DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 31st August 2009
schrodinger's Avatar
schrodinger schrodinger is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Ireland
Posts: 69
Thanked 2 Times in 2 Posts
Default Weird time issues

Hey folks,

I have a weird problem with OpenBSD 4.5 running on my soekris box.

The time on my box is NTP sync from my primary firewall, which ntp syncs from ie.pool.ntp.org, and both are as expected quite accurate. I also have my timezone set correctly.

Code:
$ ls -l /etc/localtime 
lrwxr-xr-x  1 root  wheel  33 Mar 21 18:30 /etc/localtime -> /usr/share/zoneinfo/Europe/Dublin
However I am having a problem with the "time". The two places I am seeing the issue is with nfdump for Netflow processing from my main firewall and Nagios running on this soekris.

When logged into Nagios the time of the checks is always an hour behind what I expect. It is 09:44 here in Dublin and my Nagios reports it was last updated at 08:44.

Also when processing my netflow files the date is messed up.

I am using nfsen for graphing and easy selection of time periods and the following sample output is for the time perdiod:

start 2009-08-31-04-45
end 2009-08-31-05-50

Quote:
$ nfdump -M /var/www/profiles-data/live/defiant -T -R 2009/35/1/04/nfcapd.200908310445:2009/35/1/05/nfcapd.200908310550 -o extended -c 100
Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows
2009-09-14 18:41:57.649 18.000 ICMP 10.51.2.130:0 -> 192.168.1.1:64.74 ...... 0 5 420 0 186 84 1
2009-09-14 18:41:57.649 18.000 ICMP 192.168.1.1:0 -> 10.51.2.130:64.74 ...... 0 5 420 0 186 84 1
2009-09-14 18:41:57.649 19.000 ICMP 79.97.171.175:0 -> 192.168.1.1:145.211 ...... 0 5 420 0 176 84 1
2009-09-14 18:41:57.649 19.000 ICMP 192.168.1.1:0 -> 79.97.171.175:145.211 ...... 0 5 420 0 176 84 1
[...]
Summary: total flows: 100, total bytes: 53719, total packets: 314, avg bps: 3551, avg pps: 2, avg bpp: 171
Time window: 2009-09-14 18:41:45 - 2009-09-14 18:47:02
Total flows processed: 325, Records skipped: 0, Bytes read: 16912
Sys: 0.109s flows/second: 2971.5 Wall: 0.086s flows/second: 3745.7
The 14th of September? Why or how is this happening? I can't find anything that would be causing this. Nfdump has no configuration it simply reads in Netflow files and dumps the data. Nfsen is setup as the collector and lays the files out under the OpenBSD chrooted webroot as:

/var/www/profiles-data/live/defiant/year/week_of_year/day_of_week/hour

Defiant being the hostname of my primary firewall (I have a bit of a Starfleet ships naming convention going on )

I'd appreciate any help or insight people may have.
__________________
It was a new day yesterday, but it's an old day now.
Reply With Quote
  #2   (View Single Post)  
Old 31st August 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,612
Thanked 214 Times in 189 Posts
Default

re: Nagios timezone setting, see this thread: http://www.mail-archive.com/nagios-u.../msg09072.html

re: nfsen -- it has not been added to the ports tree, so you are on your own with it. The nfdump component was ported, in early 2008, but was not added to the tree due to lack of testing. If you are interested, you can obtain it here:
http://marc.info/?l=openbsd-ports&m=120554061827759&w=2
Reply With Quote
  #3   (View Single Post)  
Old 1st September 2009
schrodinger's Avatar
schrodinger schrodinger is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Ireland
Posts: 69
Thanked 2 Times in 2 Posts
Default

Thanks jggimi I had already gone through the mailing list and read that thread. I have added localtime (/usr/share/zoneinfo/Europe/Dublin) to /var/www/etc/localtime and tested using :

Code:
$ cp /bin/date /var/www/bin
$ chroot /var/www /bin/date
It reported the date fine and in IST. It's starting to really really annoy me now :S

I'll try speaking with the maintainer of nfdump to see if they have had any similar issues.
__________________
It was a new day yesterday, but it's an old day now.
Reply With Quote
  #4   (View Single Post)  
Old 1st September 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,612
Thanked 214 Times in 189 Posts
Default

According to that thread, when I read it, the timezone files don't work w/Nagios; one must set the TZ environment variable in the nagios environment manually, e.g.:

http://www.mail-archive.com/nagios-u.../msg09103.html
Reply With Quote
  #5   (View Single Post)  
Old 1st September 2009
schrodinger's Avatar
schrodinger schrodinger is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Ireland
Posts: 69
Thanked 2 Times in 2 Posts
Default

Hmm I've tried that too, perhaps I have it set incorrectly. I was following the documentation and set the TZ in httpd.conf and nagios.cfg.

http://nagios.sourceforge.net/docs/3...l#use_timezone

I assume Europe/Dublin was correct but I will check it out.
__________________
It was a new day yesterday, but it's an old day now.
Reply With Quote
  #6   (View Single Post)  
Old 1st September 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,612
Thanked 214 Times in 189 Posts
Default

Sorry, I'm not a Nagios user; you may want to post to ports@ or send a note to sturm@ -- Nikolay is the maintainer.
Reply With Quote
  #7   (View Single Post)  
Old 1st September 2009
schrodinger's Avatar
schrodinger schrodinger is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Ireland
Posts: 69
Thanked 2 Times in 2 Posts
Default

I'll make sure I have the timezone set correctly before I do. Thanks though jggimi.
__________________
It was a new day yesterday, but it's an old day now.
Reply With Quote
  #8   (View Single Post)  
Old 26th October 2009
schrodinger's Avatar
schrodinger schrodinger is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Ireland
Posts: 69
Thanked 2 Times in 2 Posts
Default

Sorry to drag up the semi-dead but I'm having time issues with Netflow with the supported OpenBSD flowt-tools package.

The "capture start" and "capture end" times in the netflow header are fine. However the actual StartTime and EndTime in the output seems to be _way_ off...... or perhaps I am reading it wrong.

Code:
root@magellan # flow-cat -p * | flow-print -l -f 1 -p -w | head -n 40 
#
# mode:                 streaming
# capture start:        Mon Oct 26 14:10:43 2009
# capture end:          Mon Oct 26 15:15:00 2009
# capture period:       3857 seconds
# compress:             off
# byte order:           little
# stream version:       3
# export version:       5
# lost flows:           0
# corrupt packets:      0
# capture flows:        2797
#
Sif  SrcIPaddress     DIf  DstIPaddress      Pr SrcP DstP  Pkts  Octets
 StartTime          EndTime             Active   B/Pk Ts Fl

0000 89.100.77.184    0000 89.101.160.5      11 2914 35    1          73        
 1106.01:37:52.721  1106.01:38:30.721     38.000 73  00 00

0000 89.101.160.5     0000 89.100.77.184     11 35   2914  1          89        
 1106.01:37:52.721  1106.01:38:30.721     38.000 89  00 00

0000 10.51.3.35       0000 199.7.59.72       06 e8b5 50    5          853       
 1106.01:37:52.721  1106.01:38:30.721     38.000 170 00 00

0000 199.7.59.72      0000 10.51.3.35        06 50   e8b5  5          1682      
 1106.01:37:52.721  1106.01:38:30.721     38.000 336 00 00

0000 89.100.77.184    0000 199.7.59.72       06 faf1 50    5          853       
 1106.01:37:52.721  1106.01:38:30.721     38.000 170 00 00

0000 199.7.59.72      0000 89.100.77.184     06 50   faf1  5          1682      
 1106.01:37:52.721  1106.01:38:30.721     38.000 336 00 00

0000 10.51.3.35       0000 74.125.39.103     06 a4f1 1bb   15         2192      
 1106.01:37:53.721  1106.01:38:31.721     38.000 146 00 00

0000 74.125.39.103    0000 10.51.3.35        06 1bb  a4f1  17         14682     
 1106.01:37:53.721  1106.01:38:31.721     38.000 863 00 00
Code:
root@magellan # pkg_info | grep flow                                                                                      
flow-tools-0.68p0   cisco NetFlow utilities
flowd-0.9.1         NetFlow collector
p5-flowd-0.9.1      Perl API to flowd binary logfiles
root@magellan # ps -awux | grep flow
root     19939  0.0  1.2  1544  1528 ??  Ss     2:10PM    0:00.63 flow-capture -w /var/spool/netflow -N 0 0/0/12345
root     27843  0.0  0.6   280   792 p2  S+     3:14PM    0:00.02 grep flow
root@magellan # ls /var/spool/netflow/                                                                                    
ft-v05.2009-10-26.141043+0000  ft-v05.2009-10-26.143001+0000  tmp-v05.2009-10-26.150001+0000
ft-v05.2009-10-26.141501+0000  ft-v05.2009-10-26.144501+0000
root@magellan # flow-cat -p * | flow-print -l -f 1 -p -w | less                                                           
root@magellan # pwd
/var/spool/netflow
root@magellan #
The netflow data is being exported from my primary firewall, defiant.

Code:
root@defiant # fgrep pflow /etc/pf.defiant                                                                                
set state-defaults pflow
root@defiant # ifconfig pflow0                                                                                            
pflow0: flags=41<UP,RUNNING> mtu 1492
        priority: 0
        pflow: sender: 10.51.2.129 receiver: 10.51.2.130:12345
        groups: pflow
root@defiant # pfctl -ss -vv | grep pflow 
   age 425:31:50, expires in 03:28:40, 17622:19975 pkts, 963961:3156789 bytes, pflow
   age 191:05:23, expires in 04:23:49, 17754:19187 pkts, 1331997:2717397 bytes, pflow
   age 67:52:19, expires in 04:59:32, 8475:5515 pkts, 714935:665149 bytes, rule 108, pflow
   age 67:52:19, expires in 04:59:32, 8475:5515 pkts, 714935:665149 bytes, rule 46, pflow
   age 67:52:19, expires in 00:00:38, 21784:15014 pkts, 2440747:2606829 bytes, rule 41, pflow
   age 67:51:50, expires in 04:59:38, 10607:6699 pkts, 1010806:1235487 bytes, rule 108, pflow
   age 67:51:50, expires in 04:59:38, 10607:6699 pkts, 1010806:1235487 bytes, rule 46, pflow
   age 21:16:05, expires in 03:28:39, 13831:13812 pkts, 736397:2481648 bytes, rule 101, pflow
   age 21:16:05, expires in 03:28:39, 13831:13812 pkts, 736397:2481648 bytes, rule 70, pflow
   age 02:25:17, expires in 02:55:01, 183:362 pkts, 10845:41603 bytes, rule 103, pflow
   age 02:25:17, expires in 02:55:01, 183:362 pkts, 10845:41603 bytes, rule 43, pflow
   age 02:25:12, expires in 04:59:48, 395:379 pkts, 19469:30832 bytes, rule 103, pflow
   age 02:25:12, expires in 04:59:48, 395:379 pkts, 19469:30832 bytes, rule 43, pflow
   age 02:25:11, expires in 04:57:53, 42:38 pkts, 2116:3748 bytes, rule 103, pflow
   age 02:25:11, expires in 04:57:53, 42:38 pkts, 2116:3748 bytes, rule 43, pflow
   age 02:02:26, expires in 03:55:12, 342:456 pkts, 18930:62673 bytes, rule 103, pflow
   age 02:02:26, expires in 03:55:12, 342:456 pkts, 18930:62673 bytes, rule 43, pflow
   age 01:02:44, expires in 04:56:16, 366:455 pkts, 20424:53851 bytes, rule 103, pflow
   age 01:02:44, expires in 04:56:16, 366:455 pkts, 20424:53851 bytes, rule 43, pflow
   age 00:04:48, expires in 04:55:13, 10:8 pkts, 859:1416 bytes, rule 103, pflow
   age 00:04:48, expires in 04:55:13, 10:8 pkts, 859:1416 bytes, rule 43, pflow
   age 00:02:11, expires in 00:00:02, 5:0 pkts, 3284:0 bytes, rule 84, pflow
   age 00:02:10, expires in 05:00:00, 451:316 pkts, 33628:45625 bytes, rule 103, pflow
   age 00:01:33, expires in 04:59:16, 176:354 pkts, 9932:40696 bytes, rule 103, pflow
   age 00:01:33, expires in 04:59:16, 176:354 pkts, 9932:40696 bytes, rule 43, pflow
   age 00:01:23, expires in 04:59:19, 18:15 pkts, 1966:6317 bytes, rule 103, pflow
   age 00:01:23, expires in 04:59:19, 18:15 pkts, 1966:6317 bytes, rule 43, pflow
   age 00:00:23, expires in 00:00:00, 1:0 pkts, 64:0 bytes, rule 48, pflow
   age 00:00:23, expires in 00:00:00, 1:0 pkts, 64:0 bytes, rule 48, pflow
   age 00:00:12, expires in 00:00:48, 1:0 pkts, 114:0 bytes, rule 44, pflow
   age 00:00:10, expires in 00:00:20, 1:1 pkts, 76:76 bytes, rule 104, pflow
   age 00:00:07, expires in 00:00:23, 1:1 pkts, 59:203 bytes, rule 103, pflow
   age 00:00:07, expires in 00:00:23, 1:1 pkts, 73:169 bytes, rule 44, pflow
   age 00:00:07, expires in 00:00:23, 10:8 pkts, 2122:3882 bytes, rule 103, pflow
   age 00:00:07, expires in 00:00:23, 10:8 pkts, 2122:3882 bytes, rule 43, pflow
   age 00:00:07, expires in 00:00:23, 1:1 pkts, 64:194 bytes, rule 103, pflow
   age 00:00:07, expires in 00:00:23, 1:1 pkts, 77:173 bytes, rule 44, pflow
   age 00:00:07, expires in 00:00:23, 6:4 pkts, 1088:362 bytes, rule 103, pflow
   age 00:00:07, expires in 00:00:23, 6:4 pkts, 1088:362 bytes, rule 43, pflow
defiant:
Code:
OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA C7-D Processor 1500MHz ("CentaurHauls" 686-class) 1.50 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,xTPR
real mem  = 1006137344 (959MB)
avail mem = 964476928 (919MB)
magellan:
Code:
OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
real mem  = 133787648 (127MB)
avail mem = 121090048 (115MB)
__________________
It was a new day yesterday, but it's an old day now.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Searching and replacing weird patterns on a file. bigb89 Programming 8 6th December 2008 06:59 PM
squid cachemgr.cgi output weird chavez243 FreeBSD Ports and Packages 3 25th October 2008 02:58 PM
Weird network problem rex FreeBSD General 5 16th September 2008 02:05 AM
Weird NAT issues EvanED FreeBSD General 3 11th July 2008 11:02 PM
weird history problem mmusang FreeBSD General 2 17th May 2008 07:07 PM


All times are GMT. The time now is 11:23 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick