search

manuelkasper / AS-Stats

A simple tool to generate per-AS traffic graphs from NetFlow/sFlow records
BSD 2-Clause "Simplified" License
195 stars 67 forks source link

no rrd file generation #58

Closed acoul closed 7 years ago

acoul commented 7 years ago

Greetings,

running as-stats as: ./bin/asstatd.pl -r rrd/ -k conf/knownlinks -P 0

results in no rrd file generation no matter how long the as-stats runs.

as-stats feed has been tested by pmacct either on netflow/v9 or sflow and with softflowd but with no results.

proper netflow/sflow functionality has been successfully tested by wireshark, nfacctd/sfacctd & nfdump

as-stats is disturbingly quiet doing nothing

any ideas suggestions as to how to troubleshoot this would be highly appreciated

acoul commented 7 years ago

let me explain a bit my setup. I have two 32bit gentoo systems A and B. Both systems reside on the same network setup doing different tasks so things are flexible if I need to change this setup. A runs pmacct with nfbrobe plugin only. B runs quagga and as-stats.

As a startup I followed this guide with some customizations for my setup like having quagga lively feeding pmacct.

I am testing as-stats on a fresh 32bit gentoo/rolling system. Just in case of possible issues with a 32bit system, I've also tested this on a fresh 64bit void-linux/rolling musl-libc with the exact same results.

JackSlateur commented 7 years ago

Are you sure your configuration is correct ? If it is not, packets are drop silently, because they do not match your needs (watched host, watched vlan, watched ifindex)

The code is here: https://github.com/manuelkasper/AS-Stats/blob/master/bin/asstatd.pl#L655

acoul commented 7 years ago

thank you for the useful feedback.

commenting out that return on line 655 did not made any difference.

I also tried a previous as-stats v1.5 with no success.

here is some further information on this 32bit SMP gentoo system:

Linux version 4.9.7-gentoo (root@aifnis) (gcc version 5.4.0 (Gentoo 5.4.0-r2 p1.2, pie-0.6.5) ) #1 SMP Thu Feb 2 13:34:59 EET 2017

rrdtool-1.6.0-r1 File-Find-Rule-0.340.0 / http://search.cpan.org/dist/File-Find-Rule/ File-Find-Rule-Perl-1.130.0 / http://search.cpan.org/dist/File-Find-Rule-Perl/ Net-sFlow-0.11 / http://search.cpan.org/dist/Net-sFlow/

acoul commented 7 years ago

I uncommented some print statements on the asstatsd.pl and got the following:

DEBUG Sampling Rate for 10.2.19.1_0 is IN: 1 | OUT: 1 Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Updated template ID 1024 (source ID 0, from 10.2.19.1) Updated template ID 1025 (source ID 0, from 10.2.19.1) Updated template ID 1024 (source ID 0, from 10.2.19.1) Updated template ID 1025 (source ID 0, from 10.2.19.1)

I forgot to mention that this setup runs on a IP/BGP/AS private 10.0.0.0/8 AWMN network.

I also commented out line 628 without any change on this issue.

More information about my setup can be found here

JackSlateur commented 7 years ago

Can you provide your configuration, as well as a pcap fed with a couple of flow samples ?

acoul commented 7 years ago

pmacct/nfprobe config:

daemonize: false promisc: true plugin_buffer_size: 10240
plugin_pipe_size: 10240000 pcap_filter: net 10.0.0.0/8 interface: eth0 plugins: nfprobe nfprobe_receiver: 10.2.19.18:9000 nfprobe_version:9 nfacctd_net: fallback nfacctd_as_new: fallback nfprobe_peer_as: true sfprobe_peer_as: true bgp_daemon_pipe_size: 1310710 bgp_daemon: true bgp_daemon_ip: 10.2.19.4 bgp_daemon_id: 10.2.19.4 bgp_agent_map: /etc/pmacct/agent_to_peer.map bgp_daemon_port: 17917 bgp_follow_nexthop: 10.2.19.0/24, 10.2.146.0/24, 10.0.0.0/8 aggregate: src_host, dst_host, src_port, dst_port, src_as, dst_as, as_path, peer_src_as, peer_dst_as, proto

/etc/pmacct/agent_to_peer.map : bgp_ip=10.2.19.1 ip=10.0.0.0/8 bgp_ip=10.2.19.3 ip=10.0.0.0/8

nfcapd.zip

acoul commented 7 years ago

I had some progress:

DEBUG Sampling Rate for 10.2.19.1_0 is IN: 1 | OUT: 1 Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Template ID 1024 from 0/10.2.19.1 does not (yet) exist Updated template ID 1024 (source ID 0, from 10.2.19.1) Updated template ID 1025 (source ID 0, from 10.2.19.1) 0 => 0 (40 octets, version 4, snmpin 0, snmpout 0) 2493: flushing data for AS 0 (1488059548) 2493: creating RRD file for AS 0 0 => 0 (60 octets, version 4, snmpin 0, snmpout 0) 0 => 0 (40 octets, version 4, snmpin 0, snmpout 0) 0 => 0 (60 octets, version 4, snmpin 0, snmpout 0) 0 => 0 (94 octets, version 4, snmpin 0, snmpout 0) 0 => 0 (78 octets, version 4, snmpin 0, snmpout 0) 0 => 0 (143 octets, version 4, snmpin 0, snmpout 0) 0 => 0 (65 octets, version 4, snmpin 0, snmpout 0) 0 => 0 (139 octets, version 4, snmpin 0, snmpout 0)

my conf/knownlinks : 10.2.19.1 0 SupperQuagga SupperQuagga ABCDEF 1

and some more progress:

DEBUG Sampling Rate for 10.2.19.1_0 is IN: 1 | OUT: 1 Updated template ID 1024 (source ID 0, from 10.2.19.1) Updated template ID 1025 (source ID 0, from 10.2.19.1) 0 => 7817 (40 octets, version 4, snmpin 0, snmpout 0) 7817 => 0 (132 octets, version 4, snmpin 0, snmpout 0) 0 => 7817 (40 octets, version 4, snmpin 0, snmpout 0) 7817 => 0 (60 octets, version 4, snmpin 0, snmpout 0) 0 => 13101 (40 octets, version 4, snmpin 0, snmpout 0) 13101 => 0 (52 octets, version 4, snmpin 0, snmpout 0) 0 => 22128 (80 octets, version 4, snmpin 0, snmpout 0) 0 => 9474 (40 octets, version 4, snmpin 0, snmpout 0) 9474 => 0 (60 octets, version 4, snmpin 0, snmpout 0) 0 => 10030 (40 octets, version 4, snmpin 0, snmpout 0) 10030 => 0 (60 octets, version 4, snmpin 0, snmpout 0) 0 => 7817 (40 octets, version 4, snmpin 0, snmpout 0) 7817 => 0 (60 octets, version 4, snmpin 0, snmpout 0)

acoul commented 7 years ago

let me shamefully close this "ticket" as invalid, apologizing for the "lost cycles", since as-stats properly does whatever was designed to do, though quite silently.

being a n00b on this field, I am still exploring and learning its wonders. You may see some of my efforts here

thank you dearly for offering such a handy little tool to the open-source community.