how to contact u to get the TeamViewer credentials for the remote session.

Kind regards

[chinookpt]

Hi @javadmohebbi

I will contact you by social media, i dont know any other private way to do it on github. @PedronaFerreira

Thanks.

[javadmohebbi]

Hi @chinookpt

I've replied your DM in the Twitter. Let me know about the time

[javadmohebbi]

Hi @chinookpt

Thank you for your time during the remote session. I will close this issue for now. Let me know if you face any other issue ;-)

[UncleJamm]

Good day @javadmohebbi. I have the same issue with "no data" and "Line: 335 [6]-Can not decode NetFlow data" logs. Could you please provide a solution to how you manage to fix it? Much appreciate.