-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert, Peter,
Thanks for your help on this. My main problem is that the Date/Timestamp is wrong. They are all showing up as 1969-12-31 19:00:00.000. Any idea on how to fix that? Thanks, ep On 07/10/2015 09:57 AM, Brian Epstein wrote: > Hi, > > We've been using nfdump with nfsen for years. Thanks for > supporting such a great product. > > Recently, we've been trying to implement IPFIX with a couple of > Cisco 4500X's and have been seeing an odd problem. The dumps come > out with the wrong timestamp and INVALID as the event. > > $ nfdump -r nfcapd.201507081630-sample Date first seen > Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port > X-Src IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte > > 1969-12-31 19:00:00.000 INVALID Ignore TCP > 157.55.39.187:32086 -> 172.16.52.154:80 0.0.0.0:0 > -> 0.0.0.0:0 70 0 > > 1969-12-31 19:00:00.000 INVALID Ignore TCP > 172.16.48.51:62584 -> 172.16.19.20:443 0.0.0.0:0 > -> 0.0.0.0:0 3168 0 > > 1969-12-31 19:00:00.000 INVALID Ignore TCP > 157.55.39.187:32086 -> 172.16.52.154:80 0.0.0.0:0 > -> 0.0.0.0:0 5552 0 Summary: total flows: 3, total > bytes: 8790, total packets: 106, avg bps: 0, avg pps: 0, avg bpp: > 0 Time window: <unknown> Total flows processed: 3, Blocks skipped: > 0, Bytes read: 312 Sys: 0.003s flows/second: 961.8 Wall: > 0.000s flows/second: 5639.1 > > I thought this might be due to the template not being sent enough, > so I manually added the "template data timeout 30" to the flow > exporter. This does show the template being sent every 30 seconds > now in the packet captures, but the date/time and event is still > incorrect. > > Originally I was running 1.6.11 that comes with EL6, but then I > compiled and installed 1.6.13 to see if it was fixed there. I'm > still seeing the same behavior. > > Attached is a packet capture with three packets. Two have a > template, and one does not. Also, is an nfcapd file that shows > some of those flows that were included in the packet capture. > > Let me know if there is anything else I can do to help > troubleshoot. > > Thanks, Brian > > > > > ---------------------------------------------------------------------- - -------- > > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support > that you need to offload your IT needs and focus on growing your > business. Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > > > > _______________________________________________ Nfdump-discuss > mailing list Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > - -- Brian Epstein <bepst...@ias.edu> +1 609-734-8179 Manager, Network and Security Institute for Advanced Study Key fingerprint = A6F3 9F5A 26C5 5847 79ED C34C C0E5 244A 55CA 2B78 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVwLreAAoJEMDlJEpVyit4ZXQQALAHy6HKdFL4cDAxRmeMlTS/ LZk1436BCBfikMz9Ka+lnv3pNzUJLbLL7g9EDBl7Ux50ULWaoLVE9YsJi2NJNX1p nDiz6xhQ5zsrmwfVNbOtmNQ/3QJ8PN0TcBH9TVbcsuYzSW6gF4TcLvSs3N18LoWg oCy/lt21iKP0IQloZGUrWoyrYppH4rcpLXVuG10f4f7pHfKj6ZU1LQGLVg16u6f7 t/03TyApdZtm2K/owb3Gb9hghzPB84jXc6QVaVt0ImP/5CkqOsLjbYdLU/bKkBiX uSCzBlLRGwPp3AKPYvB9RH7Mcy/douMwehNRgWd0GlWjItnZ6WSJgu7rkYR20+Bz pzQUY3IeiRGd0SMCujLNmYPldyL6iJttH46dE5AQqzNC6F8rGAupKS0rN1QzDNrp aDrtPnms+WEYw9pk2lX5CZnyyrsoq1hI9fO+8Q83CmEDbPcR/9lcMfA0oyu4PcpL T/g4xEQXTlSONhcKWgl+vBKq+qYykknCs6nnRMm9AmbyZr7B9zjxy1qzg/dpnKlC 0BotFHGeyauO1quqm+JZHQMHzq0vlgPOkYc2InK7zfxMbIYZKyHQshaMoSBSiijm wDULXTkn8qnUSyf/3gkub+vpF2tonO5gQ7HThYXaL7v0EUpgf36D64g4ufBlLPct cmbUY4rVAxpFZriNJqzp =qoDN -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
