Solved: flow-tools+flowscan on Debian/Ubuntu
Sven Ingebrigt Ulland
SvenI.Ulland at iu.hio.no
Thu Mar 16 11:54:00 CST 2006
In short: apt-get install flow-tools-dev
I finally managed to solve the problem with flowscan not recognizing
the ft-v05.* flow-capture format. Of course I tried recompiling the
Cflow.pm module from the contrib directory etc, but I missed one
thing. First, let's clarify the problem so that others can identify if
it applies to them:
Running flowscan on files collected by flow-tools (flow-capture),
gives an error along the lines of (lines broken by me):
/var/flow/soekris/ft-v05.2006-03-08.162501+0100: \
Invalid index in cflowd flow file: \
0xCF100103! Version 5 flow-export is required \
with *all* fields being saved.
This is Ubuntu Breezy with the following packages:
ii flow-tools 0.68-2
ii flowscan 1.006-6
ii libcflow-perl 0.68-2
I tried the normal procedure for upgrading the Cflow.pm module:
# apt-get source flow-tools
# cd flow-tools-0.67/contrib
# tar zxvf Cflow-1.051.tar.gz
# cd Cflow-1.051
# perl Makefile.PL
# make && make install
... but to no avail. Then I read the article found at
http://www.onlamp.com/pub/a/bsd/2005/08/18/Big_Scary_Daemons.html?page=4
which hinted that I need the libft.a library. This is available in the
package 'flow-tools-dev' .. which nobody told me about :^) I installed
it, and the 'perl Makefile.PL' output was different:
$ perl Makefile.PL
Found flow-tools... using "-DOSU -I../../lib -I../../lib/.. -L../../lib -lft -lz".
Warning: -L../../lib changed to -L/home/sven/flow-tools-0.68/contrib/Cflow-1.051/../../lib
Writing Makefile for Cflow
Before, it had just said something about 'ready to go' or similar. Now
flowscan is able to read the flow-tools files without problems.
sven
--
Help mailto:majordomo at net.doit.wisc.edu and say "help" in message body
Unsubscribe mailto:majordomo at net.doit.wisc.edu and say
"unsubscribe flowscan" in message body
Archive http://net.doit.wisc.edu/~plonka/list/flowscan/archive/
More information about the flowscan
mailing list