Caligare - makes the network better Contact Us |  Sitemap |  Our customers   Cisco Technology Developer Partner

Troubleshhoting Questions and Answers


For clients, who have no knowledge and experience with Linux / Debian

If possible use the self-installing software version, it makes your installation faster, easier and problem free. ISO-CD IMAGE is available at: http://www.caligare.com/netflow/download.php


For clients, who have knowledge and experience with Linux / Debian

Problems encountered with software installation (.deb, .tgz) are mostly related to the difference between the Linux environments (library incompatibilities, missing packages, different paths to binaries etc.)

Installation

I can't connect to MySQL database.

When you see this message during installation, type the correct username and password for access to MySQL database. If you are trying to connect to a remote database, check if MySQL is configured for networking (disable option --skip-networking in MySQL configuration file). If you forgot your username and password into MySQL, please, refer to the database documentation (chapter How to Reset the Root Password) or use following steps:

  1. Log on to your system as either the Unix root user or as the same user that the mysqld server runs as.
  2. Locate the `.pid' file that contains the server's process ID. The exact location and name of this file depends on your distribution, hostname, and configuration. Common locations are `/var/lib/mysql/', `/var/run/mysqld/', and `/usr/local/mysql/data/'. Generally, the filename has the extension of `.pid' and begins with either `mysqld' or your system's hostname. Now you can stop the MySQL server by sending a normal kill (not kill -9) to the mysqld process, using the pathname of the `.pid' file in the following command:
    kill `cat /mysql-data-directory/host_name.pid`
    Note the use of back ticks rather than forward quotes with the cat command; these cause the output of cat to be substituted into the kill command.
  3. Restart the MySQL server with the special --skip-grant-tables option:
    mysqld_safe --skip-grant-tables &
  4. Set a new password for the root@localhost MySQL account:
    mysqladmin -u root flush-privileges password "newpwd" 
    Replace ``newpwd'' with the actual root password that you want to use.
  5. Restart the MySQL server without any special option.
    mysqld_safe &
  6. You should now be able to connect using the new password.

Apache configuration file is not found.

If the above message is displayed, you must find and modify the Apache configuration file manually. Configuration filename is mostly httpd.conf and it is stored in the default directory /etc/apache or /etc/apache2. Locate this directory and add to configuration file the following line:

Include /etc/netflow/apache.conf

In the file "/etc/netflow/apache.conf" there are various options relating to the NetFlow web portion. Don't forget to restart the Apache daemon after modifying its configuration via command:

/etc/init.d/apache restart

I can't access the web interface.

  1. First check if Apache web server is running.
    ps -ax | grep apache
  2. Check Apache log files.
    less /var/log/apache/error.log
    and/or
    less /var/log/apache/access.log
  3. Check if file /etc/netflow/apache.conf is included in Apache configuration. You can include contents of this file directly into your web server configuration. You can use this file per each virtual host.
  4. Check if PHP scripting is enabled in your web server (refer PHP documentation and Apache documentation).

When I tried to restart netflow collector I saw message: "Error: unknown parameter restart"

This message is displayed when you run the command nfcd restart without /etc/init.d/ prefix. Please, run this command with full path. Correct command is:

/etc/init.d/nfcd restart

Or you can run short nfcd without any parameter, but /etc/init.d/... syntax is preferred. After restarting collector, check your system log file (cat /var/log/syslog).

Web interface

MySQL module isn’t supported by PHP. Check your php.ini file, extensions sections.

This error message is displayed when you haven't installed or activated the MySQL library used by PHP. Try to find the mysql.so file by using the following command:

find / -name mysql.so

When you find this file, activate the extension in your php.ini file (this file is usually located in the directory /etc/php4/apache/) by typing option:

extension=mysql.so

You can use Midnight command (mc) program to edit this file. If you don't find the mysql.so file, try to install a new package php4-mysql (package name php4-mysql is used by Debian, in Fedora distribution it will be found with the same or similar to the Debian's name).

Note: PHP must be loaded with MySQL, SNMP and GD extension.

Can't open connection into MySQL database; check username, password and MySQL access rights.

This message is displayed when the web part cannot connect into the database (bad username/password or database server hostname not found or database is not running).

  1. Check if the php.ini file contains line: extension=mysql.so
    • IF YES, please edit file /etc/netflow/nfw.php and make sure that you have the correct parameters for the database connection (user name, password, database name is nfx)
    • IF NOT, please add line extension=mysql.so, save php.ini file and restart your Apache web server.
  2. Check if MySQL server is running. In the Linux environment type the following commands:
    ps ax | grep mysql
    mysql –u root –p
    mysql> quit;
    If database is not running type the following command:
    /etc/init.d/mysql start
  3. Based on our PHP knowledge, the PHP module mysql.so is probably compiled with an old libmysqlclient version 10. There are several recommendations that might help:
    • Try commands:
      ldconfig
      ldconfig -p | grep mysql
      Please, send us the output of this command.
    • Try restarting Apache.
    • Check if your PHP package is the newest version (try upgrading PHP or degrade mysql).
    • Send us the output of the following command:
      rpm –qa
      (This command will write a list of installed packages on your system – use only for RedHat, SUSE, Fedora distribution).

Can't select MySQL database 'nfx'; check if database exists or you have access rights to use it.

When you ran the nf_install script did you successfully complete step 1? Step 1 creates database and all system tables. Type the following commands to check if step 1 was successfully completed:

mysql -u root -p
Password:

mysql> use nfx;
mysql> show tables;
mysql> quit;

If software was successfully installed you will see a lot of tables displayed. If it isn't correctly installed then MySQL will write the following information: nfx database doesn't exists. In the Debian installation the password is blank. If you cannot connect into the database due to wrong password you can use the password recovery steps.

When I try to access Data, Trends, I get: Warning: No tables found for selected collector.

Log into the web interface and select menu Status->Collectors->Detail. Check if your collector is running (green LED indicator). If you will see a red LED indicator, nfcd process is not running!

If nfcd process is not running, you have to check if your license is OK by going to Help->Licenses. If the License is OK and program is still not running you have to start nfcd process manually. Log into Linux environment and run the following command:

/etc/init.d/nfcd restart

This command will run the collector(s). You can also see errors or warnings in the system log file (syslog), check if there are any problems with running the collector by using the command:

less /var/log/syslog | grep nfc

The product is installed and everything seems to be running. However, all the database tables have 0 data in them.

  1. Log in into web interface select menu Status->Collectors.
  2. Check if your collector is running (green LED indicator). If it is OK, select detail and check all values, you may find there are dropped packets etc.
  3. Check if the number of incoming packets is increasing. If not use tcpdump tool, which test receiving NDE packets.

How can I test if netflow collector receives netflow data exports from my Cisco router?

You can use tcpdump tool. Run the following command:

tcpdump –n udp

You will see all UDP packets that the netflow server receives. You can break tcpdump by typing <Ctrl>+C. If you don’t see any packet, check network cable and/or netflow configuration on Cisco router and try debugging netflow exports. If you see incoming packets, but netflow collector still don’t receive any packet check your Status->Collector->Detail menu, firewall configuration and system log file (syslog).

Tool tcpdump shows data is coming in. 330 drops where indicated due to bad source IP address in the collector status.

You have to change your device IP address in the menu Options->Devices. The correct IP is IP address from that flows are received. Configure correct source interface on Cisco router or you can use the tcpdump tool for finding correct IP address.

Tool tcpdump shows data is coming in, 150 drops due to bad netflow version in the collector status.

Problem is with unsupported netflow version. Please, configure one of the supported versions on your Cisco router or switch. Supported versions are 1,5,6,7 and 9.

Tool tcpdump shows data is coming in. I did see non-zero DoS state value in the collector status.

In case "DoS state" is non-zero, denial of service protection plug-in blocks data flow, find the source of attack and block it or you can disable this plug-in in the menu "Options->Collectors".

Tool tcpdump shows data is coming in, but 1000 flows indicate corrupted time.

Time in exported flows is different then local Linux time.
  1. Check if on your Cisco box is valid time via command:
    show clock
  2. Check if on netflow Linux box is valid time via command:
    date

If Cisco and/or Linux time are not synchronized netflow collector drops flows with bad time value. The problem might be in Time Zone set up (information about which time zone you are located in). Please log into Linux environment. In order to set up time zone you have to use the following command:

tzconfig

This command will display recent time zone and ask if you want to change this time zone. If YES, press Y and applications will offer you various continents, cities or countries that you can choose from. (E.g. for United States type in 3, and then type in your time zone). Changes in this setting are saved automatically. When your changes are completed you have to restart your collector using the following command: /etc/init.d/nfcd restart or better, restart your computer via <Ctrl>+<Alt>+<Del>.

To set correct time in the Linux environment you can use date program or you can use the SETUP utility when your computer starts up. If you use date program type the following command:

date MMDDhhmmYYYY

Where MM is the month number, DD is the day, hh is current hour, mm is current minute and YYYY is the current year. (e.g. date 030415062005 set up system date is the 4th of March 2005 15:06.)

We recommend use NTP protocol (ntpdate utility) instead of manually configured date.

I saw trends results formatted into tables, but no graph is displayed.

You probably haven't installed PHP GD support. Go to the menu “Status->Engine" and check if GDlib is installed.

Can I use more collectors listening on the same port?

Yes, but each collector must have an associated appropriate device. If more collectors share same port to run in one process, can increase CPU utilization; so be careful when using more collectors sharing the same port.

Can I use one collector for more devices?

Yes, but all traffic from these devices will be merged into a common table. It can be useful only for L3/L4 switches, where the L2 switching part exports NetFlow version 7 and the routing engine exports NetFlow version 5. In this case merging these flows into one collector can be very useful; this collector will have complete box traffic.

Is it possible to change the data format for a collector?

No. When you want to change the format, simply delete the collector (all data tables will be dropped!) and re-create it with a new data format or you can disable the old collector and create a new one.

I saw graphs in menu "Data->Graphs", but now they aren't available.

Graphs with type "cache" are removed after 1 day. If you want to save these graphs, select them and click on the "Save cached" button.

When I change the selected table in the trends menu available statistics are changed.

List of available statistics can be changed for different tables, because each collector can define different format of stored data. Check format for each selected collector in the menu "Options->Collectors->Edit".

Other difficulties

If you have any problem with CFI installation or CFI running, please let us know. If you cannot find solution of your problem on this page, please provide us with as many information about your situation and problem as you can.

Detailed information about errors and/or warnings can be found in the system log file (syslog). Please, check if there are any problems, using the following command:

less /var/log/syslog | grep nfc

Or you can use our debug information collector tool. Run the following command:

nf_debug

Nf_debug tool send debug information to our support email address. Many companies can have outgoing SMTP traffic blocked and your debug information file can not be sent directly to our email; in this case you have to open the web address: http://your_netflow_server/netflow/nf_debug.txt and send us displayed page.






  © 2003-2015 Caligare. All Rights Reserved.  Terms of Use  | Privacy Statement  | Site Map  | Contact Us