Amir писал(а):
Включите режим TRACE (вместо INFO или DEBUG) в log4j-accounting.xml и посмотрите, что пишет, когда приходит Netflow.
Вложение:
nf.PNG [ 2.58 КБ | Просмотров: 11732 ]
уот сессия
Начало 15:10:52 конец 15:11:29
за это время качал файл 18мб (на скрине 0.017 - ед измерения Мб)
логи коллектора в этот промежуток времени:
Код:
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Processing Flow 1:95.142.205.111:443 / 0:46.45.48.94:60947 7402 ToS/DiffServ: 0 nextHop: 0.0.0.0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 1
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Processing Flow 1:95.142.205.111:443 / 0:46.45.48.94:60948 7402 ToS/DiffServ: 0 nextHop: 0.0.0.0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 1
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Processing Flow 1:95.213.4.212:443 / 0:46.45.48.94:60949 5829 ToS/DiffServ: 0 nextHop: 0.0.0.0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 1
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Processing Flow 1:95.213.11.217:443 / 0:46.45.48.94:60950 5858 ToS/DiffServ: 0 nextHop: 0.0.0.0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 1
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Not found iface = 0
05-26/15:10:56 TRACE [flow-p-10-t-10] FlowListenerWorker - Session not found on default iface
а вот дальше интереснее
Код:
05-26/15:11:37 INFO [flow-p-10-t-51] InetConnectionRuntime - Session 78 is closed. Halt split.
05-26/15:11:37 TRACE [flow-p-10-t-51] FlowAgentInterface - Found trafficType 3
05-26/15:11:37 TRACE [flow-p-10-t-51] connection - 76:78 Add traffic 3=672
05-26/15:11:37 TRACE [flow-p-10-t-51] FlowListenerWorker - Processing Flow 1:149.154.167.57:443 / 0:46.45.48.94:60951 937 ToS/DiffServ: 0 nextHop: 0.0.0.0
05-26/15:11:37 TRACE [flow-p-10-t-51] FlowListenerWorker - Not found iface = 1
05-26/15:11:37 TRACE [flow-p-10-t-51] FlowListenerWorker - Session not found on default iface
05-26/15:11:37 TRACE [flow-p-10-t-51] FlowListenerWorker - Not found iface = 0
05-26/15:11:37 TRACE [flow-p-10-t-51] FlowAgentInterface - Found session 78 for direction: 2
05-26/15:11:37 INFO [flow-p-10-t-51] InetConnectionRuntime - Session 78 is closed. Halt split.
05-26/15:11:37 TRACE [flow-p-10-t-51] FlowAgentInterface - Found trafficType 3
05-26/15:11:37 TRACE [flow-p-10-t-51] connection - 76:78 Add traffic 3=937
76:78 - это ConnID:SessID нужной сессии со скрина
сессия попадает в промежуток с 15 до 16 - если в этот же промежуток времени сделать обработку логов - ничего не найдет
но если обработку запустить после 16 - то трафик найдется