[flow-tools] flow-nfilter error ?

Eric Rousse erousse@versus.com
Tue, 28 Oct 2003 13:04:18 -0500 

Hi,

I've started having problem recently with my flow-merge operation with
few other commands like flow-nfilter.
(/usr/bin/flow-merge * | /usr/bin/flow-nfilter
-f/usr/local/scripts/nfilter.cfg -Fsource | /usr/bin/flow-nfilter
-f/usr/local/scripts/nfilter.cfg -Fdestination | /usr/bin/flow-stat -f11
> /export/netflows/flow-stat/test.log)

When doing this command I'm in a directory of flow data for the last
day.


When I run that command it takes for ever and take up all the memory and
doesn't seems to progress. But I'm still
unsure about that.=20

I've also found that when doing a strace on flow-nfilter I get an error
and I'm thinking if its maybe
that error that is giving me problem. This is the error from a strace of
flow-nfilter:

...
open("/var/ft/sym/tag.sym", O_RDONLY)   =3D 3
fstat64(3, {st_mode=3DS_IFREG|0644, st_size=3D6760, ...}) =3D 0
brk(0x8121000)                          =3D 0x8121000
read(3, "#\n# tag format\n#\n# 0       7    "..., 6760) =3D 6760
brk(0x8126000)                          =3D 0x8126000
close(3)                                =3D 0
open("/var/ft/cfg/filter.cfg", O_RDONLY) =3D 3
fstat64(3, {st_mode=3DS_IFREG|0644, st_size=3D2917, ...}) =3D 0
read(3, "\nfilter-definition default\n  mat"..., 2917) =3D 2917
brk(0x8137000)                          =3D 0x8137000
brk(0x8148000)                          =3D 0x8148000
brk(0x8159000)                          =3D 0x8159000
brk(0x816a000)                          =3D 0x816a000
brk(0x816f000)                          =3D 0x816f000
write(2, "flow-nfilter: /var/ft/cfg/filter"..., 78flow-nfilter:
/var/ft/cfg/filter.cfg line 98: symbol lookup for "OSU" failed.
) =3D 78
close(3)                                =3D 0
munmap(0x4017f000, 856064)              =3D 0
write(2, "flow-nfilter: ftfil_load(): fail"..., 35flow-nfilter:
ftfil_load(): failed
) =3D 35
_exit(1)                                =3D ?


Is that something normally from what I see it has probably done this
since the beginning we've started to
use flow-tools. Because basically the file /var/ft/cfg/filter.cfg hasn't
been updated since the installation.
Don't know if the original guy did some modification to the file, but I
guess he did. Also flow-nfilter
seems to crash, but all my other process stays up but seems to be stuck.

So anyone seen this before ? Any solution ? Or is it possible that my
problem is somewhere else ?

Thanks!