Probably, I will upgrade nfdump in a future (because I've already tried to use it and it seems, that it's ok.) But this will not solve my problem with timestamp, because our ASA does not provide flow-time at all. There are no duration, start_time, end_time.
That is why I've decided to replace zero values with current server timestamp. Something like this:
inline void *Process_v9_data
...
if ( data_record->flags & FLAG_NSEL_FLOW ) {
if ( nsel_input_template[EVENT_TIME_MSEC].offset ) {
int offset = table->evt_msec_index;
uint64_t evt_msec = ntohll(Get_val64((void *)&in[offset]));
data_record->first = data_record->last = evt_msec / 1000;
data_record->msec_first = data_record->msec_last = evt_msec % 1000;
} else {
//data_record->first = data_record->last = 0;
//data_record->msec_first = data_record->msec_last = 0;
data_record->first = data_record->last = time(NULL);
data_record->msec_first = data_record->msec_last = 0;
}
} else {
//First = data_record->first;
//Last = data_record->last;
First = time(NULL);
Last = time(NULL);
It looks, that it works for my case.
Цитирование Peter Haag <ph...@users.sourceforge.net> :
Hi,
nfdump-1.5.8-NSEL was a release for CISCO ASA in the early ASA days. This version is ways back in time and does not
support newer ASA/NSEL models. It's recommended to migrate to nfdump-1.6.12, although the painful part is - 1.5.8-NSEL
files can not be read by 1.6.12.
btw. time stamps are always a metter of difficulty. What do you define as "current timestamp" ?
Cheers
- Peter
On 29.07.14 15:58, k...@inbox.lv wrote:
> Hi all. I'm using nfdump-1.5.8-NSEL to catch and process our traffic (CFLOW).
> But our new firewall configuration cannot provide basic time values - duration,
> first_seen, last_seen. :(
> I'm not C guru, so could you advise me, how can I substitute first_seen,
> last_seen with current timestamp. This is definitely not the best solution, but
> it is suitable for my purposes...
>
> Thanks!
>
>
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
