Hi list,
We have a Cisco ASA 5512 v. 8.6(1)2. and nfdump/nfcapd version:
NSEL-NEL-1.6.9
The collector is able to read the flows and bytes but not
the packets. I read some blog saying that Cisco does not have a packet field
for this release.
Is this true and can we do something about it? If not please
point me to the possible problem and how to solve it.
Below is a sample of the netflow data parsed by the
collector.
$nfcapd -z -w -E -I Firewall -l /tmp/nfcapd1/ -T nsel,nel
Flow Record:
Flags = 0x46 EVENT, Unsampled
export sysid = 1
size = 132
first = 1364324711 [2013-03-27 03:05:11]
last = 1364324711 [2013-03-27 03:05:11]
msec_first = 643
msec_last = 643
src addr = x.x.x.x
dst addr = x.x.x.x
src port = 28535
dst port = xx
fwd status = 0
tcp flags = 0x00 ......
proto = 17
(src)tos = 0
(in)packets = 0
(in)bytes = 12
connect ID = 1355123
fw event = 1: CREATE
fw ext event = 0
flow start = 0 [1970-01-01 07:30:00.000]
src asa port = 28535
dst asa port = xx
src asa ip = x.x.x.x
dst asa ip = x.x.x.x
Ingress ACL = 0xd3a8690b/0xae9dee09/0x8d75865
Egress ACL = 0x0/0x0/0x0
User name = <empty>
Thanks,
Mon
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
