|For clients, who have no knowledge and experience with Linux / Debian
If possible use the self-installing software version, it makes your
installation faster, easier and problem free. ISO-CD IMAGE is available at:
For clients, who have knowledge and experience with Linux / Debian
Problems encountered with software installation (.deb, .tgz) are mostly related
to the difference between the Linux environments (library incompatibilities,
missing packages, different paths to binaries etc.)
I can't connect to MySQL database.
When you see this message during installation, type the correct username and password
for access to MySQL database. If you are trying to connect to a remote database, check
if MySQL is configured for networking (disable option --skip-networking in MySQL
configuration file). If you forgot your username and password into MySQL, please,
refer to the database documentation (chapter How to Reset the Root Password) or
use following steps:
- Log on to your system as either the Unix root user or as the same user that
the mysqld server runs as.
- Locate the `.pid' file that contains the server's process ID. The exact location
and name of this file depends on your distribution, hostname, and configuration.
Common locations are `/var/lib/mysql/', `/var/run/mysqld/', and `/usr/local/mysql/data/'.
Generally, the filename has the extension of `.pid' and begins with either `mysqld'
or your system's hostname. Now you can stop the MySQL server by sending a normal kill
(not kill -9) to the mysqld process, using the pathname of the `.pid' file in the
kill `cat /mysql-data-directory/host_name.pid`
Note the use of back ticks rather than forward quotes with the cat command; these
cause the output of cat to be substituted into the kill command.
- Restart the MySQL server with the special --skip-grant-tables
mysqld_safe --skip-grant-tables &
- Set a new password for the root@localhost MySQL account:
mysqladmin -u root flush-privileges password "newpwd"
Replace ``newpwd'' with the actual root password that you want to use.
- Restart the MySQL server without any special option.
- You should now be able to connect using the new password.
Apache configuration file is not found.
If the above message is displayed, you must find and modify the Apache configuration
file manually. Configuration filename is mostly httpd.conf and it is stored in the
default directory /etc/apache or /etc/apache2. Locate this directory and add to
configuration file the following line:
In the file "/etc/netflow/apache.conf" there are various options relating to the
NetFlow web portion. Don't forget to restart the Apache daemon after modifying its
configuration via command:
I can't access the web interface.
- First check if Apache web server is running.
ps -ax | grep apache
- Check Apache log files.
- Check if file /etc/netflow/apache.conf is included in Apache configuration. You can
include contents of this file directly into your web server configuration. You can use
this file per each virtual host.
- Check if PHP scripting is enabled in your web server (refer PHP documentation and
When I tried to restart netflow collector I saw message: "Error: unknown parameter restart"
This message is displayed when you run the command nfcd restart without /etc/init.d/ prefix.
Please, run this command with full path. Correct command is:
Or you can run short nfcd without any parameter, but /etc/init.d/... syntax is preferred.
After restarting collector, check your system log file (cat /var/log/syslog).
MySQL module isn’t supported by PHP. Check your php.ini file, extensions sections.
This error message is displayed when you haven't installed or activated the MySQL library
used by PHP. Try to find the mysql.so file by using the following command:
find / -name mysql.so
When you find this file, activate the extension in your php.ini file (this file is
usually located in the directory /etc/php4/apache/) by typing option:
You can use Midnight command (mc) program to edit this file. If you don't find the
mysql.so file, try to install a new package php4-mysql (package name
php4-mysql is used by Debian, in Fedora distribution it will be found with the same
or similar to the Debian's name).
Note: PHP must be loaded with MySQL, SNMP and GD extension.
Can't open connection into MySQL database; check username, password and MySQL access
This message is displayed when the web part cannot connect into the database (bad
username/password or database server hostname not found or database is not running).
- Check if the php.ini file contains line: extension=mysql.so
- IF YES, please edit file /etc/netflow/nfw.php and make sure that you have the
correct parameters for the database connection (user name, password, database name is nfx)
- IF NOT, please add line extension=mysql.so, save php.ini file and restart your
Apache web server.
- Check if MySQL server is running. In the Linux environment type the
ps ax | grep mysql
mysql –u root –p
If database is not running type the following command:
- Based on our PHP knowledge, the PHP module mysql.so is probably compiled with
an old libmysqlclient version 10. There are several recommendations that might help:
- Try commands:
ldconfig -p | grep mysql
Please, send us the output of this command.
- Try restarting Apache.
- Check if your PHP package is the newest version (try upgrading PHP or degrade mysql).
- Send us the output of the following command:
(This command will write a list of installed packages on your system – use only for RedHat,
SUSE, Fedora distribution).
Can't select MySQL database 'nfx'; check if database exists or you have access rights to use it.
When you ran the nf_install script did you successfully complete step 1? Step 1 creates database
and all system tables. Type the following commands to check if step 1 was successfully completed:
mysql -u root -p
mysql> use nfx;
mysql> show tables;
If software was successfully installed you will see a lot of tables displayed. If it isn't
correctly installed then MySQL will write the following information: nfx database doesn't exists.
In the Debian installation the password is blank. If you cannot connect into the database due to
wrong password you can use the password recovery steps.
When I try to access Data, Trends, I get: Warning: No tables found for selected collector.
Log into the web interface and select menu Status->Collectors->Detail. Check if your
collector is running (green LED indicator). If you will see a red LED indicator, nfcd process is not
If nfcd process is not running, you have to check if your license is OK by going to Help->Licenses.
If the License is OK and program is still not running you have to start nfcd process manually. Log
into Linux environment and run the following command:
This command will run the collector(s). You can also see errors or warnings in the system log file
(syslog), check if there are any problems with running the collector by using the command:
less /var/log/syslog | grep nfc
The product is installed and everything seems to be running. However, all the database tables have
0 data in them.
- Log in into web interface select menu Status->Collectors.
- Check if your collector is running (green LED indicator). If it is OK, select detail
and check all values, you may find there are dropped packets etc.
- Check if the number of incoming packets is increasing. If not use tcpdump tool,
which test receiving NDE packets.
How can I test if netflow collector receives netflow data exports from my Cisco router?
You can use tcpdump tool. Run the following command:
tcpdump –n udp
You will see all UDP packets that the netflow server receives. You can break tcpdump by typing
<Ctrl>+C. If you don’t see any packet, check network cable and/or netflow configuration
on Cisco router and try debugging netflow exports. If you see incoming packets, but netflow
collector still don’t receive any packet check your Status->Collector->Detail menu, firewall
configuration and system log file (syslog).
Tool tcpdump shows data is coming in. 330 drops where indicated due to bad source IP address in
the collector status.
You have to change your device IP address in the menu Options->Devices. The correct IP is IP address
from that flows are received. Configure correct source interface on Cisco router or you can use the
tcpdump tool for finding correct IP address.
Tool tcpdump shows data is coming in, 150 drops due to bad netflow version in the collector status.
Problem is with unsupported netflow version. Please, configure one of the supported versions on your Cisco
router or switch. Supported versions are 1,5,6,7 and 9.
Tool tcpdump shows data is coming in. I did see non-zero DoS state value in the collector status.
In case "DoS state" is non-zero, denial of service protection plug-in blocks data flow, find the source
of attack and block it or you can disable this plug-in in the menu "Options->Collectors".
Tool tcpdump shows data is coming in, but 1000 flows indicate corrupted time.
Time in exported flows is different then local Linux time.
- Check if on your Cisco box is valid time via command:
- Check if on netflow Linux box is valid time via command:
If Cisco and/or Linux time are not synchronized netflow collector drops flows with
bad time value. The problem might be in Time Zone set up (information about which time zone you
are located in). Please log into Linux environment. In order to set up time zone you have to use
the following command:
This command will display recent time zone and ask if you want to change this time zone.
If YES, press Y and applications will offer you various continents, cities or countries that
you can choose from. (E.g. for United States type in 3, and then type in your time zone).
Changes in this setting are saved automatically. When your changes are completed you have
to restart your collector using the following command: /etc/init.d/nfcd restart or better,
restart your computer via <Ctrl>+<Alt>+<Del>.
To set correct time in the Linux environment you can use date program or you can use the
SETUP utility when your computer starts up. If you use date program type the following command:
Where MM is the month number, DD is the day, hh is current hour, mm is current minute and YYYY
is the current year. (e.g. date 030415062005 set up system date is the 4th of March
We recommend use NTP protocol (ntpdate utility) instead of manually configured date.
I saw trends results formatted into tables, but no graph is displayed.
You probably haven't installed PHP GD support. Go to the menu “Status->Engine" and
check if GDlib is installed.
Can I use more collectors listening on the same port?
Yes, but each collector must have an associated appropriate device. If more collectors
share same port to run in one process, can increase CPU utilization; so be careful when
using more collectors sharing the same port.
Can I use one collector for more devices?
Yes, but all traffic from these devices will be merged into a common table. It can
be useful only for L3/L4 switches, where the L2 switching part exports NetFlow version 7
and the routing engine exports NetFlow version 5. In this case merging these flows into
one collector can be very useful; this collector will have complete box traffic.
Is it possible to change the data format for a collector?
No. When you want to change the format, simply delete the collector (all data tables
will be dropped!) and re-create it with a new data format or you can disable the old
collector and create a new one.
I saw graphs in menu "Data->Graphs", but now they aren't available.
Graphs with type "cache" are removed after 1 day. If you want to save these graphs,
select them and click on the "Save cached" button.
When I change the selected table in the trends menu available statistics are changed.
List of available statistics can be changed for different tables, because each collector can
define different format of stored data. Check format for each selected collector
in the menu "Options->Collectors->Edit".
If you have any problem with CFI installation or CFI running, please let us know. If you
cannot find solution of your problem on this page, please provide us with as many
information about your situation and problem as you can.
Detailed information about errors and/or warnings can be found in the system log file
(syslog). Please, check if there are any problems, using the following command:
less /var/log/syslog | grep nfc
Or you can use our debug information collector tool. Run the following command:
Nf_debug tool send debug information to our support email address. Many companies can
have outgoing SMTP traffic blocked and your debug information file can not be sent
directly to our email; in this case you have to open the web address:
http://your_netflow_server/netflow/nf_debug.txt and send us displayed page.