[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fprobe-ulog+flowscan+flow-tools

добрый день ...

не могу победить связку subj ((

пакеты собираются в iptables

iptables -A FORWARD -o eth1 -j ULOG

fprobe-ulog получает данные с eth1 смотрящего в 192.168.2.0/24


/etc/default/fprobe-ulog


INTERFACE="eth1:101"
FLOW_COLLECTOR="localhost:555"
OTHER_ARGS=""

собирает данные flow-capture


/etc/flow-tools/flow-capture.conf


-w/var/local/flows -n287 -S5 -V5 -N0 0/127.0.0.1/555

с интервалом в 5 минут крономзапускается flowscan,


flowscan.cf


FlowFileGlob /var/local/flows/ft-v*[0-9]
ReportClasses CampusIO
WaitSeconds 300
Verbose 1


содержимое CampusIO.cf


OutputIfIndexes 7
LocalSubnetFiles /etc/flowscan/local_nets.boulder
OutputDir /var/local/flows/graphs
Verbose 1
Protocols icmp, tcp, udp
TCPServices ftp-data, ftp, smtp, nntp, http, 7070, rtsp
UDPServices domain, snmp, snmp-trap
NapsterSubnetFiles /etc/flowscan/Napster_subnets.boulder
NapsterSeconds 1800
NapsterPorts 8875, 4444, 5555, 6666, 6697, 6688, 6699, 7777, 8888
ASPairs 0:0


содержимое local_nets.boulder


SUBNET=192.168.2.0/24
DESCRIPTION=our network


вывод flowscan -w0 -v


2005/05/25 18:40:01 working on file
/var/local/flows/ft-v05.2005-05-25.183501+0400...
2005/05/25 18:40:01 %CampusIO::FTPSession -> 0
2005/05/25 18:40:01 %CampusIO::FTPSession -> 0
2005/05/25 18:40:01 %CampusIO::NapServer -> 0 %CampusIO::NapUser -> 0
2005/05/25 18:40:01 %CampusIO::NapServer -> 0 %CampusIO::NapUser -> 0
2005/05/25 18:40:01 flowscan-1.020 CampusIO: Cflow::find took  0
wallclock secs ( 0.00 usr +  0.00 sys =  0.00 CPU) for 266
+flow file bytes, flow hit ratio: 0/6
2005/05/25 18:40:01 scalar(%CampusIO::RealServer) -> 0
2005/05/25 18:40:01 flowscan-1.020 CampusIO: report took  0 wallclock
secs ( 0.02 usr +  0.00 sys =  0.02 CPU)


никак не могу добиться изменений, hit ratio 0/x и все тут ...
где ошибся ? может кто подскажет ... усиленно читаю maillist
flow-tools, flowscan ... пока тяжко ))
Reply to: