Cisco CNS NetFlow Collection Engine Installation and Configuration Guide, 4.0
Troubleshooting CNS NetFlow Collection Engine
Download this chapter
Troubleshooting CNS NetFlow Collection EngineTroubleshooting CNS NetFlow Collection Engine
give_us_feedback

Table Of Contents

Troubleshooting CNS NetFlow Collection Engine

Using the nfcollector status Command

Using the show-tech Command to Capture Troubleshooting Information

CNS NetFlow Collection Engine Tools and Utilities

fdcount Utility

fdget Utility

fdplayback Utility

nfc_gunzip Utility

nfc_bin_to_ascii Utility

Solving CNS NetFlow Collection Engine Problems


Troubleshooting CNS NetFlow Collection Engine

This appendix provides helpful information and procedures in case you encounter problems while using CNS NetFlow Collection Engine. This appendix contains the following sections:

"Using the nfcollector status Command" section

"Using the show-tech Command to Capture Troubleshooting Information" section

"CNS NetFlow Collection Engine Tools and Utilities" section

"Solving CNS NetFlow Collection Engine Problems" section.

Using the nfcollector status Command

The nfcollector status command provides an easy way to determine the following:

what environment variables are set

which processes are running (or not running)

which temporary files have been created

how much disk space is available in the partition where CNS NetFlow Collection Engine is installed.

To invoke the nfcollector status command, enter the following command line at the UNIX prompt: 

$ $NFC_DIR/bin/nfcollector status

When invoked, the nfcollector status command displays status information about CNS NetFlow Collection Engine and the UNIX workstation on which CNS NetFlow Collection Engine is running, including the following examples:

Environment variables: 

NFC_DIR=/opt/CSCOnfc

NFC_RESOURCEFILE=$NFC_DIR/config/nf.resources

Running and stopped processes: 

NFCD: running (pid: 8745)

NFCollector Aggregation: stopped

NFCollector Timer: stopped

nfcxml.sh: stopped


Note If the nfcollector status command indicates that a process is stopped, there may be a problem with the CNS NetFlow Collection Engine workstation. See the "Starting CNS NetFlow Collection Engine" section on page 2-15 for information on how to start CNS NetFlow Collection Engine processes.

Temporary files that have been created: 

-rw-r-----  1 mkjeeves eng        5 Jun 5 10:53 /tmp/nfcd.pid

-rw-r-----  1 mkjeeves eng        8 Jun 5 10:53 /tmp/nfcd.uid

p---------  1 mkjeeves eng        0 Jun 5 10:53 /tmp/nfcunix.dg

Details on running processes: 

mkjeeves  8745     1  0  10:53:14 pts/3     0:00 /opt/CSCOnfc/bin/NFCD

Disk space available in the CNS NetFlow Collection Engine partition: 

Disk Space for /opt/CSCOnfc:

Filesystem          kbytes   used    avail   capacity   Mounted on

/dev/dsk/c0t0d0s5  2100876  44722  1846074         3%   /opt

Using the show-tech Command to Capture Troubleshooting Information

The show-tech command provides an easy way to generate all the debugging information necessary for support and troubleshooting purposes.

To invoke the show-tech command, enter the following command line at the UNIX prompt: 

$ $NFC_DIR/bin/nfcollector show-tech

Note To capture running configuration information, you should invoke the show-tech command while CNS NetFlow Collection Engine is running.

When invoked, the show-tech command creates a log file named show-tech.log in the $NFC_DIR/logs directory, and saves the following information in it:

Username

Current time

Relevant environment variables

System information

System tunable parameters

nfc_install.log, nfcd.log, nfc.log, nfcgw.log, and nfcxml.log files (with running configuration dump)

nf.resources and nfconfig.file files

udp_max_buf (only on Solaris installations)

netstat results

Disk space

pkginfo (only on Solaris installations)

swlist (only on HP-UX installations)

Process listing

Control files.

CNS NetFlow Collection Engine Tools and Utilities

The utilities described in this section are typically used to troubleshoot CNS NetFlow Collection Engine operation by providing a way to capture and play back received NetFlow data. The process emulates a Cisco export device generating NetFlow data through the NetFlow data export feature. The utilities are available in the $NFC_DIR/tools directory.

fdcount Utility

The fdcount utility listens to a user-specified UDP port, samples a user-specified number of incoming datagrams, and calculates the average incoming rate. Enter: 

$NFC_DIR/tools/fdcount [-p UDP-port] [-c count] [-s socket-buffer]

where:

-p UDP-port

UDP port number on which flows are to be received. The default is 9991.

-c count

Number of flows to sample before calculating the incoming rate. The default is 100.

-s socket-buffer

Receive socket buffer size, in bytes. The default is 90000 bytes.


fdget Utility

The fdget utility listens to a user-specified UDP port to receive flow data and prints some of the fields from the received flow packets to the standard output. One use of this capability is to print flow data sent by the fdplayback utility. Enter: 

$NFC_DIR/tools/fdget [-p UDP-port] [-s socket-buffer] [-a]

where:

-p UDP-port

UDP port number on which flows are to be received. The default is 9991.

-s socket-buffer

Receive socket buffer size, in bytes. The default is 90000 bytes. This argument and value determine how many datagrams the kernel stores in this buffer as datagrams come in from the network. The larger the buffer, the more time fdget has to consume data from the buffer before the buffer overflows. If the buffer overflows, datagrams are lost.

-a

Print an acknowledgment only. The default is to print the content of flows. Using -a means print only an acknowledgment for each datagram received rather than the content of the datagram.


fdplayback Utility

The fdplayback utility reads a data file of NetFlow data created by CNS NetFlow Collection Engine or some other tool and sends the flow data to a user-specified destination. Enter: 

$NFC_DIR/tools/fdplayback [-f datafile] [-d IP-address] [-p UDP-port] [-i delay] 

[-b burst] [-s socket-buffer] [-t flows]

where:

-

-f datafile

Name of data file to play back to the user-specified destination (defined by IP address and UDP port number).

-d IP-address

Destination IP address.

-p UDP-port

Destination UDP port number. The default is 9991.

-i delay

Delay (in milliseconds) between datagrams. The default is 1000. The longer the delay, the more separation there is between datagrams being sent to the receiving destination.

-b burst

Number of flows sent in each burst. The default is 10. This argument is used in conjunction with -i to control the speed and "burstiness" of the playback.

-s socket-buffer

Receive socket buffer size, in bytes. The default is 90000 bytes.

-t flows

Number of flows to play back in this session. The default is all flows in the data file. If the data file contains 1000 datagrams and you set -t to 1, fdplayback only sends one datagram.


nfc_gunzip Utility

The nfc_gunzip utility is used to uncompress CNS NetFlow Collection Engine data files that are created with the compression option set to yes. Compressed files are identified with a .gz extension. If the compressed file is in binary format, the extension is .bin.gz. See the "Creating a Thread" section on page 5-9 for details on these file creation options. To use this utility enter: 

$NFC_DIR/tools/nfc_gunzip filename

nfc_bin_to_ascii Utility

The nfc_bin_to_ascii converter utility is used to convert binary format data files to ASCII format data files. Binary data files are identified with a .bin extension. If compression is applied to the file, it is identified with a .bin.gz extension. See the "Creating a Thread" section on page 5-9 for details on these file creation options. To use this utility enter: 

$NFC_DIR/tools/nfc_bin_to_ascii filename "delimiter"

Note The delimiter option can be the "," or "|" characters. Quotes are required in the delimiter parameter. If no delimiter is used, the "|" character is used by default.

Solving CNS NetFlow Collection Engine Problems

This section discusses some basic problems that you might encounter while attempting to run CNS NetFlow Collection Engine.

Symptom Starting CNS NetFlow Collection Engine starts the CNS NetFlow Collection Engine Daemon (NFCD) but no other processes.

Possible Cause Look in the $NFC_DIR/logs/nfc.log file. If there is a message prefixed with the label "ERROR," CNS NetFlow Collection Engine encountered an illegal or incomplete configuration parameter while starting up.

Recommended Action Perform the following steps:

Step 1 Use the nfcollector status command to verify which processes are running.

Step 2 Use the nfcollector stop all command to stop CNS NetFlow Collection Engine.

Step 3 Look in the appropriate configuration file for one of the following:

a configuration parameter that does not follow the required syntax

an invalid configuration value

a configuration parameter with one or more required lines preceded by comment characters.

Step 4 Fix the configuration file.

Step 5 Restart CNS NetFlow Collection Engine.

Symptom The nfcollector stop all command does not stop all of the processes.

Possible Cause In some rare cases, CNS NetFlow Collection Engine might find itself in a state where the nfcollector stop all command does not stop the CNS NetFlow Collection Engine cleanly, leaving temporary files in /tmp.

Recommended Action Use the nfcollector clean command to force all processes related to CNS NetFlow Collection Engine to stop. The nfcollector clean command then cleans up all /tmp files related to CNS NetFlow Collection Engine operation.

Symptom CNS NetFlow Collection Engine data files are not being written to the directory specified in the DataSetPath thread attribute.

Possible Cause Either the DataSetPath thread attribute process does not have the appropriate permission settings, or the MaxUsage thread attribute value has been exceeded.

Recommended Action Look at the nfc.log file to find the exact cause. If the problem is permission settings, fix the permission settings and try again. If the problem is related to the MaxUsage setting, increase the limit (if acceptable). You might need to make more disk space available in this partition.

Symptom The export device is exporting NetFlow data to a port, but CNS NetFlow Collection Engine does not see any data.

Possible Cause Check the nfc.log file for an error message about not being able to bind to that UDP port. If you find such a message, some other application is using that port.

Recommended Action Verify that the export device is not using a reserved port number in its attempt to export data to CNS NetFlow Collection Engine. Use an unreserved port number in the range 1024 to 65535 (for example, 9995 or 9996) to export data to CNS NetFlow Collection Engine.

Symptom The filesready file does not display the FORMAT identifier header.

Possible Cause CNS NetFlow Collection Engine is operating in CNS NetFlow Collection Engine 2.0-compatible mode.

Recommended Action Reconfigure CNS NetFlow Collection Engine to operate in CNS NetFlow Collection Engine 2.0-compatible mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying CNS NetFlow Collection Engine Resources" section on page 5-32

Symptom A Thread ID subdirectory has not been created.

Possible Cause CNS NetFlow Collection Engine is operating in CNS NetFlow Collection Engine 2.0-compatible mode.

Recommended Action Reconfigure CNS NetFlow Collection Engine to operate in CNS NetFlow Collection Engine 2.0-compatible mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying CNS NetFlow Collection Engine Resources" section on page 5-32.

Symptom The MaxUsage attribute that is configured in an NF_Thread is not working. Data files are taking up more space than is specified in the parameter.

Possible Cause CNS NetFlow Collection Engine is operating in CNS NetFlow Collection Engine 2.0-compatible mode.

Recommended Action Reconfigure CNS NetFlow Collection Engine to operate in CNS NetFlow Collection Engine 2.0-compatible mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying CNS NetFlow Collection Engine Resources" section on page 5-32.

Symptom There is no AGGREGATION_DEFINITION section in any data files.

Possible Cause CNS NetFlow Collection Engine is operating in CNS NetFlow Collection Engine 2.0-compatible mode.

Recommended Action Reconfigure CNS NetFlow Collection Engine to operate in CNS NetFlow Collection Engine 2.0-compatible mode. See the NFC20_COMPATIBLE_MODE option in the "Modifying CNS NetFlow Collection Engine Resources" section on page 5-32.

Symptom While writing a data file, CNS NetFlow Collection Engine stops functioning, and a core dump occurs.

Possible Cause This is probably occurring on an HP-UX system with a maxdsiz parameter that is set too low.

Recommended Action See the "Installing CNS NetFlow Collection Engine" section on page 2-2 for information on this parameter.

Symptom Authentication is not working on an HP-UX system.

Possible Cause The HP-UX system is not set up in Trusted System Mode.

Recommended Action Reconfigure the HP-UX system to operate in Trusted System Mode.

Symptom During installation on a Solaris system, an error is encountered and CNS NetFlow Collection Engine does not finish installing.

Possible Cause The system is running Solaris Version 2.7.

Recommended Action Use a system running Solaris Version 2.51 or 2.6. Solaris Version 2.7 is not supported.

Symptom During installation on an HP-UX system, an error is encountered and CNS NetFlow Collection Engine does not finish installing.

Possible Cause The system is running HP-UX Version 10.20 or another unsupported HP-UX version.

Recommended Action Use a system running HP-UX version 11.0. All other HP-UX versions are not supported.