1

I have a mikrotik router and it is sending trafficflow (fully compatible with netflow) data to my debian server that is running cacti. But after installing cacti's flowviewer plugin, cacti doesnt show any information.

The directory I made on the server to hold the netflow data is empty. (I assume this is the problem.) The permissions on that directory are 777.

There was no iptable rule blocking port 2055 but just in case I set:

iptables -A INPUT -p udp -d 0/0 -s 0/0 --dport 2055 -j ACCEPT

tcpdump udp port 2055 shows a lot of data coming in.

The time between the router and the server may possibly be a few seconds apart.

I've stopped and started the flow-capture service in between each change.

Does any one have any suggestions?

masegaloeh
  • 17,978
  • 9
  • 56
  • 104
karmet
  • 209
  • 1
  • 2
  • 14
  • 2
    Do you see any flow packets being sent? That will split the problem space in half. – David Schwartz Feb 08 '12 at 01:03
  • hm, i thought thats what i was seeing via tcpdump. is that not the case? – karmet Feb 08 '12 at 01:58
  • 1
    Take a look closely at them. If they look valid, then check the logs of whatever is supposed to collect the data from them. (flow-capture, I assume.) – David Schwartz Feb 08 '12 at 03:11
  • the tcpdump info looks good, its all coming from the mikrotik and looks like legit info. not sure what flow-capture is but it seems to be on my server. i'l look into it – karmet Feb 08 '12 at 04:34
  • Its working! I guess I didnt have flow-capture running. I didnt see flow-capture mentioned in any of the tut's I read and didnt know what it is. its an important part apparently. Thank you very much for the help. – karmet Feb 08 '12 at 09:15

1 Answers1

0

Something has to be listening for those UDP packets! Otherwise, they're just dropped on the floor.

David Schwartz
  • 31,215
  • 2
  • 53
  • 82