Hello Everyone!
I get overlapping time windows in consequent nfcapd files.
My Cisco ASR 1006 router is configured to cut and export flows every minute:
Flow Monitor NETFLOWM:
Description: User defined
Flow Record: netflow-original
Flow Exporter: NETFLOWX
Cache:
Type: normal
Status: allocated
Size: 4096 entries / 327700 bytes
Inactive Timeout: 15 secs
Active Timeout: 60 secs
Update Timeout: 60 secs
I'm running nfcad with the following parameters:
nfcapd -w -t 60 -l /tmp/netflow/cisco-1 -b 0.0.0.0 -p 9996 -B 30000000
However, the consequent nfcapd files contain overlapping time windows:
[]# nfdump -r /tmp/cisco-1/nfcapd.201505210426 -o line | grep "Time window"
Time window: 2015-05-21 04:24:59 - 2015-05-21 04:26:57
[]# nfdump -r /tmp/cisco-1/nfcapd.201505210427 -o line | grep "Time window"
Time window: 2015-05-21 04:25:59 - 2015-05-21 04:27:58
What's wrong? I need to get disjoint time windows in each file. How can I reach
this goal.
-
Thanks,
Evgeny
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
