netflow tools - May 2005 - Flowd error

Hi,

I''m sending netflow Tickets with pfflowd to 127.0.0.1:12345 and I would
recover them with flowd but there is a snag I don''t understand.


rozen at 2727[rozen]# flowd -d

read_config: entering
child_get_config: entering
recv_config: entering fd = 3
recv_config: ready to receive config
send_config: entering fd = 4
send_config: done
child_get_config: child config done
bind: Address already in use
Listener setup of [127.0.0.1]:12345 failed

and my flowd.conf :

logfile "/var/log/flowd"
listen on 127.0.0.1:12345
flow source 127.0.0.1
store ALL
discard all
accept agent 127.0.0.1
accept agent [::1]

Thank you for answers

On May 24, 2005, at 9:05 AM, Rozen wrote:
> Hi,
>
> I''m sending netflow Tickets with pfflowd to 127.0.0.1:12345 and I 
> would recover them with flowd but there is a snag I don''t
understand.
>
>
> rozen at 2727[rozen]# flowd -d
>
> read_config: entering
> child_get_config: entering
> recv_config: entering fd = 3
> recv_config: ready to receive config
> send_config: entering fd = 4
> send_config: done
> child_get_config: child config done
> bind: Address already in use
> Listener setup of [127.0.0.1]:12345 failed
There is already something listening at 127.0.0.1:12345.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Jason Dixon wrote:
> On May 24, 2005, at 9:05 AM, Rozen wrote:
>
>> Hi,
>>
>> I''m sending netflow Tickets with pfflowd to 127.0.0.1:12345
and I
>> would recover them with flowd but there is a snag I don''t
understand.
>>
>>
>> rozen at 2727[rozen]# flowd -d
>>
>> read_config: entering
>> child_get_config: entering
>> recv_config: entering fd = 3
>> recv_config: ready to receive config
>> send_config: entering fd = 4
>> send_config: done
>> child_get_config: child config done
>> bind: Address already in use
>> Listener setup of [127.0.0.1]:12345 failed
>
>
> There is already something listening at 127.0.0.1:12345.
>
> -- 
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net
>
>
>
>
Thank you for this quick answer, but there is a new problem; I don''t 
understand what file does it want  when I do flowd in debugging mode ?


---------------------terminal-----------------------------------------
rozen at 2727[rozen]# flowd -d

read_config: entering
child_get_config: entering
recv_config: entering fd = 3
recv_config: ready to receive config
send_config: entering fd = 4
send_config: done
child_get_config: child config done
Listener for [127.0.0.1]:12345 fd = 3
privsep_init: entering
chdir(no): No such file or directory
privsep_master: child exited
child exited with status 1
------------------------------------------------------------------------------

On May 24, 2005, at 9:35 AM, Rozen wrote:
> Thank you for this quick answer, but there is a new problem; I
don''t
> understand what file does it want  when I do flowd in debugging mode ?
>
>
> ---------------------terminal-----------------------------------------
> rozen at 2727[rozen]# flowd -d
>
> read_config: entering
> child_get_config: entering
> recv_config: entering fd = 3
> recv_config: ready to receive config
> send_config: entering fd = 4
> send_config: done
> child_get_config: child config done
> Listener for [127.0.0.1]:12345 fd = 3
> privsep_init: entering
> chdir(no): No such file or directory
> privsep_master: child exited
> child exited with status 1
> ----------------------------------------------------------------------- 
> -------
No clue.  I would look to make sure that you have a valid entry for  
_flowd in your /etc/passwd and that /var/empty exists.  It looks like  
it''s trying to privsep to the _flowd user and failing.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Jason Dixon wrote:
> On May 24, 2005, at 9:35 AM, Rozen wrote:
>
>> Thank you for this quick answer, but there is a new problem; I
don''t
>> understand what file does it want  when I do flowd in debugging mode ?
>>
>>
>> ---------------------terminal-----------------------------------------
>> rozen at 2727[rozen]# flowd -d
>>
>> read_config: entering
>> child_get_config: entering
>> recv_config: entering fd = 3
>> recv_config: ready to receive config
>> send_config: entering fd = 4
>> send_config: done
>> child_get_config: child config done
>> Listener for [127.0.0.1]:12345 fd = 3
>> privsep_init: entering
>> chdir(no): No such file or directory
>> privsep_master: child exited
>> child exited with status 1
>> -----------------------------------------------------------------------
>> -------
>
>
> No clue.  I would look to make sure that you have a valid entry for  
> _flowd in your /etc/passwd and that /var/empty exists.  It looks like  
> it''s trying to privsep to the _flowd user and failing.
>
> -- 
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net
>
>
>
>
So, It can be that I have not well created my _flowd user;
In my /etc/passwd, the _flowd entry is :   

_flowd:*:1010:1010:User &:no:/usr/sbin/nologin

and /var/empty exists.
What parameters for _flowd in adduser ?

On May 24, 2005, at 10:04 AM, Rozen wrote:
> So, It can be that I have not well created my _flowd user;
> In my /etc/passwd, the _flowd entry is :
> _flowd:*:1010:1010:User &:no:/usr/sbin/nologin
>
> and /var/empty exists.
> What parameters for _flowd in adduser ?
# grep flow /etc/passwd
_flowd:*:77:77:flowd privsep:/var/empty:/sbin/nologin

# ls -l /var/ | grep empty
drwxr-xr-x  3 root    wheel      512 Mar 29  2004 empty


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Jason Dixon wrote:
> On May 24, 2005, at 10:04 AM, Rozen wrote:
>
>> So, It can be that I have not well created my _flowd user;
>> In my /etc/passwd, the _flowd entry is :
>> _flowd:*:1010:1010:User &:no:/usr/sbin/nologin
>>
>> and /var/empty exists.
>> What parameters for _flowd in adduser ?
>
>
> # grep flow /etc/passwd
> _flowd:*:77:77:flowd privsep:/var/empty:/sbin/nologin
>
> # ls -l /var/ | grep empty
> drwxr-xr-x  3 root    wheel      512 Mar 29  2004 empty
>
>
> -- 
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net
>
>
>
I''ve set up as you my user, and my directory... and it doesn''t
work !!
I  have theses messages:

----------------terminal-----------------------------------------
rozen at 2727[rozen]# flowd -d
read_config: entering
child_get_config: entering
recv_config: entering fd = 3
recv_config: ready to receive config
send_config: entering fd = 4
send_config: done
child_get_config: child config done
Listener for [127.0.0.1]:12345 fd = 3
Listener for [::1]:12345 fd = 4
privsep_init: entering
init_pfd: entering (num_fds = 0)
init_pfd: done (num_fds = 3)
client_open_log: entering
answer_open_log: entering
answer_open_log: open: Is a directory
rozen at 2727[rozen]# receive_fd: recvmsg: expected received 1 got 0

-----------------------------------------------------------------------

On May 24, 2005, at 10:24 AM, Rozen wrote:
> I''ve set up as you my user, and my directory... and it
doesn''t work !!
>   I  have theses messages:
>
> ----------------terminal-----------------------------------------
> rozen at 2727[rozen]# flowd -d
> read_config: entering
> child_get_config: entering
> recv_config: entering fd = 3
> recv_config: ready to receive config
> send_config: entering fd = 4
> send_config: done
> child_get_config: child config done
> Listener for [127.0.0.1]:12345 fd = 3
> Listener for [::1]:12345 fd = 4
> privsep_init: entering
> init_pfd: entering (num_fds = 0)
> init_pfd: done (num_fds = 3)
> client_open_log: entering
> answer_open_log: entering
> answer_open_log: open: Is a directory
> rozen at 2727[rozen]# receive_fd: recvmsg: expected received 1 got 0
>
> -----------------------------------------------------------------------
No clue, sorry.  Perhaps you should try backing out the install and 
this time just do a "make install" instead of whatever you tried. 
Good
luck.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Is there anyone who has installed flowd on FreeBSD 5.4 ? How ?

Thank you for answer

Rozen wrote:
> ----------------terminal-----------------------------------------
> rozen at 2727[rozen]# flowd -d
> read_config: entering
> child_get_config: entering
> recv_config: entering fd = 3
> recv_config: ready to receive config
> send_config: entering fd = 4
> send_config: done
> child_get_config: child config done
> Listener for [127.0.0.1]:12345 fd = 3
> Listener for [::1]:12345 fd = 4
> privsep_init: entering
> init_pfd: entering (num_fds = 0)
> init_pfd: done (num_fds = 3)
> client_open_log: entering
> answer_open_log: entering
> answer_open_log: open: Is a directory
You have configured a directory instead of a file as the logfile in
flowd.conf.

I think I need to improve these error messages...

-d

Damien Miller wrote:
> Rozen wrote:
>
>> ----------------terminal-----------------------------------------
>> rozen at 2727[rozen]# flowd -d
>> read_config: entering
>> child_get_config: entering
>> recv_config: entering fd = 3
>> recv_config: ready to receive config
>> send_config: entering fd = 4
>> send_config: done
>> child_get_config: child config done
>> Listener for [127.0.0.1]:12345 fd = 3
>> Listener for [::1]:12345 fd = 4
>> privsep_init: entering
>> init_pfd: entering (num_fds = 0)
>> init_pfd: done (num_fds = 3)
>> client_open_log: entering
>> answer_open_log: entering
>> answer_open_log: open: Is a directory
>
>
> You have configured a directory instead of a file as the logfile in
> flowd.conf.
>
> I think I need to improve these error messages...
>
> -d
>
>
Thank you very much, all work well !!!
A simple question : When pfflowd and flowd are running on the same 
machine which is a PF firewall with NAT and Authpf, can we see who is 
connected or the ip address before NAT ? Because I haven''t seen any 
address type of my intern network...