NA Reports not working
-
jomann
- Development Lead
- Posts: 611
- Joined: Mon Apr 22, 2013 10:06 am
- Location: Nagios Enterprises
Re: NA Reports not working
Can you verify that the timezones are all set correctly and the dates are set properly on both the NNA server and the things sending to it? The reason I'm asking is with a data lifetime of only 24 hours... if for some reason nfcapd thought that something came in from the day before it would be removed from the raw data. One thing to test would be setting the raw data lifetime to a longer period (say 7 days) to see where the data, if any, is coming in at. The .current file would only have data in it if it was recieving data that it knew as from the last 5 minutes.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
Envera IT
- Posts: 159
- Joined: Wed Jun 19, 2013 10:21 am
Re: NA Reports not working
lmiltchev wrote:Click on the source in the web UI, then click on the "Edit" button, and show us a screenshot of this page. Also run the following commands from the CLI, and show us the output:
As for your questions, I will have to talk to our developers and get back to you.Code: Select all
ps -ef | grep 2055 iptables -L -n | grep 2055
[root@localhost ~]# ps -ef | grep 2055
nna 912 1 0 Nov19 ? 00:00:52 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/NSA-3500/flows -p 2055 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/NSA-3500/2055.pid -D -e -w -z
nna 913 912 0 Nov19 ? 00:00:02 /usr/local/bin/nfcapd -I 4 -l /usr/local/nagiosna/var/NSA-3500/flows -p 2055 -x /usr/local/nagiosna/bin/reap_files.py %d %f %i -P /usr/local/nagiosna/var/NSA-3500/2055.pid -D -e -w -z
root 15804 15701 0 01:32 pts/0 00:00:00 grep 2055
[root@localhost ~]#
[root@localhost ~]# iptables -L -n | grep 2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2055
[root@localhost ~]#
Can you verify that the timezones are all set correctly and the dates are set properly on both the NNA server and the things sending to it?
Taken a few seconds after NA.[root@localhost ~]# date
Sun Nov 23 01:33:09 EST 2014
[root@localhost ~]#
You do not have the required permissions to view the files attached to this post.
I like graphs...
-
abrist
- Red Shirt
- Posts: 8334
- Joined: Thu Nov 15, 2012 1:20 pm
Re: NA Reports not working
At this point, lets move this to a remote session through the ticket system. Please open a ticket by sending an email to:
xisupport@nagios.com
xisupport@nagios.com
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
-
Envera IT
- Posts: 159
- Joined: Wed Jun 19, 2013 10:21 am
Re: NA Reports not working
Just in case anyone else is reading this in the future and wondering what we determined today. Nagios is receiving flows from the Sonicwall, but the flows contain no data. Sonicwall specifies that when an external collector is enabled the system must be rebooted, however it doesn't specify that its required if the port the flows are being sent to is changed. I believe I changed this port on the Sonicwall while troubleshooting the issue but I'm not certain as its been a week or two. I'm not sure if I'll be able to get a reboot in on this router anytime soon as we're moving into a busy part of the year, and I don't have another native netflow device that I can use but I'll add a netflow agent to my pc and see if that works normally.
Here's a dump of the history from the support session. Hope this helps others troubleshoot the issue.
Here's a dump of the history from the support session. Hope this helps others troubleshoot the issue.
Code: Select all
59 ps -ef | grep 2055
60 iptables -L -n | grep 2055
61 date
62 iptables -L -n | grep 2055
63 iptables -A INPUT -p udp -s 192.168.0.2 --dport 2055 -j ACCEPT
64 iptables -L -n | grep 2055
65 iptables -D INPUT -p udp -s 192.168.0.2 --dport 2055 -j ACCEPT
66 iptables -L -n | grep 2055
67 exit
68 cd /usr/local/nagiosna/var/
69 ls -la
70 tail -f backend.lo
71 cd NSA-3500/
72 ls -la
73 rrdtool dump bandwidth.rrd
74 ls
75 ls flows/
76 date
77 grep zone /etc/php.ini
78 tail -f /var/log/httpd/error_log
79 vim /var/log/httpd/error_log
80 vi/var/log/httpd/error_log
81 vi /var/log/httpd/error_log
82 date
83 ps -aef | grep nfcap
84 iptable -L
85 iptables -L
86 iptables -L -n
87 tail -f backend.lo
88 cd ..
89 vim backend.log
90 vi backend.log
91 cd NSA-3500/;rrdtool dump bandwidth.rrd
92 rrdtool dump bandwidth.rrd | less
93 rrdtool dump bandwidth.rrd | grep -v NAN
94 rrdtool dump bandwidth.rrd | grep -v NaN
95 rrdtool dump bandwidth.rrd | grep -v NaN | grep -v " <row><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v></row>"
96 cd flows/
97 ls
98 vi nfcapd.201411261040
99 nfdump nfcapd.201411261040
100 nfdump -r nfcapd.201411261040
101 nfdump -r nfcapd.2014112*
102 ls
103 ls -las
104 ls -lash
105 nfdump -r nfcapd.201411260840
106 nfdump -r nfcapd.201411232235
107 tcpdump port 2055
108 ls
109 nfdump -r nfcapd.201411261050
110 pwd
111 rrdtool dump bandwidth.rrd | grep -v NaN | grep -v " <row><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v></row>"
112 cd ..
113 pwd
114 history
I like graphs...
-
abrist
- Red Shirt
- Posts: 8334
- Joined: Thu Nov 15, 2012 1:20 pm
Re: NA Reports not working
Yeah, hopefully after the break here we can drill down the issues some more. The three most useful commands from the session were:
Check to see if flows are coming in on the expected port:
Check to see if there is data in the nfcapd flows:
Check to see if any "real" (non NaN/empty) data is hitting the rrd:
Check to see if flows are coming in on the expected port:
Code: Select all
tcpdump port 2055Code: Select all
nfdump -r /usr/local/nagiosna/var/NSA-3500/flows/<one of the newest flows>Code: Select all
rrdtool dump /usr/local/nagiosna/var/NSA-3500/bandwidth.rrd | grep -v NaN | grep -v " <row><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v><v>0.0000000000e+00</v></row>"Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.