From netramet-owner Wed Feb 7 00:48:11 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id AAA11830 for netramet-outgoing; Wed, 7 Feb 1996 00:45:07 +1300 (NZDT)
Received: from atos.warman.com.pl (atos.warman.com.pl [148.81.168.6]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id AAA11813 for <
[email protected]>; Wed, 7 Feb 1996 00:44:44 +1300 (NZDT)
Received: (from abial@localhost) by atos.warman.com.pl (8.6.9/8.6.12) id MAA14740; Tue, 6 Feb 1996 12:44:31 +0100
Date: Tue, 6 Feb 1996 12:44:31 +0100 (MET)
From: Andrzej Bialecki <
[email protected]>
To:
[email protected]
Subject: a bug in fd_filter ?
Message-ID: <
[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Hi all,
I think I ran across a bug in "fd_filter" utility. When I start it with
one flow file as input, it should leave the first collection intact,
assuming that no calculations were made before, and the counters show
total number of bytes/packets collected so far. However, that's not the
case. :(
It does some calculations on these flows, but I've no idea what rates it
computes! In particular, here is source file, format file, and the output:
SOURCE:
==============
##NeTraMet v3.3: -c60 -r rules.ip critter ed1 10000 flows starting \
at 09:15:00 Tue 6 Feb 96
#Format: flowruleset flowindex firsttime sourcepeertype \
sourcepeeraddress destpeeraddress topdus frompdus \
tooctets fromoctets
#Time: 09:15:00 Tue 6 Feb 96 critter Flows from 32418499 to 32424500
#Stats: aps=0 apb=0 mps=0 mpb=0 lsp=0 avi=0.0 mni=0.0 fiu=3315 frc=138 \
gci=10 rpp=0.0 tpp=0.0 cpt=3.3 tts=1024 tsu=20528
10 113 3100 2 148.81.26.37 148.81.16.50 256432 313608 25130336\
30733584
10 117 3100 2 148.81.18.1 148.81.16.51 1324884 3275651 \
86004925 1464278028
10 132 3100 2 158.75.2.5 194.92.35.52 266674 25869 73582639\
1552140
OUTPUT:
==============
148.81.26.37 148.81.16.50 256432 313666 25130336 5684 ???
148.81.18.1 148.81.16.51 1324884 3275678 86004925 2139 ???
158.75.2.5 194.92.35.52 266681 25869 73583059 0 ???
FORMAT file:
==============
Format
SourcePeerAddress "\t" DestPeerAddress
"\t" ToPDURate FromPDURate "\t" ToOctetRate FromOctetRate;
SET 10;
I'd appreciate any comments on this.
Andy
+------------------------------------------------------------------------+
| ANDRZEJ BIALECKI, <
[email protected]>, NASK (WARMAN) |
| Research and Academic Network in Poland, Warsaw Area Network |
| phone: (+48 22) 414115, Bartycka 18, 00-716 Warsaw, Poland |
+------------------------------------------------------------------------+
From netramet-owner Fri Feb 23 15:35:13 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id PAA09252 for netramet-outgoing; Fri, 23 Feb 1996 15:32:00 +1300 (NZDT)
Received: from curly.cc.swin.edu.au (curly.cc.swin.edu.au [136.186.1.5]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id PAA09247 for <
[email protected]>; Fri, 23 Feb 1996 15:31:55 +1300 (NZDT)
Received: by curly.cc.swin.edu.au (5.65c/1.34)
id AA15205; Fri, 23 Feb 1996 13:31:50 +1100
Date: Fri, 23 Feb 1996 13:31:50 +1100
From:
[email protected] (Harry Raaymakers)
Message-Id: <
[email protected]>
To:
[email protected]
Subject: Looking for faq/archive
Sender:
[email protected]
Precedence: bulk
Hi all,
I have just joined this list and am looking for
an FAQ on Netramet to fill in some gaps in the docco.
There doesn't appear to be a mail archive for this list
but if there is could someone please point me to it.
I get the feeling this list maybe somewhat dead. Does that
mean that this product has been superceded by something better ?
Can anyone tell me the format for the NeMac.cfg file
(version 2.3 ) I am having problems getting the "-g" option
to work.
Thanks, Harry.
[email protected]
From netramet-owner Fri Feb 23 18:08:28 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id SAA15402 for netramet-outgoing; Fri, 23 Feb 1996 18:08:08 +1300 (NZDT)
Received: from iconz.co.nz (iconz.co.nz [202.14.100.2]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id SAA15396 for <
[email protected]>; Fri, 23 Feb 1996 18:08:07 +1300 (NZDT)
Received: (rowan@localhost) by iconz.co.nz (8.6.12/8.6.10) id RAA07921; Fri, 23 Feb 1996 17:40:25 +1300
Date: Fri, 23 Feb 1996 17:40:24 +1300 (NZDT)
From: Rowan Smith <
[email protected]>
To:
[email protected]
Subject: Netramet on a Sun IPC
Message-ID: <
[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Hi,
I have dedicated a SUN IPC to running Netramet meter, its a fresh install
of SunOS4.1.3_U1 straight off the CDRom.
The manager comunicates fine with it for a couple of days and then it
suddenly just stops and says unable to connect to meter in the nemac.log
file.
The meter still seems to be running, and if I restart nemac it finds the
meter again fine.
Has anyone else experienced problems like this?
The manager is running on a SS20, with ample RAM and disk on Solaris 2.5.
The IPC has 8Mb of RAM.
-Rowan
From netramet-owner Sun Feb 25 22:56:34 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id WAA06718 for netramet-outgoing; Sun, 25 Feb 1996 22:52:12 +1300 (NZDT)
Received: from pcug.org.au (supreme.pcug.org.au [203.10.76.34]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with ESMTP id WAA06713 for <
[email protected]>; Sun, 25 Feb 1996 22:52:06 +1300 (NZDT)
Received: (from jeremyb@localhost) by pcug.org.au (8.7.3/8.6.9) id UAA09237; Sun, 25 Feb 1996 20:51:53 +1100 (EST)
Date: Sun, 25 Feb 1996 20:51:53 +1100 (EST)
From: Jeremy Bishop <
[email protected]>
Message-Id: <
[email protected]>
To:
[email protected]
Subject: Re: Netramet on a Sun IPC
Cc:
[email protected]
Sender:
[email protected]
Precedence: bulk
Rowan Smith <
[email protected]> writes:
> I have dedicated a SUN IPC to running Netramet meter, its a fresh install
> of SunOS4.1.3_U1 straight off the CDRom.
>
> The manager comunicates fine with it for a couple of days and then it
> suddenly just stops and says unable to connect to meter in the nemac.log
> file.
>
> The meter still seems to be running, and if I restart nemac it finds the
> meter again fine.
>
> Has anyone else experienced problems like this?
Yes, I had the same problem when running netramet and nemac on a
Sparcserver 4/670 with Solaris 2.5. However. I didn't get a chance
to diagnose the problem before I had to move netramet and nemac to
another system (Sparcserver 4/370 with Solaris 2.4). I decided to
compile netramet and nemac from source (the versions running on
the 4/670 were binaries FTP'ed from the AARNET FTP mirror), and
since starting them about a week ago, haven't had a problem. So
if you haven't done so, I'd suggest getting the source and compiling
on your system.
BTW, as someone else recently asked, is there an FAQ for Netramet
and Nemac?
Regards,
Jeremy
--
Jeremy Bishop
AUUG Canberra Chapter
[email protected]
From netramet-owner Mon Feb 26 09:19:53 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id JAA16013 for netramet-outgoing; Mon, 26 Feb 1996 09:17:15 +1300 (NZDT)
Received: from jerry. ([202.12.105.13]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id JAA16008 for <
[email protected]>; Mon, 26 Feb 1996 09:17:14 +1300 (NZDT)
Received: by jerry. (SMI-8.6/SMI-SVR4)
id JAA24940; Mon, 26 Feb 1996 09:16:21 +1300
Date: Mon, 26 Feb 1996 09:16:21 +1300
From: gibsoni@jerry (Iain Gibson)
Message-Id: <199602252016.JAA24940@jerry.>
To:
[email protected]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-MD5: nS0SQaCGJTzhcUGjQMVBWA==
Sender:
[email protected]
Precedence: bulk
I am currently trialing netramet to measure our internet traffic.
I am running the meter and the manager on the one machine.
Using version 3.3 of NeMaC and neTraMet programs
Currently have several unanswered questions.
How do I run these processes in the background so I can close down the windows I
started them in?
I currently have version 3.2 of the documetation and of the programs fd_extract
and fd_filter (which don't seem to work against the 3.3 version flow files).
Is there a new version of the docs and these programs?
Should I really be using version 3.2 of the meter and manager.
In the docs it mentions being able to touch NeMaC.flag to start a new flow ( 3.2
docs ). Is there a different way of using this functionality in 3.3?
Iain Gibson
From netramet-owner Mon Feb 26 11:13:42 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id LAA21458 for netramet-outgoing; Mon, 26 Feb 1996 11:12:00 +1300 (NZDT)
Received: from atlantis.actrix.gen.nz (atlantis.actrix.gen.nz [192.100.53.23]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id LAA21453 for <
[email protected]>; Mon, 26 Feb 1996 11:11:58 +1300 (NZDT)
Received: (from uucp@localhost) by atlantis.actrix.gen.nz (8.6.11/8.6.9) id LAA01733 for
[email protected]; Mon, 26 Feb 1996 11:11:54 +1300
>Received: from notes.edm.co.nz (notes.edm.co.nz [192.9.200.4]) by demo.edm.co.nz (8.6.12/8.6.12) with SMTP id KAA14430 for <@demo.edm.co.nz:
[email protected]>; Mon, 26 Feb 1996 10:52:28 +1300
Received: from notes.edm.co.nz (notes.edm.co.nz [192.9.200.4]) by demo.edm.co.nz (8.6.12/8.6.12) with SMTP id KAA14430 for <@demo.edm.co.nz:
[email protected]>; Mon, 26 Feb 1996 10:52:28 +1300
Received: by notes.edm.co.nz (IBM OS/2 SENDMAIL VERSION 1.3.2)/1.0)
id AA0068; Mon, 26 Feb 96 10:54:02 -0800
Received: from EDM with "Lotus Notes Mail Gateway for SMTP" id
B3D4CB67E9A88B184C2562DB007C72E0; Mon, 26 Feb 96 10:53:58
Message-Id: <
[email protected]>
To: rowan <
[email protected]>, netramet <
[email protected]>
From: Paul Scheffer <
[email protected]>
Date: 26 Feb 96 10:51:55 BST
Subject: Netramet on a Sun IPC
Mime-Version: 1.0
Content-Type: Text/Plain
Sender:
[email protected]
Precedence: bulk
>I have dedicated a SUN IPC to running Netramet meter, its a fresh install
>of SunOS4.1.3_U1 straight off the CDRom.
>The manager comunicates fine with it for a couple of days and then it
>suddenly just stops and says unable to connect to meter in the nemac.log
>file.
>The meter still seems to be running, and if I restart nemac it finds the
>meter again fine.
>Has anyone else experienced problems like this?
Yes, I have. Most of the time its linked to when we force a new collection file
by touching the NeMaC.flag file but other times the meter just seems to give up.
What normally happens to us is that the Collector reports it cannot connect to
the Meter and the Meter indicates it isn't collecting packet information (by
reporting 0 packets/sec and 0 avg packets /sec) What we normally do is restart
the Meter (running on a Digital 386) and the Collector (DG Aviion) is happy
again.
I would normally suspect a problem with the PC platform but its strange that
its linked back to us forcing a new collection file.
PS
From netramet-owner Mon Feb 26 22:46:11 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id WAA14839 for netramet-outgoing; Mon, 26 Feb 1996 22:45:43 +1300 (NZDT)
Received: from atos.warman.com.pl (atos.warman.com.pl [148.81.168.6]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id WAA14833 for <
[email protected]>; Mon, 26 Feb 1996 22:45:33 +1300 (NZDT)
Received: (from abial@localhost) by atos.warman.com.pl (8.6.9/8.6.12) id KAA27944; Mon, 26 Feb 1996 10:45:18 +0100
Date: Mon, 26 Feb 1996 10:45:17 +0100 (MET)
From: Andrzej Bialecki <
[email protected]>
X-Sender:
[email protected]
To: Iain Gibson <gibsoni@jerry>
cc:
[email protected]
Subject: Re: your mail
In-Reply-To: <199602252016.JAA24940@jerry.>
Message-ID: <
[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Mon, 26 Feb 1996, Iain Gibson wrote:
> I am running the meter and the manager on the one machine.
> Using version 3.3 of NeMaC and neTraMet programs
This is also my question to the participants of this list: has anyone
*really* tested if such configuration works properly? I'm running it
myself on one machine (to avoid transmitting UDP traffic on insecure
network), and I didn't observe any problems (maybe they're so subtle.. :-)
> How do I run these processes in the background so I can close down the windows I
> started them in?
The parameters below are of course only examples, but the ending
ampersand is the most important:
NeTraMet -w test -k -s -f 5000 &
This command puts the process in background (i.e. detaches itself from
tty you're using, and thus allows you to do other things. Besides, when you
log out from the machine, the process is still running, contrary to the
normal situation, where all processes are killed on logout.)
One caveat though: if you start NeMaC with -v (verbose) switch, when you
put it in background it still writes to your console. E.g. when you are
happily editing your precious rule file, it spits at your screen all the
messages, and makes your screen unreadable.
> I currently have version 3.2 of the documetation and of the programs fd_extract
> and fd_filter (which don't seem to work against the 3.3 version flow files).
Well, they "almost" work - in fact they will if you use only basic functions
(I say so, because these I tested myself :-), but the programs check the
first line of the flow file, and if it says that the file was created
using version 3.3, the program complains (but nontheless processes data).
> Is there a new version of the docs and these programs?
> Should I really be using version 3.2 of the meter and manager.
You can find new versions of the fd_filter & fd_extract files in the same
place you got the meter program from. They should be in the same archive.
As for the version of the program: the author said it himself that this
version fixes some bugs. In my opinion it's better to run programs with
fewer bugs than with more. :-)
> In the docs it mentions being able to touch NeMaC.flag to start a new flow ( 3.2
> docs ). Is there a different way of using this functionality in 3.3?
I'm using version 3.3 and I don't have any problems using this feature.
It works just fine in the same way as in the version 3.2
I hope this helps you a bit,
Andy
+------------------------------------------------------------------------+
| ANDRZEJ BIALECKI, <
[email protected]>, NASK (WARMAN) |
| Research and Academic Network in Poland, Warsaw Area Network |
| phone: (+48 22) 414115, Bartycka 18, 00-716 Warsaw, Poland |
+------------------------------------------------------------------------+
From netramet-owner Mon Feb 26 23:40:03 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id XAA15689 for netramet-outgoing; Mon, 26 Feb 1996 23:38:44 +1300 (NZDT)
Received: from atos.warman.com.pl (atos.warman.com.pl [148.81.168.6]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id XAA15684 for <
[email protected]>; Mon, 26 Feb 1996 23:38:37 +1300 (NZDT)
Received: (from abial@localhost) by atos.warman.com.pl (8.6.9/8.6.12) id LAA29463; Mon, 26 Feb 1996 11:38:23 +0100
Date: Mon, 26 Feb 1996 11:38:22 +0100 (MET)
From: Andrzej Bialecki <
[email protected]>
X-Sender:
[email protected]
To: NeTraMet discussion list <
[email protected]>
Subject: HOW-TO running 2 meters on 1 machine
Message-ID: <
[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
Hi all,
I'd like to share with you my experiences in running two NeTraMets on one
machine. The situation was as follows: we had to set up the meters on two
ethernet links, going between the machines located at the same place. It
seemed a waste to use two different machines to only monitor the traffic.
So we prepared one PC 486DX 120 with 8 MB RAM and a big HDD. We put in two
ethernet cards.
Next, we installed FreeBSD 2.1-RELEASE, and recompiled the kernel in
order to build a packet filtering routines (Berkeley Packet Filter). (The
whole stuff is described in details in FreeBSD Handbook @www.freebsd.org).
Next step was to compile the libpcap library (I got the source from
ftp://ftp.ee.lbl.gov/libpcap-0.0.6.tar.Z). On FreeBSD 'make' complains
that the definition of sys_errlist conflicts with something. Since I had
no time to analyze the sources, I simply commented out the line that was
causing this error, and put my stuff there:
pcap.c BEFORE: extern char *sys_errlist[];
... return (sys_errlist [errnum]);
pcap.c AFTER: /*extern char *sys_errlist[];*/
... return ((char *) /*sys_errlist [*/errnum/*]*/);
[that is, return ((char *) errnum); ]
After these changes, 'make' creates needed library libpcap.a that uses bpf
device to capture the packets.
The next step is to compile the meter and manager. Since there were no
makefiles for FreeBSD, I decided to use ones for Linux. It worked - almost.
The macro isdigit() is improperly interpreted, if there are no
parentheses around it. So I had to replace every occurence of isdigit(arg)
with (isdigit(arg)). After these changes, the programs compile smoothly.
Note that you have to build the libsnmp.a library first, and then the
rest of the programs.
And here goes the hard part. I couldn't start the second copy of NeTraMet
on the same machine, even though it listened on different interface.
After couple of hours spent on analyzing the sources and manpages on
FreeBSD (after all, I'm not a hacker :-), I discovered what was causing
the problem. The first copy of the meter creates a socket, and binds it to
the standard SNMP port (161). The second copy also creates a socket, and
then tries to bind it to the same address, which is impossible (hence the
error). So I changed the definition of SNMP_PORT to
#define SNMP_PORT 200
(You must, of course, ensure that other application won't use this port).
Then I recompiled the meter AND the manager (because BOTH of the programs
must know what port they will use).
Then I renamed standard NeMaC and NeTraMet to nmc and ntm, and the
versions with SNMP_PORT=200 to nmc_200 and ntm_200. Then I started the
whole stuff on a host called smurf:
ntm -w test -k -s -f 5000 -i ed0 &
nmc -c 60 -r rules.lan -h 50 smurf test &
ntm_200 -w test1 -k -s -f 5000 -i ed1 &
nmc_200 -c 60 -r rules.lan -h 50 smurf test1 &
Today is the 20th day since it started, and it works with no problems
(except that we're running out of the disk space :-).
I'd appreciate any comments on this.
Andy
+------------------------------------------------------------------------+
| ANDRZEJ BIALECKI, <
[email protected]>, NASK (WARMAN) |
| Research and Academic Network in Poland, Warsaw Area Network |
| phone: (+48 22) 414115, Bartycka 18, 00-716 Warsaw, Poland |
+------------------------------------------------------------------------+
From netramet-owner Mon Feb 26 23:40:12 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id XAA15719 for netramet-outgoing; Mon, 26 Feb 1996 23:40:11 +1300 (NZDT)
Received: from atos.warman.com.pl (atos.warman.com.pl [148.81.168.6]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id XAA15714 for <
[email protected]>; Mon, 26 Feb 1996 23:40:05 +1300 (NZDT)
Received: (from abial@localhost) by atos.warman.com.pl (8.6.9/8.6.12) id LAA29482; Mon, 26 Feb 1996 11:39:57 +0100
Date: Mon, 26 Feb 1996 11:39:57 +0100 (MET)
From: Andrzej Bialecki <
[email protected]>
X-Sender:
[email protected]
To:
[email protected]
Subject: Re: your mail
Message-ID: <
[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Mon, 26 Feb 1996, Iain Gibson wrote:
> I am running the meter and the manager on the one machine.
> Using version 3.3 of NeMaC and neTraMet programs
This is also my question to the participants of this list: has anyone
*really* tested if such configuration works properly? I'm running it
myself on one machine (to avoid transmitting UDP traffic on insecure
network), and I didn't observe any problems (maybe they're so subtle.. :-)
> How do I run these processes in the background so I can close down the windows I
> started them in?
The parameters below are of course only examples, but the ending
ampersand is the most important:
NeTraMet -w test -k -s -f 5000 &
This command puts the process in background (i.e. detaches itself from
tty you're using, and thus allows you to do other things. Besides, when you
log out from the machine, the process is still running, contrary to the
normal situation, where all processes are killed on logout.)
One caveat though: if you start NeMaC with -v (verbose) switch, when you
put it in background it still writes to your console. E.g. when you are
happily editing your precious rule file, it spits at your screen all the
messages, and makes your screen unreadable.
> I currently have version 3.2 of the documetation and of the programs fd_extract
> and fd_filter (which don't seem to work against the 3.3 version flow files).
Well, they "almost" work - in fact they will if you use only basic functions
(I say so, because these I tested myself :-), but the programs check the
first line of the flow file, and if it says that the file was created
using version 3.3, the program complains (but nontheless processes data).
> Is there a new version of the docs and these programs?
> Should I really be using version 3.2 of the meter and manager.
You can find new versions of the fd_filter & fd_extract files in the same
place you got the meter program from. They should be in the same archive.
As for the version of the program: the author said it himself that this
version fixes some bugs. In my opinion it's better to run programs with
fewer bugs than with more. :-)
> In the docs it mentions being able to touch NeMaC.flag to start a new flow ( 3.2
> docs ). Is there a different way of using this functionality in 3.3?
I'm using version 3.3 and I don't have any problems using this feature.
It works just fine in the same way as in the version 3.2
I hope this helps you a bit,
Andy
+------------------------------------------------------------------------+
| ANDRZEJ BIALECKI, <
[email protected]>, NASK (WARMAN) |
| Research and Academic Network in Poland, Warsaw Area Network |
| phone: (+48 22) 414115, Bartycka 18, 00-716 Warsaw, Poland |
+------------------------------------------------------------------------+
From netramet-owner Tue Feb 27 01:55:19 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id BAA17738 for netramet-outgoing; Tue, 27 Feb 1996 01:54:45 +1300 (NZDT)
Received: from pcug.org.au (supreme.pcug.org.au [203.10.76.34]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with ESMTP id BAA17733 for <
[email protected]>; Tue, 27 Feb 1996 01:54:40 +1300 (NZDT)
Received: (from jeremyb@localhost) by pcug.org.au (8.7.3/8.6.9) id XAA11426 for
[email protected]; Mon, 26 Feb 1996 23:54:27 +1100 (EST)
Date: Mon, 26 Feb 1996 23:54:27 +1100 (EST)
From: Jeremy Bishop <
[email protected]>
Message-Id: <
[email protected]>
To:
[email protected]
Subject: Re: Netramet on a Sun IPC
Sender:
[email protected]
Precedence: bulk
With reference to Nemac failing to communicate with Netramet after a
period of time, yesterday I was foolish enough to write:
> I decided to
> compile netramet and nemac from source (the versions running on
> the 4/670 were binaries FTP'ed from the AARNET FTP mirror), and
> since starting them about a week ago, haven't had a problem.
Guess what happened today:
18:52:00 Mon 26 Feb 96 -- cheese: No response
18:54:00 Mon 26 Feb 96 -- cheese: No response
18:56:00 Mon 26 Feb 96 -- cheese: No response
etc.,etc.,...
Does anyone have any ideas? Might it be because I'm running both the
manager/collector and meter on the same system?
Also, I've seen mention of version 3.3. What features/fixes does this
offer over 3.2?
Thanks,
Jeremy
--
Jeremy Bishop
AUUG Canberra Chapter
[email protected]
From netramet-owner Tue Feb 27 23:07:08 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) id XAA02703 for netramet-outgoing; Tue, 27 Feb 1996 23:04:44 +1300 (NZDT)
Received: from atos.warman.com.pl (atos.warman.com.pl [148.81.168.6]) by mailhost.auckland.ac.nz (8.7.1/8.7.1-ua) with SMTP id XAA02696 for <
[email protected]>; Tue, 27 Feb 1996 23:04:26 +1300 (NZDT)
Received: (from abial@localhost) by atos.warman.com.pl (8.6.9/8.6.12) id LAA05675; Tue, 27 Feb 1996 11:03:16 +0100
Date: Tue, 27 Feb 1996 11:03:16 +0100 (MET)
From: Andrzej Bialecki <
[email protected]>
X-Sender:
[email protected]
To: Jeremy Bishop <
[email protected]>
cc:
[email protected]
Subject: Re: Netramet on a Sun IPC
In-Reply-To: <
[email protected]>
Message-ID: <
[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender:
[email protected]
Precedence: bulk
On Mon, 26 Feb 1996, Jeremy Bishop wrote:
> Guess what happened today:
>
> 18:52:00 Mon 26 Feb 96 -- cheese: No response
> 18:54:00 Mon 26 Feb 96 -- cheese: No response
> 18:56:00 Mon 26 Feb 96 -- cheese: No response
> etc.,etc.,...
>
> Does anyone have any ideas? Might it be because I'm running both the
> manager/collector and meter on the same system?
I run both of them on the same machine, and I had the same problems with
version 3.2. So I tried to run them separately, and guess what - the same
effect occured after some time.
When I installed v.3.3 about 2 months ago, everything works OK since then!
So it seems to me that this was a special feature of v3.2, which some
ungrateful people use to call 'a bug'. :-)
I hope this helps you.
Andy
+------------------------------------------------------------------------+
| ANDRZEJ BIALECKI, <
[email protected]>, NASK (WARMAN) |
| Research and Academic Network in Poland, Warsaw Area Network |
| phone: (+48 22) 414115, Bartycka 18, 00-716 Warsaw, Poland |
+------------------------------------------------------------------------+
From netramet-owner Thu Feb 29 16:47:17 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id QAA13791 for netramet-outgoing; Thu, 29 Feb 1996 16:43:20 +1300 (NZDT)
Received: from curly.cc.swin.edu.au (curly.cc.swin.edu.au [136.186.1.5]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with SMTP id QAA13781 for <
[email protected]>; Thu, 29 Feb 1996 16:43:17 +1300 (NZDT)
Received: by curly.cc.swin.edu.au (5.65c/1.34)
id AA12959; Thu, 29 Feb 1996 14:43:14 +1100
Date: Thu, 29 Feb 1996 14:43:14 +1100
From:
[email protected] (Harry Raaymakers)
Message-Id: <
[email protected]>
To:
[email protected]
Subject: metering problem
Sender:
[email protected]
Precedence: bulk
Hi all,
I am having some problems collecting stats for more then
an hour or so (@ 30 and 15 mins collections) from both a PC
and a SunOs meter.
It works Ok for while, but then it begins using
the default ruleset 1 instead of my ruleset 2.
The meter says "Switched to default rules"
Can anyone give some idea what can I do about this ?
Thanks
Harry.
From netramet-owner Thu Feb 29 21:46:05 1996
Received: (from majordom@localhost) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) id VAA21452 for netramet-outgoing; Thu, 29 Feb 1996 21:45:55 +1300 (NZDT)
Received: from dcns.csc.cuhk.edu.hk (hp712c.csc.cuhk.hk [137.189.28.103]) by mailhost.auckland.ac.nz (8.7.3/8.7.3-ua) with SMTP id VAA21441 for <
[email protected]>; Thu, 29 Feb 1996 21:45:51 +1300 (NZDT)
Received: (from ktso@localhost) by dcns.csc.cuhk.edu.hk (8.6.13/8.6.12) id QAA05158 for
[email protected]; Thu, 29 Feb 1996 16:45:37 +0800
From: SO Kwok Tsun <
[email protected]>
Message-Id: <
[email protected]>
Subject: Problems of fd_filter when there are no traffic
To:
[email protected]
Date: Thu, 29 Feb 1996 16:45:35 +0800 (HKT)
X-Mailer: ELM [version 2.4 PL24 ME8b]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender:
[email protected]
Precedence: bulk
hi,
I am not sure whether it has been asked before.
We have the NeMaC to record flow with -c 900 (15 mins) to create flow
files and use fd_filter to calculate usage by different subnets. It
should be just fine in most of the time. But it seems that NeMaC do
not record when the counter of a flow didn't change. We have some
small subnets that may not even have traffic at some time. So in
some intervals, some subnets didn't show up. And in the next
interval, it show up again. But then, fd_filter thought that the
counter is 0 in the previous interval and so it give a very large
value after subtracting 0.
Are there any ways that NeMaC record all the flows even the counter has
not been changed? Or we better make the interval longer? But it seems
that it is not secure enough. Thanks for any comment!
SO Kwok-tsun, Alan
Information Technology Service Unit
The Chinese University of Hong Kong
