bit of a newbie question(s)

[ken-crozier]

Hi, I'm relatively new to nfsen and have gotten to a point where I stuck. Sorry if this is very basic ... Through lots of reading I have nfcapd running creating files under /var/nfdump/profiles-data/live/bachman - i started it with

nfcapd -w -D -p 2025 -u netflow -g www-data -B 200000 -s 1 -z -I bachman -l /var/nfdump/profiles-data/live/bachman

Now onto where I'm stuck ... nfcapd has been running for about 10 hours so I would expect to see lots of data ... but this is what I get when I go to the browser ....

And when I try ./cli.php status I get no response, it also says that a log should be created in /var/www/html/nfsen/backend ... but it's not - so what am i missing ??

Also in your readme, while it describes how to install nfsed-ng maybe a couple of lines on adding the netflow user and how to start nfcapd would be useful

thanks in advance Ken

[Dona21]

Hi Ken,

I will try to help you as much as possible, though I'm not an expert neither.

Understood that you are new to nfsen. Are you familiar with NetFlow ? If not, maybe start reading the wikipedia page https://en.wikipedia.org/wiki/NetFlow

Based on what you can read on the wikipedia page, you could imagine "nfsen-ng" as the web "Analysis application". It is actually web-based visualizer that uses nfdump which is the real analysis application.

nfsen-ng has nothing to do with the exporter part nor the collector part. The exporter could be a network device (software or hardware) and the collector in our case is "nfcapd" from "nfdump" suite.

To sum up, "nfsen-ng" will work only if you have collected data with your collector (nfcapd) which will collect data only if you have configured an exporter correctly.

My first question is : did you configure an exporter ? If you let the collector run without sending data to it, you will have no data to use.

Please post a tree output of your "/var/nfdump/profiles-data/live/bachman" with : tree -h /var/nfdump/profiles-data/live/bachman

What is the output of "cli.php" if you run it without arguments ? /your/path/to/www/nfsen-ng/backend/cli.php

Do you get output if you run nfdump with YOUR_FILE being a nfcapd file in that directory sudo nfdump -I -M bachman -r /var/nfdump/profiles-data/live/bachman/2020/03/27/YOUR_FILE

Thanks for your advice concerning the netflow user. Actually this is not covered here as this is part of the data collection which is accomplished with nfcapd from the nfdump suite and should probably be explained there. In any case, it is a good idea and if we manage to find a time slot with @mbolli we will implement some features, correct some bugs and work on the wiki to cover that part too. Currently we are overloaded with our respective jobs but the motivation to keep working on this project does exist ;-)

Looking forward to get your feedback and further help you

[ken-crozier]

Hi Dona, Well not so much of newbie …. I’ve been working with Netflow for quite a number of years now … here are your requests …

root@Netflow:/var/www/html/nfsen-ng/backend# ./cli.php root@Netflow:/var/www/html/nfsen-ng/backend# root@Netflow:/var/www/html/nfsen-ng/backend# nfdump -I -M bachman -r /var/nfdump/profiles-data/live/bachman/2020/03/27/00/nfcapd.202003270000 Can't stat 'bachman': No such file or directory Ident: fortinet Flows: 0 Flows_tcp: 0 Flows_udp: 0 Flows_icmp: 0 Flows_other: 0 Packets: 0 Packets_tcp: 0 Packets_udp: 0 Packets_icmp: 0 Packets_other: 0 Bytes: 0 Bytes_tcp: 0 Bytes_udp: 0 Bytes_icmp: 0 Bytes_other: 0 First: 1585292400 Last: 1585292700 msec_first: 0 msec_last: 0 Sequence failures: 0

root@Netflow:~# tree -h /var/nfdump/profiles-data/live/bachman /var/nfdump/profiles-data/live/bachman ├── [4.0K] 2020 │ └── [4.0K] 03 │ ├── [4.0K] 26 │ │ └── [4.0K] 23 │ │ ├── [ 276] nfcapd.202003262330 │ │ ├── [ 276] nfcapd.202003262335 │ │ ├── [ 276] nfcapd.202003262340 │ │ ├── [ 276] nfcapd.202003262345 │ │ ├── [ 276] nfcapd.202003262350 │ │ └── [ 276] nfcapd.202003262355 │ └── [4.0K] 27 │ ├── [4.0K] 00 │ │ ├── [ 276] nfcapd.202003270000 │ │ ├── [ 276] nfcapd.202003270005 │ │ ├── [ 276] nfcapd.202003270010 │ │ ├── [ 276] nfcapd.202003270015 │ │ ├── [ 276] nfcapd.202003270020 │ │ ├── [ 276] nfcapd.202003270025 │ │ ├── [ 276] nfcapd.202003270030 │ │ ├── [ 276] nfcapd.202003270035 │ │ ├── [ 276] nfcapd.202003270040 │ │ ├── [ 276] nfcapd.202003270045 │ │ ├── [ 276] nfcapd.202003270050 │ │ └── [ 276] nfcapd.202003270055 │ ├── [4.0K] 01 │ │ ├── [ 276] nfcapd.202003270100 │ │ ├── [ 276] nfcapd.202003270105 │ │ ├── [ 276] nfcapd.202003270110 │ │ ├── [ 276] nfcapd.202003270115 │ │ ├── [ 276] nfcapd.202003270120 │ │ ├── [ 276] nfcapd.202003270125 │ │ ├── [ 276] nfcapd.202003270130 │ │ ├── [ 276] nfcapd.202003270135 │ │ ├── [ 276] nfcapd.202003270140 │ │ ├── [ 276] nfcapd.202003270145 │ │ ├── [ 276] nfcapd.202003270150 │ │ └── [ 276] nfcapd.202003270155

[Dona21]

Hi Ken,

Based on your feedback, it seems that many things are not working and should be fixed. For further use, may I ask you which OS you are using and which webserver ?

Below some observed points which might further help you : (-) the nfdump output shows that there is no flow data in the file you selected (-) the tree output shows that all nfcapd files are empty (no flow data) (-) the tree output shows a structure which is currently not compatible with nfsen-ng -> see the first point under configuration that sates -> Note: nfsen-ng expects the profiles-data folder structure to be PROFILES_DATA_PATH/PROFILE/SOURCE/YYYY/MM/DD/nfcapd.YYYYMMDDHHII (-) cli.php should return something when invoked without arguments, but this is the last thing to have a look at right now as you have no data and incompabile folder structure

Without having any idea about your infrastructure, I would do the following in this situation : (-) As per your first message, you expect flow data to be captured by the collector on port 2025. Is the exporter sending the data on that port ? (-) You could check the previous point in the exporter configuration first, but also check with a network packet capture like "wireshark" and/or check if a firewall is blocking this connection (-) If flow data is sent by the collector and received by the network interface(s) of your collector, it might be a collector problem (structure, permissions, something else...)

Let's start with that

[ken-crozier]

Hi Dona,

In this comment https://github.com/mbolli/nfsen-ng/issues/1 it says that nfsen-ng can only process the LIVE profile so if that’s incorrect then that needs to be changed, or corrected, or removed ….

The files are not empty as seen here

4.0K nfcapd.202003271135 4.0K nfcapd.202003280955 40K nfcapd.202003290815 4.0K nfcapd.202003300635 4.0K nfcapd.202003271140 4.0K nfcapd.202003281000 40K nfcapd.202003290820 4.0K nfcapd.202003300640 4.0K nfcapd.202003271145 4.0K nfcapd.202003281005 40K nfcapd.202003290825 4.0K nfcapd.202003300645 4.0K nfcapd.202003271150

I’ve moved the flow data from my Fortinet Firewall and nprobe onto another system and this is the output of tcpdump on that system, so I think flows are there….

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes 04:17:48.537676 IP 10.0.1.1.3370 > 10.0.1.14.xribs: NetFlow v9 04:17:48.537709 IP 10.0.1.1.3370 > 10.0.1.14.xribs: NetFlow v9 04:17:50.068457 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:17:55.068445 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:17:58.068495 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:18:03.556830 IP 10.0.1.1.3370 > 10.0.1.14.xribs: NetFlow v9 04:18:03.556852 IP 10.0.1.1.3370 > 10.0.1.14.xribs: NetFlow v9 04:18:08.068472 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:18:11.068421 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:18:11.068443 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:18:11.068447 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:18:14.068381 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:18:18.068521 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 04:18:18.575519 IP 10.0.1.1.3370 > 10.0.1.14.xribs: NetFlow v9 04:18:18.575539 IP 10.0.1.1.3370 > 10.0.1.14.xribs: NetFlow v9 04:18:20.068496 IP 10.0.1.10.59715 > 10.0.1.14.xribs: NetFlow v9 ^C 16 packets captured 16 packets received by filter 0 packets dropped by kernel

The system I have nfsen-ng on is

Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-91-generic x86_64)

Anything else ….

Ken

[Dona21]

Hi Ken,

The comment you referred to is correct and does not need any correction. You are using the live profile already (seen in your path -> /var/nfdump/profiles-data/live/bachman).

If the files were not empty, your tree output would look like this (see my truncated output below). Instead of that, your tree output shows [276] in front of each file which corresponds to empty nfcapd files.

root@nfsen-ng: tree -h /var/nfsen/profiles-data/live/source1/2020/03 . ├── [ 11K] 01 │   ├── [ 18K] nfcapd.202003010000 │   ├── [ 17K] nfcapd.202003010005 │   ├── [ 15K] nfcapd.202003010010 │   ├── [ 18K] nfcapd.202003010015 │   ├── [ 15K] nfcapd.202003010020 │   ├── [ 16K] nfcapd.202003010025 │   ├── [ 18K] nfcapd.202003010030 │   ├── [ 18K] nfcapd.202003010035 │   ├── [ 15K] nfcapd.202003010040 │   ├── [ 16K] nfcapd.202003010045 │   ├── [ 14K] nfcapd.202003010050 │   ├── [ 16K] nfcapd.202003010055

Additionally, running the nfdump command would give you data if your files were not empty (see below example from my machine), which is much different from what you posted above.

root@nfsen-ng: nfdump -I -M source1 -r /var/nfsen/profiles-data/live/source1/2020/03/31/nfcapd.202003311345 Can't stat 'source1': No such file or directory Ident: source1 Flows: 1116 Flows_tcp: 12 Flows_udp: 446 Flows_icmp: 71 Flows_other: 587 Packets: 2319 Packets_tcp: 651 Packets_udp: 850 Packets_icmp: 90 Packets_other: 728 Bytes: 451861 Bytes_tcp: 128992 Bytes_udp: 206805 Bytes_icmp: 9546 Bytes_other: 106518 First: 1585655034 Last: 1585655395 msec_first: 444 msec_last: 130 Sequence failures: 132

Therefore, you have have issues with your collector. Check the nfdump (and related nfcapd) github page (https://github.com/phaag/nfdump) to have a working instance, as nfsen-ng will work only once these tools are setup correctly

[ken-crozier]

Hi,

So I think there where a couple of problems, one was not following the instructions correctly and it really needs to have /settings/settings.php … plus i think there was a permissions issue with .. in one of the directories …. here’s nfdump of one of the files now

root@Netflow:/var/www/html/nfsen-ng/backend# nfdump -I -r /var/nfdump/profiles-data/live/fortinet/2020/04/01/13/nfcapd.202004011340 Ident: fortinet Flows: 260 Flows_tcp: 52 Flows_udp: 206 Flows_icmp: 2 Flows_other: 0 Packets: 151600 Packets_tcp: 108080 Packets_udp: 43360 Packets_icmp: 160 Packets_other: 0 Bytes: 111046400 Bytes_tcp: 98996000 Bytes_udp: 12023520 Bytes_icmp: 26880 Bytes_other: 0 First: 1585771708 Last: 1585773858 msec_first: 120 msec_last: 770 Sequence failures: 0

Now on ./cli.php I get

root@Netflow:/var/www/html/nfsen-ng/backend# ./cli.php 2020-04-01 14:34:20 Fatal: Please install the PECL rrd library.

But when I do a pecl install rrd i get

root@Netflow:/var/www/html/nfsen-ng/backend# pecl install rrd pecl/rrd is already installed and is the same as the released version 2.0.1 install failed

Any hints ??

thanks Ken

On Mar 31, 2020, at 5:23 AM, Dona21 notifications@github.com wrote:

Hi Ken,

The comment you referred to is correct and does not need any correction. You are using the live profile already (seen in your path -> /var/nfdump/profiles-data/live/bachman).

If the files were not empty, your tree output would look like this (see my truncated output below). Instead of that, your tree output shows [276] in front of each file which corresponds to empty nfcapd files.

root@nfsen-ng: tree -h /var/nfsen/profiles-data/live/source1/2020/03 . ├── [ 11K] 01 │ ├── [ 18K] nfcapd.202003010000 │ ├── [ 17K] nfcapd.202003010005 │ ├── [ 15K] nfcapd.202003010010 │ ├── [ 18K] nfcapd.202003010015 │ ├── [ 15K] nfcapd.202003010020 │ ├── [ 16K] nfcapd.202003010025 │ ├── [ 18K] nfcapd.202003010030 │ ├── [ 18K] nfcapd.202003010035 │ ├── [ 15K] nfcapd.202003010040 │ ├── [ 16K] nfcapd.202003010045 │ ├── [ 14K] nfcapd.202003010050 │ ├── [ 16K] nfcapd.202003010055

Additionally, running the nfdump command would give you data if your files were not empty (see below example from my machine), which is much different from what you posted above.

root@nfsen-ng: nfdump -I -M source1 -r /var/nfsen/profiles-data/live/source1/2020/03/31/nfcapd.202003311345 Can't stat 'source1': No such file or directory Ident: source1 Flows: 1116 Flows_tcp: 12 Flows_udp: 446 Flows_icmp: 71 Flows_other: 587 Packets: 2319 Packets_tcp: 651 Packets_udp: 850 Packets_icmp: 90 Packets_other: 728 Bytes: 451861 Bytes_tcp: 128992 Bytes_udp: 206805 Bytes_icmp: 9546 Bytes_other: 106518 First: 1585655034 Last: 1585655395 msec_first: 444 msec_last: 130 Sequence failures: 132

Therefore, you have have issues with your collector. Check the nfdump (and related nfcapd) github page (https://github.com/phaag/nfdump https://github.com/phaag/nfdump) to have a working instance, as nfsen-ng will work only once these tools are setup correctly

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mbolli/nfsen-ng/issues/44#issuecomment-606593471, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO64CPCZUCKHZM7VVVBWM5DRKHOFZANCNFSM4LVG4AFQ.

[Dona21]

Hi Ken,

Glad to hear that you managed to have the collector working.

The profiles-data folder structure however is still wrong (by wrong I mean not compatible with nfsen-ng).

nfsen-ng expects the profiles-data folder structure to be PROFILES_DATA_PATH/PROFILE/SOURCE/YYYY/MM/DD/nfcapd.YYYYMMDDHHII

The captured data in your case is PROFILES_DATA_PATH/PROFILE/SOURCE/YYYY/MM/DD/HH/nfcapd.YYYYMMDDHHII

Based on your first comment this should be easily fixed by changing your lower case "-s" parameter to upper case "-S"

this : nfcapd -w -D -p 2025 -u netflow -g www-data -B 200000 -s 1 -z -I bachman -l /var/nfdump/profiles-data/live/bachman

becomes that : nfcapd -w -D -p 2025 -u netflow -g www-data -B 200000 -S 1 -z -I bachman -l /var/nfdump/profiles-data/live/bachman

Concerning the message you are getting when executing cli.php, could you post the content of this file /etc/php/7.2/mods-available/rrd.ini

[ken-crozier]

Hi Dona, thanks I have fixed my nfcapd to have the -S

and the contents of

root@Netflow:/var/www/html/nfsen-ng/backend# cat /etc/php/7.2/mods-available/rrd.ini add extension=rrd.so phpenmod rrd

thanks Ken

On Apr 2, 2020, at 11:53 PM, Dona21 notifications@github.com wrote:

/etc/php/7.2/mods-available/rrd.ini

[mbolli]

Hi Ken,

the contents of rrd.ini should only be extension=rrd.so. and phpenmod rrd is a command to execute in the terminal. Don't forget to service apache2 restart after the command above.

enjoy your weekend! Michael

[ken-crozier]

Ah, ok thanks

fixed rrd.ini and ran phpenmod rrd and restarted apache2

still get

root@Netflow:/var/www/html/nfsen-ng/backend# phpenmod rrd root@Netflow:/var/www/html/nfsen-ng/backend# service apache2 restart root@Netflow:/var/www/html/nfsen-ng/backend# ./cli.php 2020-04-03 07:38:49 Fatal: Please install the PECL rrd library. root@Netflow:/var/www/html/nfsen-ng/backend#

On Apr 3, 2020, at 7:32 AM, Michael Bolli notifications@github.com wrote:

Hi Ken,

the contents of rrd.ini should only be extension=rrd.so. and phpenmod rrd is a command to execute in the terminal. Don't forget to service apache2 restart after the command above.

enjoy your weekend! Michael

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mbolli/nfsen-ng/issues/44#issuecomment-608466615, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO64CPA7732CTIYULCZOCOTRKXXPPANCNFSM4LVG4AFQ.

[mbolli]

Hmm that's weird. Can you confirm that there's a file 20-rrd.ini (or similar) in both of these folders:

• /etc/php/7.2/cli/conf.d
• /etc/php/7.2/apache2/conf.d

[ken-crozier]

root@Netflow:/var/www/html/nfsen-ng/backend# ls /etc/php/7.2/cli/conf.d/ 10-opcache.ini 20-calendar.ini 20-exif.ini 20-gettext.ini 20-phar.ini 20-rrd.ini 20-sockets.ini 20-sysvshm.ini 20-xmlreader.ini 10-pdo.ini 20-ctype.ini 20-fileinfo.ini 20-iconv.ini 20-posix.ini 20-shmop.ini 20-sysvmsg.ini 20-tokenizer.ini 20-xmlwriter.ini 15-xml.ini 20-dom.ini 20-ftp.ini 20-json.ini 20-readline.ini 20-simplexml.ini 20-sysvsem.ini 20-wddx.ini 20-xsl.ini root@Netflow:/var/www/html/nfsen-ng/backend# cat /etc/php/7.2/cli/conf.d/20-rrd.ini add extension=rrd.so root@Netflow:/var/www/html/nfsen-ng/backend# ls /etc/php/7.2/apache2/conf.d/ 10-opcache.ini 20-calendar.ini 20-exif.ini 20-gettext.ini 20-phar.ini 20-rrd.ini 20-sockets.ini 20-sysvshm.ini 20-xmlreader.ini 10-pdo.ini 20-ctype.ini 20-fileinfo.ini 20-iconv.ini 20-posix.ini 20-shmop.ini 20-sysvmsg.ini 20-tokenizer.ini 20-xmlwriter.ini 15-xml.ini 20-dom.ini 20-ftp.ini 20-json.ini 20-readline.ini 20-simplexml.ini 20-sysvsem.ini 20-wddx.ini 20-xsl.ini root@Netflow:/var/www/html/nfsen-ng/backend# cat /etc/php/7.2/apache2/conf.d/20-rrd.ini add extension=rrd.so root@Netflow:/var/www/html/nfsen-ng/backend#

On Apr 3, 2020, at 7:48 AM, Michael Bolli notifications@github.com wrote:

Hmm that's weird. Can you confirm that there's a file 20-rrd.ini (or similar) in both of these folders:

/etc/php/7.2/cli/conf.d /etc/php/7.2/apache2/conf.d — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mbolli/nfsen-ng/issues/44#issuecomment-608475144, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO64CPC4HS5I3EPBQBXQTHLRKXZM7ANCNFSM4LVG4AFQ.

[mbolli]

What about php -i | grep rrd ?

[ken-crozier]

root@Netflow:/var/www/html/nfsen-ng/backend# php -i | grep rrd /etc/php/7.2/cli/conf.d/20-rrd.ini, root@Netflow:/var/www/html/nfsen-ng/backend#

On Apr 3, 2020, at 8:25 AM, Michael Bolli notifications@github.com wrote:

What about php -i | grep rrd ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mbolli/nfsen-ng/issues/44#issuecomment-608504750, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO64CPHGATFHLLJPI3XZ4S3RKX5X3ANCNFSM4LVG4AFQ.

[mbolli]

Ok so the php rrd module is definitely not loaded (at least for cli profile) My output:

mbolli@newdev:/var/www$ php -i | grep rrd
/etc/php/7.2/cli/conf.d/20-rrd.ini,
rrd
rrd tool module => enabled
rrd tool module version => 2.0.1
rrdtool library version => 1.7.0

There lies the culprit, but I don't know how to help from here... You got to somehow enable the rrd module (for cli and apache2 profiles).

[Dona21]

Hi Ken,

Your *rrd.ini files are wrong. If you cat the files the output should be extension=rrd.so instead of add extension=rrd.so. Modify the files accordingly and then restart apache webesrver with systemctl restart apache2

This particular issue should be fixed then.

[ken-crozier]

Ah, ok got it …. maybe for the less intuitive people the Installation should read cd /etc/php/7.2/mods-available && vim rrd.ini # add the line extension=rrd.so

So everything came up

Next question, if I copy the files from the YYYY/MM/DD/HR up a level to YYYY/MM/DD/ will nfsen pick up that data ??

thanks Ken

On Apr 3, 2020, at 9:33 AM, Dona21 notifications@github.com wrote:

Hi Ken,

Your *rrd.ini files are wrong. If you cat the files the output should be extension=rrd.so instead of add extension=rrd.so. Modify the files accordingly and then restart apache webesrver with systemctl restart apache2

This particular issue should be fixed then.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mbolli/nfsen-ng/issues/44#issuecomment-608539657, or unsubscribe https://github.com/notifications/unsubscribe-auth/AO64CPGC5DFNA6HT7EZYH4DRKYFXHANCNFSM4LVG4AFQ.

[Dona21]

I would personally delete the content directory content and start everything in a clean manner now that you know how to have a running instance. However, if for any reason you prefer to keep the data, it might be better to move the data rather than make a copy. nfsen-ng should work with that structure then. Also, do not mix nfsen and nfsen-ng. The first is the application written by the same person who created the whole nfdump suite and the second is the one we are talking about.

In order to avoid other people having the same issue, I will slightly change the instructions to make it less error prone.

I think your issue is solved, please consider closing it. Have a good weekend

[pra838]

No graphs.

root@nfdump:/var/nfdump/profiles-data/live/ExportFlow# tree -h [4.0K] . ├── [4.0K] 2023 │   └── [4.0K] 08 │   ├── [4.0K] 01 │   │   ├── [ 276] nfcapd.202308011525 │   │   ├── [ 276] nfcapd.202308011530 │   │   ├── [ 276] nfcapd.202308011535 │   │   ├── [ 276] nfcapd.202308011540 │   │   ├── [ 276] nfcapd.202308011545 │   │   ├── [ 276] nfcapd.202308011550 │   │   ├── [ 276] nfcapd.202308011555 │   │   ├── [ 276] nfcapd.202308011600 │   │   ├── [ 276] nfcapd.202308011605 │   │   ├── [ 276] nfcapd.202308011610 │   │   ├── [ 276] nfcapd.202308011615 │   │   ├── [ 276] nfcapd.202308011620 │   │   ├── [ 276] nfcapd.202308011625 │   │   ├── [ 276] nfcapd.202308011630 │   │   ├── [ 276] nfcapd.202308011635 │   │   ├── [ 276] nfcapd.202308011640

[Dona21]

Hi @pra838

Referring to this answer you will notice that your tree output shows [276] in front of each file which corresponds to empty nfcapd files. Therefore it is normal that no graphs are available because you have no data collected. You should have your nfcapd collector up, running and working/configured correctly before using nfsen-ng.

Cheers