search

nsrc-org / nfsen

Imported nfsen with various patches applied
2 stars 0 forks source link

nfsen not compatible with nfcapd from nfdump >= v1.7 #1

Closed CharlyBote closed 1 year ago

CharlyBote commented 1 year ago

I have a fresh install from scratch, with nfdump 1.7.1 and nfsen 1.3.8, but when nfsen starts, nfcapd gives an error.

Syslog report: Feb 15 09:59:41 nfsen[50860]: Starting nfcapd:(ccr1036cs ccr1036np)path does not exist: -D Feb 15 09:59:41 nfsen[50860]: No valid directory: -D Feb 15 09:59:46 nfsen[50860]: : collector did not start - see logfile CLI ./nfsen start Starting nfcapd:(ccr1036cs ccr1036np)path does not exist: -D No valid directory: -D : collector did not start - see logfile Starting nfsend.

Config File attached

nfsen.conf.txt

Could help me with this issue?

Thanks

candlerb commented 1 year ago

Please see https://sourceforge.net/p/nfsen/mailman/message/37779059/

In short, nfsen does not currently work with nfdump v1.7.x, which has some CLI argument changes over v1.6.x.

Aside: the text file you attached (nfsen.conf.txt) includes Windows newlines. nfsen/nfdump are only known to run under Linux. I suggest you use Ubuntu 22.04, if you're using the patched nfsen from this repo.

candlerb commented 1 year ago

I have compared the CLI arguments of nfsen 1.6.25 with 1.7.1

I think nfsen will work with both nfdump 1.6.x and 1.7.x if you change this:

./libexec/NfSenRC.pm:   my $common_args = "-w -D -p $port -u $uid -g $gid $buffer_opts $subdirlayout -P $pidfile $ziparg $extensions";

and simply remove the '-w' flag.

The other changes are:

CharlyBote commented 1 year ago

Thanks Brian, all works fine for me now. nfcapd[21041]: Ident: 'ccr1036cs' Flows: 393360, Packets: 6886153, Bytes: 5683537557, Sequence Errors: 522, Bad Packets: 0

and the data is stored in nfsen folder structure.

Thanks!

El jue, 16 feb 2023 a las 10:52, Brian Candler @.***>) escribió:

I have compared the CLI arguments of nfsen 1.6.25 with 1.7.1

I think nfsen will work with both nfdump 1.6.x and 1.7.x if you change this:

./libexec/NfSenRC.pm: my $common_args = "-w -D -p $port -u $uid -g $gid $buffer_opts $subdirlayout -P $pidfile $ziparg $extensions";

and simply remove the '-w' flag.

The other changes are:

  • nfcapd has renamed the -l option to -w, but still accepts the -l version for now (with a warning)
  • nfcapd now does not have configurable extensions. You should avoid setting $EXTENSIONS in nfsen.conf, but if you do, you'll just get another warning that the -T option doesn't do anything any more.

— Reply to this email directly, view it on GitHub https://github.com/nsrc-org/nfsen/issues/1#issuecomment-1433120272, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADS6ZI6TELS5AL27L64WTADWXYWIVANCNFSM6AAAAAAU46OD3E . You are receiving this because you authored the thread.Message ID: @.***>

-- Carlos Botejara IT Analyst @.*** NEUQUEN - ARGENTINA C: 0299-154230346 LINKEDIN: http://www.linkedin.com/in/carlosbotejara

Este correo está dirigido únicamente a la persona o entidad que figura en el destinatario y puede contener información confidencial y/o privilegiada. La copia, reenvío, o distribución de este mensaje por personas o entidades diferentes al destinatario está prohibido. Si Ud. ha recibido este correo por error, por favor contáctese con el remitente inmediatamente y borre el material de cualquier computadora. Este correo puede estar siendo monitoreado en cumplimiento de esta política.