Cactiusers.org

I set up flowview and everything seems to work fine. I add a single device, give it port 2055, and a directory (lets call it RouterA). I set Router A to export netflow to my Cacti server on port 2055. I see traffic coming in on port 2055, and files like "ft-v05.2010-01-29.051901-0500" begin appearing in the RouterA/YYYY-MM-DD directory. I go to flowviewer in Cacti, select RouterA, and tell it to show data and everything shows up. I am happy.

Then, I add a new Device (RouterB). Now I use port 2056, and tell it to use directory RouterB. I restart the flow-capture service by typing:

/etc/init.d/flow-capture stop
/etc/init.d/flow-capture start

I do "ps aux | grep flow" and get:

root 3063 0.0 0.0 5000 980 ? Ss 15:55 0:00 /usr/bin/flow-capture -w /var/netflow/flows/274_Cogent_T1 0/10.10.10.10/2055 -S5 -V5 -z 0 -n 1439 -e 10080 -N -1
root 3065 0.0 0.0 5732 644 ? Ss 15:55 0:00 /usr/bin/flow-capture -w /var/netflow/flows/PTP280 0/192.168.1.3/2056 -S5 -V5 -z 0 -n 1439 -e 10080 -N -1

So it looks like both services are running fine. I tell RouterB to export netflow to the cacti server on port 2056. I am getting traffic on port 2056, and RouterB/YYYY-MM-DD is filling with flow files as well. I go back to Cacti and try to show data for RouterB, and get nothing. I am unhappy. Anyone have any ideas? Thanks.

The first thing to always check is to make sure the time on the router is the same time on the cacti server, since the report goes by the cacti server time, but the scanner goes by the router time, so it gets out of wack.

AH HA! I have found the problem. Thank you for your suggestion, I hadn't thought of that but it wasn't the problem. The problem was the firewall, traffic from port 2056 was being blocked. I had always thought the tcpdump command showed information post firewall, but I guess that is not the case.