From netramet-owner Thu Jul 1 16:01:15 1999

From netramet-owner Thu Jul 1 16:01:15 1999
Received: (from majordom@localhost)
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id PAA24824
for netramet-outgoing; Thu, 1 Jul 1999 15:57:39 +1200 (NZST)
Received: from cc-server9.massey.ac.nz (cc-server9.massey.ac.nz [130.123.128.11])
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id PAA24816
for <[email protected]>; Thu, 1 Jul 1999 15:57:36 +1200 (NZST)
Received: from its-xchg1.massey.ac.nz (actually its-xchg1)
by cc-server9.massey.ac.nz with SMTP(PP);
Thu, 1 Jul 1999 15:56:16 +1200
Received: by its-xchg1.massey.ac.nz with Internet Mail Service (5.5.2448.0)
id <NPS8RY9N>; Thu, 1 Jul 1999 15:57:18 +1200
Message-ID: <[email protected]>
From: "Eustace, Glen" <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: Weird Set numbers
Date: Thu, 1 Jul 1999 15:57:12 +1200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2448.0)
Content-Type: text/plain; charset="iso-8859-1"
Sender: [email protected]
Precedence: bulk

I am trying to get 4.3b10 working on RedHat Linux v6, I gave up on 4.2 as
NeMaC core dumped regularly at random. So often that it was pretty useless.

4.3b10 seems to be much more stable but I have a strange problem.

The rules being down loaded to the meter are definitely SET 2 in the rule
file but everytime I restart NeMaC what ends up on the meter seems to be a
random SET number between 1-17 ( at this stage ). The rules seem to
function correctly but of course the set number in the flow file never stays
the same. This makes processing with fd_extract a little difficult.

Any clues ?

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Glen Eustace, Systems Engineer - Networking, Computing Services,
Massey University, Private Bag 11222, Palmerston North, N.Z.
Ph: +64 6 350 5161, Fax: +64 6 350 5607, Mobile +64 25 500 321
Pvt Ph: +64 6 356 2562

From netramet-owner Sun Jul 4 03:42:57 1999
Received: (from majordom@localhost)
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id DAA25169
for netramet-outgoing; Sun, 4 Jul 1999 03:38:15 +1200 (NZST)
Received: from compaq-nb ([email protected] [130.216.3.1])
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id DAA25164;
Sun, 4 Jul 1999 03:38:10 +1200 (NZST)
From: Nevil Brownlee <[email protected]>
To: "Eustace, Glen" <[email protected]>
Cc: "'[email protected]'" <[email protected]>
Subject: Re: Weird Set numbers
In-Reply-To: <[email protected]>
Message-ID: <[email protected]>
Date: Sun, 4 Jul 1999 04:37:29 +1300 (DST)
Priority: NORMAL
X-Mailer: Simeon for Win32 Version 4.1.5 Build (43)
X-Authentication: none
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: [email protected]
Precedence: bulk

Hello Glen:

> I am trying to get 4.3b10 working on RedHat Linux v6, I gave up on
> 4.2 as NeMaC core dumped regularly at random. So often that it was
> pretty useless.

Yes. 43b10 is ready to go as the 4.3 release. I'm working on the
documentation, but that won't be complete until after I get home from
the Oslo IETF meeting, i.e. early August.

> 4.3b10 seems to be much more stable but I have a strange problem.
> The rules being down loaded to the meter are definitely SET 2 in the rule
> file but everytime I restart NeMaC what ends up on the meter seems to be a
> random SET number between 1-17 ( at this stage ). The rules seem to
> function correctly but of course the set number in the flow file never stays
> the same. This makes processing with fd_extract a little difficult.

The number you provide on the SET statement is the ruleset's name.
The MIB allows it to be a 16-char identifier, but (so far) I've
kept it as an integer so as to maintain compatibilty with old (V3)
rulesets.

The actual ruleset number it runs as on the meter is chosen at random
in the range 1..20 by NeMaC when it downloads the ruleset - this was
part of allowing the meter to run multiple rulesets at the same time.
The flow data file has a #Ruleset record in its header giving you
the mapping between the ruleset name and its actual ruleset index
in the meter.

Cheers, Nevil

+---------------------------------------------------------------------+
| Nevil Brownlee Director, Technology Development |
| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
+---------------------------------------------------------------------C

From netramet-owner Fri Jul 9 19:22:00 1999
Received: (from majordom@localhost)
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id TAA19867
for netramet-outgoing; Fri, 9 Jul 1999 19:17:25 +1200 (NZST)
Received: from riegeler.inm.de (ns.inm.de [195.20.81.35])
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id TAA19861
for <[email protected]>; Fri, 9 Jul 1999 19:17:19 +1200 (NZST)
Received: from sol.inm.de (sol.inm.de [195.20.81.34])
by riegeler.inm.de (8.9.1/8.9.1) with ESMTP id JAA31970
for <[email protected]>; Fri, 9 Jul 1999 09:16:46 +0200
Received: from viagra.inm.de (viagra.inm.de [195.20.81.52])
by sol.inm.de (8.9.1/8.9.1) with ESMTP id JAA13015
for <[email protected]>; Fri, 9 Jul 1999 09:16:45 +0200 (CEST)
Received: from ip23.net ([195.20.81.231]) by viagra.inm.de
(Netscape Messaging Server 3.5) with ESMTP id AAA3D56
for <[email protected]>; Fri, 9 Jul 1999 09:16:43 +0200
Message-ID: <[email protected]>
Date: Fri, 09 Jul 1999 09:16:43 +0200
From: Wolfgang Wilhelmy <[email protected]>
Organization: IP23 Gesellschaft fuer IP-basierte Dienstleistungen mbH
X-Mailer: Mozilla 4.08 [en] (X11; I; OpenBSD 2.3 i386)
MIME-Version: 1.0
To: "'[email protected]'" <[email protected]>
Subject: Invalid option: -h
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

hi,

> ./NeTraMet -h
> NeTraMet: Network Meter v4.3b10
> 0852:59 Invalid option: -h

> ./NetFwd
> Usage: NetFwd [OPTION]...
> A redirector/consolidator for NetFlow data streams:
>
> -t HST Host to send packets to
>
> -p PRT Port nbr to send packets to (default 9996)
> -i IFN Specify UDP port to read from (maximum of 4)

The help message of the option '-p' belongs to '-i' and vice versa.

NeMac -s -r rulefile returns 0 even if the rulefile has errors.

Bye
--
Wolfgang Wilhelmy [email protected]

From netramet-owner Fri Jul 9 22:49:52 1999
Received: (from majordom@localhost)
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id WAA27942
for netramet-outgoing; Fri, 9 Jul 1999 22:49:03 +1200 (NZST)
Received: from compaq-nb ([email protected] [130.216.3.1])
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id WAA27930;
Fri, 9 Jul 1999 22:48:52 +1200 (NZST)
From: Nevil Brownlee <[email protected]>
To: "Gabert, Alexander" <[email protected]>
Cc: [email protected]
Subject: Re: y2k
In-Reply-To: <8036C8B5A8C2D21188400080C890C13D18AEE5@HBMSC08>
Message-ID: <[email protected]>
Date: Fri, 9 Jul 1999 23:47:58 +1300 (DST)
Priority: NORMAL
X-Mailer: Simeon for Win32 Version 4.1.5 Build (43)
X-Authentication: none
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Sender: [email protected]
Precedence: bulk

Hello Alexander:

> is netramet 4.2 (linux) y2000- compliant and if not why not or if yes, how
> did you test it ??
>
> i guess, if it is using unix timestamps, and i suppose it does so,
> it would not have such thing as a y2k problem.
>
> please help me as there is no information on your web page
> http://www.auckland.ac.nz/net/Accounting/ntm.Release.note.html
> and the mailing list is in gzipped format... to unconvenient to scan for
> keywords ;-(

NeTraMet 4.1 changed the form of dates in its flow data files to use
four-digit years. Apart from that, all the Manager/Collector programs
(NeMaC, nifty, etc.) use Unix dates, so they'll wrap when Unix does
in 2038.

All times in the meter (NeTraMet) are relative to the meter startup
time, and (being 32-bit values) they may wrap; user's analysis software
must allow for this.

I haven't done any explicit testing, but - as you've observed - I have
no reason to doubt that since it only uses Unix dates it doesn't have
any problem with year 2000.

Cheers, Nevil

+---------------------------------------------------------------------+
| Nevil Brownlee Director, Technology Development |
| Phone: +64 9 373 7599 x8941 ITSS, The University of Auckland |
| FAX: +64 9 373 7425 Private Bag 92019, Auckland, New Zealand |
+---------------------------------------------------------------------C

From netramet-owner Wed Jul 21 00:14:40 1999
Received: (from majordom@localhost)
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id AAA06441
for netramet-outgoing; Wed, 21 Jul 1999 00:08:24 +1200 (NZST)
Received: from riegeler.inm.de (ns.inm.de [195.20.81.35])
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id AAA06434
for <[email protected]>; Wed, 21 Jul 1999 00:08:15 +1200 (NZST)
Received: from sol.inm.de (sol.inm.de [195.20.81.34])
by riegeler.inm.de (8.9.1/8.9.1) with ESMTP id OAA13153
for <[email protected]>; Tue, 20 Jul 1999 14:07:38 +0200
Received: from viagra.inm.de (viagra.inm.de [195.20.81.52])
by sol.inm.de (8.9.1/8.9.1) with ESMTP id MAA11157
for <[email protected]>; Tue, 20 Jul 1999 12:24:40 +0200 (CEST)
Received: from ip23.net ([195.20.81.231]) by viagra.inm.de
(Netscape Messaging Server 3.5) with ESMTP id AAA61BD
for <[email protected]>; Tue, 20 Jul 1999 12:24:39 +0200
Message-ID: <[email protected]>
Date: Tue, 20 Jul 1999 12:24:39 +0200
From: Wolfgang Wilhelmy <[email protected]>
Organization: IP23 Gesellschaft fuer IP-basierte Dienstleistungen mbH
X-Mailer: Mozilla 4.08 [en] (X11; I; OpenBSD 2.3 i386)
MIME-Version: 1.0
To: "'[email protected]'" <[email protected]>
Subject: NeMaC dumps core
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hi,

NeMac tries to write a file ending in '.pid' to store its process-ID.
If the file already exists and is _not_ writeable for the user starting
NeMac, the result is, that NeMac dies silently without any error message
and dumps core.

So, if you can't start your Reader/Manager, search for files *.pid and
check ownerships and permissions.

Bye
--
Wolfgang Wilhelmy [email protected]

From netramet-owner Fri Jul 23 06:29:46 1999
Received: (from majordom@localhost)
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id GAA01077
for netramet-outgoing; Fri, 23 Jul 1999 06:22:14 +1200 (NZST)
Received: from reduno.reduno.com.mx (reduno.reduno.com.mx [192.100.183.178])
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with ESMTP id GAA01072
for <[email protected]>; Fri, 23 Jul 1999 06:22:06 +1200 (NZST)
Received: from 148-59.reduno.com.mx (148-59.reduno.com.mx [200.4.148.59])
by reduno.reduno.com.mx (8.9.2/8.9.2) with SMTP id NAA19322
for <[email protected]>; Thu, 22 Jul 1999 13:18:11 -0600 (CST)
Received: by 148-59.reduno.com.mx with Microsoft Mail
id <[email protected]>; Thu, 22 Jul 1999 13:21:27 -0500
Message-ID: <[email protected]>
From: Osvaldo Fonseca <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: Problem compiling NeTraMet in solaris 2.4
Date: Thu, 22 Jul 1999 13:21:25 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: [email protected]
Precedence: bulk

Hi,

I'm trying to compile NeTraMet 4.2 in a Solaris 2.4, I'm not really expert with gcc compiler and I'm stuck with this:
~/autoconf/make

cd snmplib; make
cd meter; make
cd manager; make
cc -o NeMaC nmc.o nmc_pars.o nmc_c64.o nmc_snmp.o ../snmplib/libsnmp.a -lresolvb
Undefined first referenced
symbol in file
srandom ../snmplib/libsnmp.a(snmpapi.o)
random ../snmplib/libsnmp.a(snmpapi.o)
ld: fatal: Symbol referencing errors. No output written to NeMaC
*** Error code 1
make: Fatal error: Command failed for target `NeMaC'
Current working directory /export/home/usuarios/motif/netra2/NeTraMet42/autoconr
*** Error code 1
make: Fatal error: Command failed for target `all'

Any Ideas?

Regards.

-----Mensaje original-----
De: Wolfgang Wilhelmy [SMTP:[email protected]]
Enviado el: Martes 20 de Julio de 1999 5:25 AM
Para: '[email protected]'
Asunto: NeMaC dumps core

Hi,

NeMac tries to write a file ending in '.pid' to store its process-ID.
If the file already exists and is _not_ writeable for the user starting
NeMac, the result is, that NeMac dies silently without any error message
and dumps core.

So, if you can't start your Reader/Manager, search for files *.pid and
check ownerships and permissions.

Bye
--
Wolfgang Wilhelmy [email protected]

From netramet-owner Fri Jul 30 09:56:55 1999
Received: (from majordom@localhost)
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) id JAA21927
for netramet-outgoing; Fri, 30 Jul 1999 09:49:49 +1200 (NZST)
Received: from cc-server9.massey.ac.nz (cc-server9.massey.ac.nz [130.123.128.11])
by mailhost.auckland.ac.nz (8.9.2/8.9.2/8.9.2-ua) with SMTP id JAA21917
for <[email protected]>; Fri, 30 Jul 1999 09:49:46 +1200 (NZST)
Message-ID: <[email protected]>
From: "Eustace, Glen" <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: Interface problems
Date: Fri, 30 Jul 1999 09:49:57 +1200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Sender: [email protected]
Precedence: bulk

I am running 4.3 on RedHat v6, i.e. 2.2.5 kernel.

I have two interfaces, eth0 for general network connectivity and eth1 that
is only used by NeTraMet to capture traffic from our DMZ.

Everything had been quite rosy for about 2 weeks. Then eth1 stopped passing
traffic. I didn't even notice for a few days as NeTraMet and NeMac were
quite happy just all thr flows dissappeared and the network went quite.

I tried stopping and starting the processes and that didn't do anything.

netstat -i showed the expected high Rx Pkts but no activity, Rx Errors on
the other hand was ticking over.

I rebooted the box and evrything is now working fine again.

Is anyone aware of any problems with the packet filtering in this release of
the linux kernel ?

Any comment or ideas appreciated.

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Glen Eustace, Systems Engineer - Networking, Computing Services,
Massey University, Private Bag 11222, Palmerston North, N.Z.
Ph: +64 6 350 5161, Fax: +64 6 350 5607, Mobile +64 25 500 321
Pvt Ph: +64 6 356 2562