Hi all! We have an issue with the Cisco CRS's CGSE+ module. The module is used to do NAT (PAT) and the export of netflow is configured on it. I try to use nfdump (now it is nfdump-1.6.13) as a netflow collector but experience problems wih some fields:
/usr/local/nfdump-1.6.13/bin/nfdump -r nfcapd.201503250700 -o "fmt:%ts %te %sap-->%nsa:%nsp >> %nda:%ndp-->%dap %pr %nevt %ivrf %evrf" | less Date first seen Date last seen Src IP Addr:Port X-late Src IP XsPort X-late Dst IP XdPort Dst IP Addr:Port Proto Event I-VRF-ID E-VRF-ID 1970-01-01 03:00:00.000 1970-01-01 03:00:00.000 10.114.136.169:49958--> 37.190.63.117: 55550 >> 0.0.0.0: 0--> 37.58.73.181:80 TCP IGNORE 1610612766 1610612754 1970-01-01 03:00:00.48984 1970-01-01 03:00:00.000 10.114.136.169:37764--> 37.190.63.117: 22597 >> 0.0.0.0: 0--> 37.58.73.181:80 TCP IGNORE 1610612766 1610612754 1970-01-01 03:00:00.25651 1970-01-01 03:00:00.000 10.114.228.152:30947--> 37.190.63.114: 62311 >> 0.0.0.0: 0--> 62.112.113.170:53 UDP IGNORE 1610612766 1610612754, Mostly it concernes such fields as "Date first seen", "Date last seen" etc, while X-late fields as well as "source/destination" fields are seems to be correct. What I would like to know is if nfdump can support netflow streams from CGSE+ card installed in Cisco CRS chassis ? If so, are there any special ./configure options? The current one was compiled with "$ ./configure --prefix=/usr/local/nfdump-1.6.13 --enable-nsel --enable-nel" options. I have also contacted Cisco Technical Support about the problem. They answered the ASR9k/CRS routers inform (periodically) the netflow collector about the format of data transmitted and then send the data in accordence to it. Hence they advised to find out if nfdump supports Dynamic Templates. Thank you in advance. Best regards, Andrey ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
