cc/td/doc/product/rtrmgmt/nfc/nfc_3_0
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Troubleshooting FlowCollector

Troubleshooting FlowCollector

This appendix provides helpful information and procedures in case you encounter problems while using FlowCollector. This appendix contains the following sections:

Using the nfcollector status Command

The nfcollector status command provides an easy way to determine the following:

To invoke the nfcollector status command, enter the following command line at the UNIX prompt:

$ $NFC_DIR/bin/nfcollector status

When invoked, the nfcollector status command displays status information about FlowCollector and the UNIX workstation on which FlowCollector is running, including the following examples:

NFC_DIR=/opt/CSCOnfc
NFC_RESOURCEFILE=$NFC_DIR/config/nf.resources
 

NFCD: running (pid: 8745)
NFCollector Aggregation: stopped
NFCollector Timer: stopped
Note If the nfcollector status command indicates that a process is stopped, there may be a problem with the FlowCollector workstation. See the "Running FlowCollector" section for information on how to start FlowCollector processes. 



-rw-r-----1mkjeeveseng5Jun510:53/tmp/nfcd.pid
-rw-r-----1mkjeeveseng8Jun510:53/tmp/nfcd.uid
p---------1mkjeeveseng0Jun510:53/tmp/nfcunix.dg
 




mkjeeves87451010:53:14pts/30:00/opt/CSCOnfc/bin/NFCD
 




Disk Space for /opt/CSCOnfc:
FilesystemkbytesusedavailcapacityMounted on
/dev/dsk/c0t0d0s521008764472218460743%/opt
 



 Using the show-tech Command to Capture Troubleshooting Information

 
 The show-tech command provides an easy way to generate all the debugging information necessary for support and troubleshooting purposes.


 To invoke the show-tech command, enter the following command line at the UNIX prompt:


$ $NFC_DIR/bin/nfcollector show-tech
 




Note To capture running configuration information, you should invoke the show-tech command while FlowCollector is running.



 When invoked, the show-tech command creates a log file named show-tech.log in the directory $NFC_DIR/logs, and saves the following information in it:



 FlowCollector Tools and Utilities

 
 The utilities described in this section are typically used to troubleshoot FlowCollector operation by providing a way to capture and play back received NetFlow data. The process emulates a Cisco export device generating NetFlow data through the NetFlow data export feature. The utilities are available in $NFC_DIR/tools/. 


 fdcount Utility


 The fdcount utility listens to a user-specified UDP port, samples a user-specified number of incoming datagrams, and calculates the average incoming rate. Enter:


$NFC_DIR/tools/fdcount [-p UDP-port][-c count][-s socket-buffer]
 



 where:





 -p UDP-port


 UDP port number on which flows are to be received. The default is 9991.




 -c count


 Number of flows to sample before calculating the incoming rate. The default is 100.




 -s socket-buffer


 Receive socket buffer size, in bytes. The default is 90000 bytes.
















 fdget Utility


 The fdget utility listens to a user-specified UDP port to receive flow data and prints some of the fields from the received flow packets to the standard output. One use of this capability is to print flow data sent by the fdplayback utility. Enter:


$NFC_DIR/tools/fdget [-p UDP-port][-s socket-buffer][-a]
 



 where:





 -p UDP-port


 UDP port number on which flows are to be received. The default is 9991.




 -s socket-buffer


 Receive socket buffer size, in bytes. The default is 90000 bytes. This argument and value determine how many datagrams the kernel stores in this buffer as datagrams come in from the network. The larger the buffer, the more time fdget has to consume data from the buffer before the buffer overflows. If the buffer overflows, datagrams are lost.




 -a


 Print an acknowledgment only. The default is to print the content of flows. Using -a means print only an acknowledgment for each datagram received rather than the content of the datagram.
















 fdplayback Utility


 The fdplayback utility reads a data file of NetFlow data created by FlowCollector or some other tool and sends the flow data to a user-specified destination. Enter:


$NFC_DIR/tools/fdplayback [-f datafile][-d IP-address][-p UDP-port][-i delay]
[-b burst] [-ssocket-buffer] [-tflows]
 



 where:





 -f datafile


 Name of data file to play back to the user-specified destination (defined by IP address and UDP port number).




 -d IP-address


 Destination IP address.




 -p UDP-port


 Destination UDP port number. The default is 9991.




 -i delay


 Delay (in milliseconds) between datagrams. The default is 1000. The longer the delay, the more separation there is between datagrams being sent to the receiving destination.




 -b burst


 Number of flows sent in each burst. The default is 10. This argument is used in conjunction with -i to control the speed and "burstiness" of the playback.




 -s socket-buffer


 Receive socket buffer size, in bytes. The default is 90000 bytes.




 -t flows


 Number of flows to play back in this session. The default is all flows in the data file. If the data file contains 1000 datagrams and you set -t to 1, fdplayback only sends one datagram.
















 nfc_gunzip Utility


 The nfc_gunzip utility is used to uncompress FlowCollector data files that are created with the  compression option set to yes. Compressed files are identified with a .gz extension. If the compressed file is in binary format, the extension is .bin.gz. See the "Creating a Thread" section for details on these file creation options. To use this utility enter:


$NFC_DIR/tools/nfc_gunzip filename



 nfc_bin_to_ascii Utility


 The nfc_bin_to_ascii converter utility is used to convert binary format data files to ASCII format data files. Binary data files are identified with a .bin extension. If compression is applied to the file, it is identified with a .bin.gz extension. See the "Creating a Thread" section for details on these file creation options. To use this utility enter:


$NFC_DIR/tools/nfc_bin_to_ascii filename "delimiter"




Note The delimiter option can be the "," or "|" characters. Quotes are required in the delimiter parameter. If no delimiter is used, the "|" character is used by default.



 Solving FlowCollector Problems

 
 This section discusses some basic problems that you might encounter while attempting to run FlowCollector. 



Symptom   Starting FlowCollector starts the FlowCollector Daemon (NFCD) but no other processes.



Possible Cause   Look in the $NFC_DIR/logs/nfc.log file. If there is a message prefixed with the label "ERROR," FlowCollector encountered an illegal or incomplete configuration parameter while starting up.



Recommended Action   Perform the following steps:



Step 1	 Use the nfcollector status command to verify which processes are running.



Step 2	 Use the nfcollector stop all command to stop FlowCollector.



Step 3	 Look in the appropriate configuration file for one of the following:




Step 4	 Fix the configuration file.



Step 5	 Restart FlowCollector.



Symptom   The nfcollector stop all command does not stop all of the processes.



Possible Cause   In some rare cases, FlowCollector might find itself in a state where the nfcollector stop all command does not stop the collector cleanly, leaving temporary files in /tmp.



Recommended Action   Use the nfcollector clean command to force all processes related to FlowCollector to stop. The nfcollector clean command then cleans up all /tmp files related to FlowCollector operation.



Symptom   FlowCollector data files are not being written to the directory specified in the DataSetPath thread attribute.



Possible Cause   Either the DataSetPath thread attribute process does not have the appropriate permission settings, or the MaxUsage thread attribute value has been exceeded.



Recommended Action   Look at the nfc.log file to find the exact cause. If the problem is permission settings, fix the permission settings and try again. If the problem is related to the MaxUsage setting, increase the limit (if acceptable). You might need to make more disk space available in this partition.



Symptom   The export device is exporting NetFlow data to a port, but FlowCollector does not see any data.



Possible Cause   Check the nfc.log file for an error message about not being able to bind to that UDP port. If you find such a message, some other application is using that port.



Recommended Action   Verify that the export device is not using a reserved port number in its attempt to export data to FlowCollector. Use an unreserved port number in the range 1024 to 65535 (for example, 9995 or 9996) to export data to FlowCollector.



Symptom   The filesready file does not display the FORMAT identifier header.



Possible Cause   FlowCollector 3.0 is operating in FlowCollector 2.0-compatible mode.



Recommended Action   Reconfigure FlowCollector to operate in FlowCollector 3.0 mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying FlowCollector Resources" section.



Symptom   A Thread ID subdirectory has not been created.



Possible Cause   FlowCollector 3.0 is operating in FlowCollector 2.0-compatible mode.



Recommended Action   Reconfigure FlowCollector to operate in FlowCollector 3.0 mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying FlowCollector Resources" section.



Symptom   The MaxUsage attribute that is configured in an NF_Thread is not working. Data files are taking up more space than is specified in the parameter.



Possible Cause   FlowCollector 3.0 is operating in FlowCollector 2.0-compatible mode.



Recommended Action   Reconfigure FlowCollector to operate in FlowCollector 3.0 mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying FlowCollector Resources" section.



Symptom   There is no AGGREGATION_DEFINITION section in any data files.



Possible Cause   FlowCollector 3.0 is operating in FlowCollector 2.0-compatible mode.



Recommended Action   Reconfigure FlowCollector to operate in FlowCollector 3.0 mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying FlowCollector Resources" section.



Symptom   While writing a data file, FlowCollector stops functioning, and a core dump occurs.



Possible Cause   This is probably occurring on an HP-UX system with a maxdsiz parameter that is set too low.



Recommended Action   See the "Installing FlowCollector" section for information on this parameter.



Symptom   Authentication is not working on an HP-UX system.



Possible Cause   The HP-UX system is not set up in Trusted System Mode.



Recommended Action   Reconfigure the HP-UX system to operate in Trusted System Mode.



Symptom   Data files that are created at a certain time appear with a totally different time stamp. For example, a data file was created at 11 p.m., but the file itself shows a creation time of 7 a.m. 



Possible Cause   GMT_FLAG is set to yes, creating files that reflect Greenwich Mean Time. 



Recommended Action   Set GMT_FLAG to no. Data files will reflect the time as it exists on the system instead of Greenwich Mean Time. See the "Modifying FlowCollector Resources" section.



Symptom   During installation on a Solaris system, an error is encountered and FlowCollector does not finish installing.



Possible Cause   The system is running Solaris Version 2.7.



Recommended Action   Use a system running Solaris Version 2.51 or 2.6. Solaris Version 2.7 is not supported. 



Symptom   During installation on an HP-UX system, an error is encountered and FlowCollector does not finish installing.



Possible Cause   The system is running HP-UX Version 10.20 or another unsupported HP-UX version.



Recommended Action   Use a system running HP-UX version 11.0. All other HP-UX versions are not supported. 


 





hometocprevnextglossaryfeedbacksearchhelp


Posted: Fri Jul  9 11:09:58 PDT 1999

Copyright 1989-1999©Cisco Systems Inc.