netflow tools - May 2007 - Busted Perl interface

Hi All,

I''m having problems with the Flowd Perl interface.  It looks like the
object returned from read_flow() contains no data for "recv_sec" and
iso_time() is choking on this:

% ./flowinsert.pl /var/log/flowd
missing argument at
/usr/local/libdata/perl5/site_perl/amd64-openbsd/Flowd.pm line 88
        Flowd::iso_time(''undef'') called at ./flowinsert.pl
line 51

Anybody have any clues?

thanks,

Chris

On Mon, 14 May 2007, Christopher Snell wrote:
> Hi All,
> 
> I''m having problems with the Flowd Perl interface.  It looks like
the
> object returned from read_flow() contains no data for "recv_sec"
and
> iso_time() is choking on this:
> 
> % ./flowinsert.pl /var/log/flowd
> missing argument at
> /usr/local/libdata/perl5/site_perl/amd64-openbsd/Flowd.pm line 88
>         Flowd::iso_time(''undef'') called at
./flowinsert.pl line 51
> 
> Anybody have any clues?
Are you storing RECV_TIME in your flow log? If not then you will need to
modify the schema and flowinsert.pl.

-d

We''re configured to store everything:

store ALL

...right?


thanks,

Chris

On 5/14/07, Damien Miller <djm at mindrot.org>
wrote:
> On Mon, 14 May 2007, Christopher Snell wrote:
>
> > Hi All,
> >
> > I''m having problems with the Flowd Perl interface.  It looks
like the
> > object returned from read_flow() contains no data for
"recv_sec" and
> > iso_time() is choking on this:
> >
> > % ./flowinsert.pl /var/log/flowd
> > missing argument at
> > /usr/local/libdata/perl5/site_perl/amd64-openbsd/Flowd.pm line 88
> >         Flowd::iso_time(''undef'') called at
./flowinsert.pl line 51
> >
> > Anybody have any clues?
>
> Are you storing RECV_TIME in your flow log? If not then you will need to
> modify the schema and flowinsert.pl.
>
> -d
>

On Mon, 14 May 2007, Christopher Snell wrote:
> We''re configured to store everything:
> 
> store ALL
> 
> ...right?
oh, it looks like a bug in flowinsert.pl. Please try this patch:

Index: flowinsert.pl
==================================================================RCS file:
/var/cvs/flowd/tools/flowinsert.pl,v
retrieving revision 1.2
diff -u -p -r1.2 flowinsert.pl
--- flowinsert.pl	31 Oct 2004 06:42:57 -0000	1.2
+++ flowinsert.pl	14 May 2007 23:47:16 -0000
@@ -53,7 +53,7 @@ for (my $i = 0; $i < scalar(@ARGV); $i++
 		    " src_port, dst_port, octets, packets, protocol) VALUES ".
 		    "(%u, %s, %s, %s, %s, %u, %u, %u, %u, %u)" ,
 		    $tag, 
-		    $db->quote(Flowd::iso_time($flow->{recv_secs})),
+		    $db->quote(Flowd::iso_time($flow->{recv_sec})),
 		    $db->quote($flow->{agent_addr}), 
 		    $db->quote($flow->{src_addr}), 
 		    $db->quote($flow->{dst_addr}),