Hello,
My netflow data has incorrect and arbitrary timestamps showing up in the ouput
of flow-print. Below is a comprehensive description of my configuration and
problem. I would greatly appreciate any and all help.
I recently installed flow-tools .66 on a Fedora Core 5 box running kernel
2.6.15, 64 bit AMD opteron. I ended up having to apply a patch to fix a known
time problem with 64 bit that I found on this thread:
http://www.mail-archive.com/[email protected]/msg01147.html
I have a couple of Cisco routers that I am exporting flows from that I
configured with the following:
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 192.168.1.1 9999
The command on the linux box I am using to capture the flows is:
/usr/local/netflow/bin/flow-capture -V5 -D -w /usr/local/netflow/data/3660 -E1G
192.168.1.1/172.16.0.10/9999
The Cisco routers are synching to an NTP server and the timestamps in the logs
and the output of "show clock" appears to be correct.
The problem is that the timestamps that on the flow-data appear to be incorrect
and arbitrary. I am collecting data in 15 minute increments. Here is a sample
from one recent ft file that I printed out with flow-print(
/usr/local/netflow/bin/flow-print -f5 < ft-v05.2007-01-11.161500-0500 >
/tmp/debug_out)
1028.11:46:15.664 1115.17:31:54.880 1
0615.19:18:31.680 1115.17:31:54.880 1
0320.07:06:47.756 0423.22:17:46.992 1
Its all over the place. I am really stumped at what might be causing this. I am
using version 5 of netflow. I am thinking these dates are getting corrupted
localy on the Linux box itself. Its just a hunch. If anyone could give me some
feedback or point me in a particular troubleshooting direction I would greatly
appreciate it.
Thanks
Jason.
---------------------------------
Don't be flakey. Get Yahoo! Mail for Mobile and
always stay connected to friends.
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
