nfsen starts up but graphs are empty

[eosfor]

Hello

I'm trying to run nfdump/nfsen in a container on:

Linux raspberrypi 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux

Everything seems to start ok, i'm seeng new nfdump files in the folder, so it feels like it is able to get data from my router,

xxx@raspberrypi:~/repo/nfsen-docker $ tree data/profiles-data/
data/profiles-data/
└── live
    └── netflow
        ├── 2024
        │   └── 08
        │       ├── 21
        │       │   └── nfcapd.202408212325
        │       └── 22
        │           ├── nfcapd.202408220635
        │           ├── nfcapd.202408220655
        │           ├── nfcapd.202408220845
        │           └── nfcapd.202408220905
        └── nfcapd.current.14

6 directories, 6 files

this is what i see in the container log:

xxx@raspberrypi:~/repo/nfsen-docker $ sudo docker compose logs
WARN[0000] /home/vlad/repo/nfsen-docker/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
nfsen  | Check for required Perl modules: All modules found.
nfsen  | setlogsock(): type='unix': path not available at libexec/Log.pm line 50.
nfsen  | Setup NfSen:
nfsen  | Version: 1.3.11: install.pl 2022-12-19
nfsen  |
nfsen  | Perl to use: [/usr/bin/perl] Setup php and html files.
nfsen  | mkdir /opt/nfsen/www
nfsen  |
nfsen  | Copy NfSen dirs etc bin libexec plugins doc ...
nfsen  | Copy config file 'etc/nfsen-dist.conf'
nfsen  |
nfsen  | In directory: /opt/nfsen/libexec ...
nfsen  | Update script: AbuseWhois.pm
nfsen  | Update script: Log.pm
nfsen  | Update script: Lookup.pm
nfsen  | Update script: NfAlert.pm
nfsen  | Update script: Nfcomm.pm
nfsen  | Update script: NfConf.pm
nfsen  | Update script: NfProfile.pm
nfsen  | Update script: NfSen.pm
nfsen  | Update script: NfSenRC.pm
nfsen  | Update script: NfSenRRD.pm
nfsen  | Update script: NfSenSim.pm
nfsen  | Update script: Nfsources.pm
nfsen  | Update script: Nfsync.pm
nfsen  | Update script: Notification.pm
nfsen  | In directory: /opt/nfsen/bin ...
nfsen  | Update script: nfsen
nfsen  | Update script: nfsend
nfsen  | Update script: RebuildHierarchy.pl
nfsen  | Update script: testPlugin
nfsen  |
nfsen  | Cleanup old files ...
nfsen  |
nfsen  | Setup directories:
nfsen  |
nfsen  | Use UID/GID 33 33
nfsen  | Exists: /opt/nfsen/var
nfsen  | Creating: mkdir /opt/nfsen/var/tmp
nfsen  | /opt/nfsen/var/tmp
nfsen  | Creating: mkdir /opt/nfsen/var/run
nfsen  | /opt/nfsen/var/run
nfsen  | Exists: /opt/nfsen/var/filters
nfsen  | Exists: /opt/nfsen/var/fmt
nfsen  | Exists: /opt/data/profiles-stat
nfsen  | Exists: /opt/data/profiles-stat/live
nfsen  | Exists: /opt/data/profiles-data
nfsen  | Exists: /opt/data/profiles-data/live
nfsen  |
nfsen  | Profile live: spool directories:
nfsen  | Exists: netflow
nfsen  | Rename gif RRDfiles ... done.
nfsen  | RRD DB 'netflow.rrd' already exists!
nfsen  | Use existing profile info for profile 'live'
nfsen  |
nfsen  | Can not get semaphore:  at libexec/Nfsync.pm line 48.
nfsen  | setlogsock(): type='unix': path not available at /opt/nfsen/libexec/Log.pm line 50.
nfsen  | -l is a legacy option and may get removed in future. Please use -w to set output directory
nfsen  | Add flow source: ident: netflow, IP: any IP, flowdir: /opt/data/profiles-data/live/netflow
nfsen  | Starting nfcapd:(netflow)[16]
nfsen  | setlogsock(): type='unix': path not available at /opt/nfsen/libexec/Log.pm line 50.
nfsen  | Starting nfsend.

xxx@raspberrypi:~/repo/nfsen-docker $ sudo docker compose top
WARN[0000] /home/vlad/repo/nfsen-docker/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
nfsen
UID        PID     PPID    C    STIME   TTY   TIME       CMD
root       31989   31968   0    23:28   ?     00:00:00   bash /opt/app/run.sh
www-data   32082   31989   0    23:28   ?     00:00:01   /usr/bin/perl -w /opt/nfsen/bin/nfsend
www-data   32083   32082   0    23:28   ?     00:00:00   /opt/nfsen/bin/nfsend-comm
root       32085   31989   0    23:28   ?     00:00:00   php-fpm: master process (/etc/php/8.2/fpm/php-fpm.conf)
root       32089   31989   0    23:28   ?     00:00:00   nginx: master process /usr/sbin/nginx
www-data   32090   32089   0    23:28   ?     00:00:00   nginx: worker process
www-data   32091   32089   0    23:28   ?     00:00:00   nginx: worker process
www-data   32092   32089   0    23:28   ?     00:00:00   nginx: worker process
root       32093   31989   0    23:28   ?     00:00:00   sleep infinity
www-data   32094   32089   0    23:28   ?     00:00:00   nginx: worker process
www-data   32335   32085   0    23:29   ?     00:00:00   php-fpm: pool www
www-data   32374   32085   0    23:29   ?     00:00:00   php-fpm: pool www
www-data   32664   32085   0    23:29   ?     00:00:00   php-fpm: pool www

UI is also accessible, but it is empty:

How can i troubleshoot this?

[Takalele]

hi,

I am also currently working on building an NfSen container, but it’s not ready for sharing yet. Regarding your case, I see two potential issues:

1.) Can not get semaphore" at libexec/Nfsync.pm line 48 This occurs due to Docker build isolation, its not a problem during runtime (docker run).

2.) setlogsock(): type='unix': path not available at /opt/nfsen/libexec/Log.pm line 50 NfSen requires a syslog daemon, such as rsyslogd or syslog2stdout, to function.

[phaag]

Most of the time, the answer is, there is a firewall blocking the traffic.

[candlerb]

Run nfdump on the nfcapd.YYYYMMDDhhmm files. If they show nothing, then that's why nfsen shows nothing. (Also check the size of the files with ls -l, ones with no flows will be very small)

Run tcpdump inside the container to check if flow data is arriving. Check the port number matches the %sources definition in nfsen.conf.

Your docker compose top doesn't show any nfcapd process, possibly due to truncated output; try running ps inside the container to see what flags it's running with, which again will tell you what port it's listening on.