Hi Peter, thanks for reply.
Only documentation that i have is here https://github.com/aabc/ipt-netflow there are docs and source code for kernel and iptables module, so maybe it's usefull for you. Just one thing. There must be some bug, because when i look with nfdump 1.6.12 on dump created with nfcapd 1.6.11 than everything is ok. If you need some more info, or dump files please let me know, i'll glad to help you to resolve this issue. Regards -- S pozdravem Martin Šoltis Linux Administrator ÚVT s.r.o. On Tuesday 10 June 2014 20:12:54 Peter Haag wrote: > Hi Martin, > According to the listing, you are using the ASA/NEL extension. This was > specifically implemented for CISCO ASA devices. There is no guarantee, that > it works with other exporters. There were changes in 1.6.12 to support the > latest ASA devices. If you can provide me with a detailed document, which > describes ipt_netflow, I can check, however, without any warranty. > > - Peter > > On 03.06.14 13:51, Martin Šoltis wrote: > > Hello, > > > > i try to configure nfdump, but there is probably a bug in the latest > > version. > > > > I'm using ipt_netflow 1.8.2 kernel module and nfcapd for packet capturing. > > > > So the problem is, that when i use nfdump to view NATted packets then it > > looks like this > > > > 2014-06-03 13:29:44.503 INVALID UDP 111.221.74.2:40027 -> > > 10.0.10.22:44979 0.0.0.0:0 -> 0.0.0.0:0 1970-01-01 > > 01:00:00.44979 IGNORE UDP 10.0.10.30:47334 -> 216.239.32.10:53 > > 178.1.1.65:47334 -> 216.239.2.10:53 1970-01-01 01:00:00.44979 > > IGNORE UDP 10.0.10.30:40560 -> 216.239.32.10:53 > > 178.1.1.65:40560 -> 216.239.2.10:53 > > > > so as you can see, time is ok only for packets without NAT. > > > > But this problem occurs only with nfcapd 1.6.12, because when i run nfdump > > on older dump file, created with nfcapd 1.6.11 then time is ok, but there > > was problem with ports in nfdump 1.6.11. > > > > Here is output of nfdump 1.6.12 with dump file from nfcapd 1.6.11. > > > > 2014-05-29 17:04:59.226 IGNORE UDP 10.0.10.30:31391 -> > > 205.251.12.176:53 178.1.1.65:31391 -> 205.251.12.176:53 > > 2014-05-29 17:04:59.336 CREATE TCP 188.92.7.25:44303 -> > > 31.17.16.10:80 188.92.7.25:44303 -> 192.168.7.101:80 > > > > So please, is there any quick fix, that i don't need to wait for new > > version ? > > > > Thank you > > > > Best regards ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
