Re: [pmacct-discussion] timestamps in the past

Wed, 01 Apr 2015 13:40:54 -0700 

Is it possible that the MySQL timestamps are set automagically by the
database, as part of the insert query, completely ignoring the timestamps
in the flow?

On Wed, Apr 1, 2015 at 1:30 PM, Steffen Plotner <[email protected]>
wrote:

>  Hi,
>
> We have a Palo Alto firewall and are trying to use pmacct to collect its
> netflow data. I have been able to get everything to work for netflow v9
> type data expect for the timestamps. Most timestamps are current and some
> go back one month. The wireshark trace of the netflow data does show such
> values in the Timestamp field. When writing out the data to flat files the
> time goes back in the past. That same data written to the mysql server is
> correct in terms of the timestamp - todays date/time.
>
> I have the following
> nfacctd_time_new: true
>
> which is apparently effective for the mysql side - but it appears not on
> the file sideā€¦
>
> file output
> {"label": "netflow_fcnet_in_conv", "tcp_flags": "0", "application":
> "bittorrent", "ip_src": "144.76.96.199", "port_src": 38914, "ip_dst":
> "148.85.185.85", "port_dst": 41986, "timestamp_start": "2015-03-09
> 15:25:43.0", "ip_proto": "udp", "timestamp_end": "2015-03-09 15:45:43.0",
> "username": "", "packets": 4, "bytes": 409, "flows": 1}
>
> Mysql output
>         *ip_src* *ip_dst* *port_src* *port_dst* *tcp_flags* *ip_proto*
> *packets* *bytes* *stamp_inserted* *stamp_updated* *country_ip_src*
> *country_ip_dst* *username* *application*  144.76.96.199 148.85.185.85
> 38914 41986 0 udp 4 409 4/1/2015 4:25:00 PM 4/1/2015 4:25:15 PM -- --
> bittorrent
>
> Steffen
>
>
>
> _______________________________________________________________________________________________
> Steffen Plotner                            Amherst College            Tel 
> (413)
> 542-2348
> Systems/Network Administrator/Programmer   PO BOX 5000                Fax 
> (413)
> 542-2626
> Systems & Networking                       Amherst, MA 01002-5000
> [email protected]
>
>
>
>
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>



-- 

- billn

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to