Hi, I'm trying to figure out an issue with the aggregation for sql_history methods for Netflow. For some reason I run into issues with the stamp_inserted value being way off and wrong.
According to my flow the following raw Netflow stream gets a weird timestamp inserted into the sql. The raw flow in nfdump: Flow Record: Flags = 0x06 FLOW, Unsampled export sysid = 1 size = 60 first = 1506114959 [2017-09-22 21:15:59] last = 1506115055 [2017-09-22 21:17:35] msec_first = 831 msec_last = 236 src addr = 192.168.1.143 dst addr = 192.168.1.255 src port = 138 dst port = 138 fwd status = 0 tcp flags = 0x00 ...... proto = 17 UDP (src)tos = 0 (in)packets = 2 (in)bytes = 465 input = 2 output = 0 This gets inserted into sql with this command: DEBUG ( in/mysql ): INSERT INTO `acct_in` (stamp_updated, stamp_inserted, ip_dst, src_port, dst_port, ip_proto, mac_src, mac_dst, ip_src, packets, bytes) VALUES (FROM_UNIXTIME(1506160141), FROM_UNIXTIME(1501819200), '192.168.1.255', 0, 0, 'ip', '0:0:0:0:0:0', '0:0:0:0:0:0', '0.0.0.0', 2, 465) So the flow has the flow start value timestamp: 1506114959 ( 2017-09-22T21:15:59+00:00 in ISO 8601) But sql insert has been rounded off to 1501819200 ( 2017-08-04T04:00:00+00:00 in ISO 8601) The config I'm running is: daemonize: false nfacctd_port: 5678 aggregate[in]: dst_host aggregate_filter[in]: dst net 192.168.0.0/16 print_refresh_time: 30 plugins: mysql[in] sql_db: pmacct sql_host: 127.0.0.1 sql_table[in]: acct_in sql_table_version: 1 sql_passwd: xxx sql_user: pmacct sql_refresh_time: 5 sql_history: 1h sql_history_roundoff: h The time is correct on all machines involved. The version I'm running: NetFlow Accounting Daemon, nfacctd 1.6.2-git (20170401-00+c1) Built with only mysql enabled. Any suggestions on what I could be doing wrong is appreciated :) -- Regards, [email protected]
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
