Re: [Nfdump-discuss] nfdump reports overlapping time windows

Wed, 20 May 2015 23:06:13 -0700

No, your router is configured to export flow after 1 minute from its beginning. You cannot avoid overlapping by setting these timeouts.
Maybe you could do that by forcing router to export all current flows by some command (say, by snmp message), but this must be done exactly in same moment as file rotation of nfdump. That's practically impossible. You cannot avoid overlapping.


21.05.2015 07:50, Evgeny Vainerman пишет:

Hello Everyone!

 

I get overlapping time windows in consequent nfcapd files.

My Cisco ASR 1006 router is configured to cut and export flows every minute:

 

Flow Monitor NETFLOWM:

  Description:       User defined

  Flow Record:       netflow-original

  Flow Exporter:     NETFLOWX

  Cache:

    Type:              normal

    Status:            allocated

    Size:              4096 entries / 327700 bytes

    Inactive Timeout:  15 secs

    Active Timeout:    60 secs

    Update Timeout:    60 secs

 

I’m running nfcad with the following parameters:

 

nfcapd -w -t 60 -l /tmp/netflow/cisco-1 -b 0.0.0.0 -p 9996 -B 30000000

 

However, the consequent nfcapd files contain overlapping time windows:

 

[]# nfdump -r /tmp/cisco-1/nfcapd.201505210426 -o line | grep "Time window"

Time window: 2015-05-21 04:24:59 - 2015-05-21 04:26:57

[]# nfdump -r /tmp/cisco-1/nfcapd.201505210427 -o line | grep "Time window"

Time window: 2015-05-21 04:25:59 - 2015-05-21 04:27:58

 

What’s wrong? I need to get disjoint time windows in each file. How can I reach this goal.

 

-

Thanks,

Evgeny

 



------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y


_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss





------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to