Hi Martin, According to the listing, you are using the ASA/NEL extension. This was specifically implemented for CISCO ASA devices. There is no guarantee, that it works with other exporters. There were changes in 1.6.12 to support the latest ASA devices. If you can provide me with a detailed document, which describes ipt_netflow, I can check, however, without any warranty.
- Peter On 03.06.14 13:51, Martin Šoltis wrote: > Hello, > > i try to configure nfdump, but there is probably a bug in the latest version. > > I'm using ipt_netflow 1.8.2 kernel module and nfcapd for packet capturing. > > So the problem is, that when i use nfdump to view NATted packets then it > looks > like this > > 2014-06-03 13:29:44.503 INVALID UDP 111.221.74.2:40027 -> > 10.0.10.22:44979 0.0.0.0:0 -> 0.0.0.0:0 > 1970-01-01 01:00:00.44979 IGNORE UDP 10.0.10.30:47334 -> > 216.239.32.10:53 178.1.1.65:47334 -> 216.239.2.10:53 > 1970-01-01 01:00:00.44979 IGNORE UDP 10.0.10.30:40560 -> > 216.239.32.10:53 178.1.1.65:40560 -> 216.239.2.10:53 > > so as you can see, time is ok only for packets without NAT. > > But this problem occurs only with nfcapd 1.6.12, because when i run nfdump on > older dump file, created with nfcapd 1.6.11 then time is ok, but there was > problem with ports in nfdump 1.6.11. > > Here is output of nfdump 1.6.12 with dump file from nfcapd 1.6.11. > > 2014-05-29 17:04:59.226 IGNORE UDP 10.0.10.30:31391 -> > 205.251.12.176:53 178.1.1.65:31391 -> 205.251.12.176:53 > 2014-05-29 17:04:59.336 CREATE TCP 188.92.7.25:44303 -> 31.17.16.10:80 > 188.92.7.25:44303 -> 192.168.7.101:80 > > So please, is there any quick fix, that i don't need to wait for new version ? > > Thank you > > Best regards > -- Be nice to your netflow data. Use NfSen and nfdump :) ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss