opFlow Dashboard is Bare (graphs show no data)
It appears that you are not receiving any flows, have you had a look since you restarted it, it could take 2-5 minutes to start receiving and processing net flow records.
There is a couple of things it could be, which you can verify.
1. Has the IP address of the opFlow server or virtual machine changed?
If so, change net flow configurations in the network devices to send to new IP address.
2. Verify that "flowd" is running
Code Block |
---|
|
ps -ef | grep flowd |
You should see three entries as well as the grep one, e.g.
Code Block |
---|
|
[root@thor opmantek]# ps -ef | grep flowd
root 13356 1 0 Jun18 ? 00:00:10 flowd: monitor
_flowd 13357 13356 0 Jun18 ? 00:00:30 flowd: net
root 27114 1 0 12:40 ? 00:00:00 NMIS opflowd debug=0
root 32567 27106 0 12:51 pts/5 00:00:00 grep flowd |
The first two, flowd: are the Netflow daemon receiving flows, the NMIS one is the NMIS opflowd.
2a. If flowd is not running you can start it with the command:
Code Block |
---|
|
service flowd start |
Then repeat the ps -ef command, if it is not running you can check the syslog messages for why:
Code Block |
---|
|
tail -50 /var/log/messages |
Likely causes are full disks or permissions, or folders not existing.
2b. if opflowd is not running you can start it
Start it with the command below
Code Block |
---|
|
service opflowd start |
3. Verify that Mongo is running
Code Block |
---|
|
[root@thor log]# ps -ef | grep mongo
root 4462 27106 0 12:59 pts/5 00:00:00 grep mongo
root 24809 1 0 Jun19 ? 04:26:07 /usr/local/mongodb/bin/mongod --dbpath /var/mongodb --fork --logpath /var/log/mongodb.log --logappend |
Start it with the command below
Code Block |
---|
|
service mongod start |
4. Check the folders are correct
Check that all the folders are the same. Run these commands and make sure that everything is pointing to the right spot.
Code Block |
---|
grep logfile /usr/local/etc/flowd.conf
grep opflow_dir /usr/local/opmantek/conf/opFlow.nmis
grep mongodbpath /etc/init.d/mongod |
It is especially important that the logfile which flowd uses is picked up by opFlow which is the "flowd_data" configuration and this is combined with "<opflow_dir>" to get the path.
Code Block |
---|
grep logfile /usr/local/etc/flowd.conf
logfile "/data/opflow/flowd"
grep opflow_dir /usr/local/opmantek/conf/opFlow.nmis
'<opflow_dir>' => '/data/opflow',
'flowd_data' => '<opflow_dir>/flowd',
grep mongodbpath /etc/init.d/mongod
mongodbpath=/data/mongodb |
5. Check your diskspace
Make sure where ever you are putting the flow data and the Mongo DB, you have quite alot of disk space.
Code Block |
---|
df -h /data
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_data-lv_data
247G 86G 148G 37% /data |
6. Check your Config is up to date
If you have patched your opFlow installation, make sure your configs are up to date.
Code Block |
---|
/usr/local/opmantek/bin/opupdateconfig.pl /usr/local/opmantek/install/opFlow.nmis /usr/local/opmantek/conf/opFlow.nmis
/usr/local/opmantek/bin/opupdateconfig.pl /usr/local/opmantek/install/opCommon.nmis /usr/local/opmantek/conf/opCommon.nmis |