[Nfdump-discuss] nfreplay not showing correct time window on old data

Tue, 05 Mar 2013 14:18:59 -0800 

Hi,

With the help of another member I was able to convert months of ASA syslog data 
to Netflow v9.  Thanks again for that.  The data was converted into nsel-nfdump 
1.6.9 format and then the intention was to use nfreply to push all the data 
into two collectors.  The SiLK collector is reading the dates fine.  However, 
nfsen puts the data into a single 5 minute chunk.

450871655 Mar  5 15:30 nfcapd.201303051525
     25829 Mar  5 15:35 nfcapd.201303051530
     22279 Mar  5 15:40 nfcapd.201303051535

If I dump the file, I can see the proper timestamps:

2012-10-25 22:36:43.296 IGNORE  Ignore TCP       192.168.0.12:443   ->  
x.x.x.x:51796          0.0.0.0:0     ->          0.0.0.0:51796     2129
2012-10-25 22:36:50.296 IGNORE  Ignore TCP       192.168.0.12:443   ->  
x.x.x.x:51796          0.0.0.0:0     ->          0.0.0.0:51796     2129
2012-10-25 22:36:50.296 IGNORE  Ignore TCP       192.168.0.12:443   ->  
x.x.x.x:51796          0.0.0.0:0     ->          0.0.0.0:51796     2129
2012-10-25 22:36:57.296 IGNORE  Ignore TCP       192.168.0.12:443   ->  
x.x.x.x:51796          0.0.0.0:0     ->          0.0.0.0:51796     2129
2012-10-25 22:36:57.296 IGNORE  Ignore TCP       192.168.0.12:443   ->  
x.x.x.x:51796          0.0.0.0:0     ->          0.0.0.0:51796     2129

nfdump -r nfcapd.201303051525 -t 2012/10/25.23:36:43-2013/01/01.00:00:00
Date first seen          Event  XEvent Proto      Src IP Addr:Port          Dst 
IP Addr:Port     X-Src IP Addr:Port        X-Dst IP Addr:Port     Bytes
Empty file list. No files to process
No matched flows

Any idea what I might be missing or another recommended way to get the data 
usable by nfsen?  Also, I wanted to point out the cosmetic bug on the xdstport 
field.

Thanks,

-ryan

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to