Hi Peter, Thanks for looking into this. I'll try to raise an issue with Cisco and write an update here if there's any progress.
Best regards, Evgheni Dereveanchin -----Original Message----- From: Peter Haag [mailto:ph...@users.sourceforge.net] Sent: 25 November 2012 20:04 To: Evgheni Dereveanchin Cc: nfdump-discuss@lists.sourceforge.net Subject: Re: [Nfdump-discuss] no byte count on asa 8.4.5 Hi list, I had a look of the packet trace I god and came to the conclusion, that this must be a Cisco bug, as the elements NF_F_FLOW_BYTES(85) and NF_F_FW_EVENT(40005) are missing in the stream. Apart from that, there is no change or new elements. This means, that nfdump has always byte count of 0 ad Event-Code 'IGNORE'. Maybe somebody can file a CISCO bug report. Regards - Peter On 19/11/12 12:07 PM, Evgheni Dereveanchin wrote: > HI all, > > We've upgraded one of our ASA devices to software 8.4.5 and now the netflow > data shown by nfsen shows no byte count. > I think now some option should be passed to the ASA explicitly to enable > sending byte count via netflow. > > The config I have on the ASA is the following: > > flow-export destination internal 192.168.0.22 9995 flow-export > template timeout-rate 5 flow-export delay flow-create 30 class-map > netflow_export_class match any policy-map global_policy class > netflow_export_class > flow-export event-type all destination 192.168.0.22 > > it worked with ASA 8.4.4 without issues. > We use nfdump-1.5.8-2-NSEL + nfsen-1.3.6p1 on a CentOS 6 machine. > > An upgrade is planned on other ASA devices and if the problem is in nfdump > and not the ASA then we're stuck. > > Anyone also hit this issue? Please advise :) > > Best regards, > Evgheni Dereveanchin > > > ________________________________ > The information in this email is confidential and may be legally > privileged. It is intended solely for the addressee. Any opinions > expressed are mine and do not necessarily represent the opinions of > the Company. Emails are susceptible to interference. If you are not > the intended recipient, any disclosure, copying, distribution or any > action taken or omitted to be taken in reliance on it, is strictly > prohibited and may be unlawful. If you have received this message in > error, do not open any attachments but please notify the EndavaIT > Support Service Desk on (+44 (0)870 423 0187), and delete this message > from your system. The sender accepts no responsibility for > information, errors or omissions in this email, or for its use or > misuse, or for any act committed or omitted in connection with this > communication. If in doubt, please verify the authenticity of the > contents with the sender. Please rely on your own virus checkers as no > responsibility is taken by the sender for any dam age risin g out of any bug or virus infection. > > Endava Limited is a company registered in England under company number > 5722669 whose registered office is at 125 Old Broad Street, London, EC2N 1AR, > United Kingdom. Endava Limited is the Endava group holding company and does > not provide any services to clients. Each of Endava Limited and its > subsidiaries is a separate legal entity and has no liability for another such > entity's acts or omissions. Please refer to the "Legal" section on our > website for a list of legal entities. > > > > ---------------------------------------------------------------------- > -------- Monitor your physical, virtual and cloud infrastructure from > a single web console. Get in-depth insight into apps, servers, > databases, vmware, SAP, cloud infrastructure, etc. Download 30-day > Free Trial. > Pricing starts from $795 for 25 servers or applications! > http://p.sf.net/sfu/zoho_dev2dev_nov > > > > _______________________________________________ > Nfdump-discuss mailing list > Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > -- Be nice to your netflow data. Use NfSen and nfdump :) ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
