请高人解答netflow的问题，flowscan老是有问题

tommyli

我使用flow-capture采集路由器的信息，生成类似ft-v05.2007-03-01.164816+0800的文件，然后用flowscan和CUFlow进行处理生成rrd文件，但是发现flowscan的日志老是有问题，我的系统是Solaris8,谢谢

2007/03/01 19:57:14 working on file /export/home/ligj/netflow/ft/ft-v05.2007-03-01.164816+0800...
2007/03/01 19:57:14 flowscan-1.020 CUFlow: Cflow::find took  0 wallclock secs ( 0.01 usr +  0.00 sys =  0.01 CPU) for 446 flow file
bytes, flow hit ratio: 4/16
2007/03/01 19:57:14 flowscan-1.020 CUFlow: report took  0 wallclock secs ( 0.00 usr  0.01 sys +  0.02 cusr  0.01 csys =  0.04 CPU)
2007/03/01 19:57:14 working on file /export/home/ligj/netflow/ft/ft-v05.2007-03-01.165002+0800...
2007/03/01 19:57:14 flowscan-1.020 CUFlow: Cflow::find took  0 wallclock secs ( 0.02 usr +  0.00 sys =  0.02 CPU) for 995 flow file
bytes, flow hit ratio: 1/53
2007/03/01 19:57:14 flowscan-1.020 CUFlow: report took  0 wallclock secs ( 0.00 usr  0.01 sys +  0.02 cusr  0.02 csys =  0.05 CPU)
2007/03/01 19:57:14 working on file /export/home/ligj/netflow/ft/ft-v05.2007-03-01.165501+0800...
ERROR updating /export/home/ligj/netflow/rrds/router_155/as_Genuity.rrd: illegal attempt to update using time 1172738896 when last u
pdate time is 1172739002 (minimum one second step)
2007/03/01 19:57:14 flowscan-1.020 CUFlow: Cflow::find took  0 wallclock secs ( 0.01 usr +  0.01 sys =  0.02 CPU) for 1054 flow file
bytes, flow hit ratio: 7/54
ERROR updating /export/home/ligj/netflow/rrds/tos_normal.rrd: '/export/home/ligj/netflow/rrds/tos_normal.rrd' is not an RRD file
2007/03/01 19:57:15 flowscan-1.020 CUFlow: report took  1 wallclock secs ( 0.00 usr  0.01 sys +  0.01 cusr  0.03 csys =  0.05 CPU)
ERROR updating /export/home/ligj/netflow/rrds/router_155/tos_normal.rrd: illegal attempt to update using time 1172738896 when last u
pdate time is 1172739002 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/tos_other.rrd: '/export/home/ligj/netflow/rrds/tos_other.rrd' is not an RRD file
2007/03/01 19:57:15 working on file /export/home/ligj/netflow/ft/ft-v05.2007-03-01.170001+0800...
2007/03/01 19:57:15 flowscan-1.020 CUFlow: Cflow::find took  0 wallclock secs ( 0.02 usr +  0.00 sys =  0.02 CPU) for 1164 flow file
bytes, flow hit ratio: 3/64
2007/03/01 19:57:15 flowscan-1.020 CUFlow: report took  0 wallclock secs ( 0.00 usr  0.01 sys +  0.01 cusr  0.02 csys =  0.04 CPU)
ERROR updating /export/home/ligj/netflow/rrds/tos_other.rrd: '/export/home/ligj/netflow/rrds/tos_other.rrd' is not an RRD file
ERROR updating /export/home/ligj/netflow/rrds/router_155/tos_other.rrd: illegal attempt to update using time 1172738896 when last up
date time is 1172739601 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/protocol_tcp.rrd: illegal attempt to update using time 1172738896 when last update tim
e is 1172739601 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/router_155/protocol_tcp.rrd: '/export/home/ligj/netflow/rrds/router_155/protocol_tcp.r
rd' is not an RRD file
ERROR updating /export/home/ligj/netflow/rrds/router_155/tos_other.rrd: illegal attempt to update using time 1172739002 when last up
date time is 1172739601 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/protocol_tcp.rrd: illegal attempt to update using time 1172739002 when last update tim
e is 1172739601 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/router_155/protocol_tcp.rrd: '/export/home/ligj/netflow/rrds/router_155/protocol_tcp.r
rd' is not an RRD file
ERROR updating /export/home/ligj/netflow/rrds/router_155/protocol_tcp.rrd: illegal attempt to update using time 1172739301 when last
update time is 1172739601 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/protocol_esp.rrd: '/export/home/ligj/netflow/rrds/protocol_esp.rrd' is not an RRD file
ERROR updating /export/home/ligj/netflow/rrds/protocol_esp.rrd: '/export/home/ligj/netflow/rrds/protocol_esp.rrd' is not an RRD file
ERROR updating /export/home/ligj/netflow/rrds/router_155/protocol_esp.rrd: '/export/home/ligj/netflow/rrds/router_155/protocol_esp.r
rd' is not an RRD file
……………………………………………………………………
2007/03/01 19:57:16 flowscan-1.020 CUFlow: report took  0 wallclock secs ( 0.00 usr  0.00 sys +  0.01 cusr  0.03 csys =  0.04 CPU)
ERROR updating /export/home/ligj/netflow/rrds/protocol_icmp.rrd: '/export/home/ligj/netflow/rrds/protocol_icmp.rrd' is not an RRD fi
le
ERROR updating /export/home/ligj/netflow/rrds/protocol_icmp.rrd: could not lock RRD
ERROR updating /export/home/ligj/netflow/rrds/router_155/protocol_icmp.rrd: illegal attempt to update using time 1172738896 when las
t update time is 1172739901 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/protocol_ipinip.rrd: illegal attempt to update using time 1172738896 when last update
time is 1172739901 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/router_155/protocol_ipinip.rrd: illegal attempt to update using time 1172738896 when l
ast update time is 1172739901 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/protocol_icmp.rrd: could not lock RRD
ERROR updating /export/home/ligj/netflow/rrds/protocol_eigrp.rrd: illegal attempt to update using time 1172738896 when last update t
ime is 1172739901 (minimum one second step)
ERROR updating /export/home/ligj/netflow/rrds/protocol_icmp.rrd: could not lock RRD
………………………………………………

tommyli

flowscan.cf配置如下：

# flowscan Configuration Directives ############################################

# FlowFileGlob (REQUIRED)
# use this glob (file pattern match) when looking for raw flow files to be
# processed, e.g.:
# FlowFileGlob /var/local/flows/flows.*:*[0-9]
FlowFileGlob /export/home/ligj/netflow/ft/ft-v05.*

# ReportClasses (REQUIRED)
# a comma-seperated list of FlowScan report classes, e.g.:
# ReportClasses CampusIO
# ReportClasses SubNetIO
ReportClasses CUFlow

# WaitSeconds (OPTIONAL)
# This should be <= the "-s" value passed on the command-line to cflowd, e.g.:
# WaitSeconds 300
WaitSeconds 30

# Verbose (OPTIONAL, non-zero = true)
Verbose 1

tommyli

CUFlow.cf配置如下：
These are the subnets in our network
# These are used only to determine whether a packet is inbound our
# outbound
Subnet 192.168.0.0/24

# These are networks we are particularly interested in, and want to
# get separate rrd's for their aggregate traffic
Network 192.168.0.206 ligj
Network 192.168.0.155 155

# Where to put the rrd's
# Make sure this is the same as $rrddir in CUGrapher.pl
OutputDir /export/home/ligj/netflow/rrds

# Track multicast traffic
Multicast

# Keep top N lists
# Show the top ten talkers, storing reports in /cflow/flows/reports
# and keeping the current report in /etc/httpd/data/reports/topten.html
Scoreboard 10 /export/home/ligj/netflow/scoreboard /usr/local/apache2/htdocs/topten.html

# Same, but build an over-time average top N list
AggregateScore 10 /export/home/ligj/netflow/rrds/agg.dat /usr/local/apache2/htdocs/overall.html

# Our two netflow exporters. Produce service and protocol reports for the
# total, and each of these.
Router 192.168.0.155 router_155

# Services we are interested in
Service 20-21/tcp ftp
Service 22/tcp ssh
Service 23/tcp telnet
Service 25/tcp smtp
Service 53/udp,53/tcp dns
Service 80/tcp http
Service 110/tcp pop3
Service 119/tcp nntp
Service 143/tcp imap
Service 412/tcp,412/udp dc
Service 443/tcp https
Service 1214/tcp kazaa
Service 4661-4662/tcp,4665/udp edonkey
Service 5190/tcp aim
Service 6346-6347/tcp gnutella
Service 6665-6669/tcp irc
Service 54320/tcp bo2k
Service 7070/tcp,554/tcp,6970-7170/udp real

# protocols we are interested in
Protocol 1 icmp
Protocol 4 ipinip
Protocol 6 tcp
Protocol 17 udp
Protocol 47 gre
Protocol 50 esp
Protocol 51 ah
Protocol 57 skip
Protocol 88 eigrp
Protocol 169
Protocol 255

# ToS bit percentages to graph
TOS 0 normal
TOS 1-255 other

# Interested in traffic to/from AS 1
ASNumber 1 Genuity