-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I figured folks might be on vacation, but I was wondering if anyone had any insight into the issue I sent last week.
Thanks, Brian PS. I saw the sourceforge warning last week, "The sourceforge.net website is temporarily in static offline mode. Only a very limited set of project pages are available until the main website returns to service." I'm wondering if that is affecting the mailing list or not. Has anyone looked into moving the community to a different site? On 07/10/2015 09:57 AM, Brian Epstein wrote: > Hi, > > We've been using nfdump with nfsen for years. Thanks for > supporting such a great product. > > Recently, we've been trying to implement IPFIX with a couple of > Cisco 4500X's and have been seeing an odd problem. The dumps come > out with the wrong timestamp and INVALID as the event. > > $ nfdump -r nfcapd.201507081630-sample Date first seen Event > XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src IP > Addr:Port X-Dst IP Addr:Port In Byte Out Byte > > 1969-12-31 19:00:00.000 INVALID Ignore TCP 157.55.39.187:32086 -> > 172.16.52.154:80 0.0.0.0:0 -> 0.0.0.0:0 70 > 0 > > 1969-12-31 19:00:00.000 INVALID Ignore TCP 172.16.48.51:62584 -> > 172.16.19.20:443 0.0.0.0:0 -> 0.0.0.0:0 3168 > 0 > > 1969-12-31 19:00:00.000 INVALID Ignore TCP 157.55.39.187:32086 -> > 172.16.52.154:80 0.0.0.0:0 -> 0.0.0.0:0 5552 > 0 Summary: total flows: 3, total bytes: 8790, total packets: 106, > avg bps: 0, avg pps: 0, avg bpp: 0 Time window: <unknown> Total > flows processed: 3, Blocks skipped: 0, Bytes read: 312 Sys: 0.003s > flows/second: 961.8 Wall: 0.000s flows/second: 5639.1 > > I thought this might be due to the template not being sent enough, > so I manually added the "template data timeout 30" to the flow > exporter. This does show the template being sent every 30 seconds > now in the packet captures, but the date/time and event is still > incorrect. > > Originally I was running 1.6.11 that comes with EL6, but then I > compiled and installed 1.6.13 to see if it was fixed there. I'm > still seeing the same behavior. > > Attached is a packet capture with three packets. Two have a > template, and one does not. Also, is an nfcapd file that shows > some of those flows that were included in the packet capture. > > Let me know if there is anything else I can do to help > troubleshoot. > > Thanks, Brian > > > > > ---------------------------------------------------------------------- - -------- > > Don't > Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support > that you need to offload your IT needs and focus on growing your > business. Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > > > > _______________________________________________ Nfdump-discuss > mailing list Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > - -- Brian Epstein <bepst...@ias.edu> +1 609-734-8179 Manager, Network and Security Institute for Advanced Study Key fingerprint = A6F3 9F5A 26C5 5847 79ED C34C C0E5 244A 55CA 2B78 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVtkK1AAoJEMDlJEpVyit45IsQAJk+KeaMcTHXZ6GMoCacbM9N iOPOUZswhmv6p60Yl2pjrZztsNhgoHCoev5byEUphAApJt7oCi3iMLI42PArUTeE cNtVOrbA8RM3fRAUPOxIuxJe0yQ9cjuXqffFMneN6uOWlRqgXGinY8SAIxwmmkT3 KA2rb/YQGh3SYTFlJYP1zvNkDP2KISB9JGA6Oz58jMmOSsZJSeCHEzWyInALUWs8 L8yLuyb6f9qYJrIvcThIbiR3VBqUAfmqKDZy5u53J2Wvmop7rPW/7vQ150po9XwX mAnFpaplZfffNEEfBFjBFznF1ChcPuPXfaxGsjc8iGnrU8AM7U8vJGopS7cC9eaN h4lGWGmT28RFyD4PZHtEpEK0RUjNOx0sOmGJlqmcwUO+rsvr6TddXsfs9H7MqX2u bfe+Rss5dGKsYtKT4eHS7R54LqzAUOrsRRmdDWTr+wGVMHKj7nF0Q387yAfFo9Zd L5WgvgTv29KXnGyTb18WzQiEBLqpfDVqcK9x/pB4lT/gehvVMv9XkLj2f0gp3KJu UrC9AohxBD7QrSWwQMk6aODEb6qeMJj67bX9WH9lrCTZzIq+hZuuStEwkd6+mt4G fLH6VBYcZ011cVtV4dFyE7jTMLUbyAqgl6/v6g/zl2+KUmLShGOyJTZBzeMkeUj8 u91lJUhNYGWwKKEXGih1 =yf1L -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
