Dear all, I'm trying to implement an extension for nfdump that stores and processes data from (enterprise-specific) NetFlow fields. In total, I've defined 6 fields and all but one (i.e. no. 2) are working fine. The fields have the following properties:
1: unint8 2: unint32 <== problem 3-6: uint32 Since the extension has to be 64-bit-aligned, I've defined the corresponding masks: 1: 0xFF00000000000000LL 2: 0x00FFFFFFFF000000LL 3: 0xFFFFFFFF00000000LL 4: 0x00000000FFFFFFFFLL 5: 0xFFFFFFFF00000000LL 6: 0x00000000FFFFFFFFLL Again, field 1, 3, 4, 5 and 6 are working perfectly fine. The only difference between field no. 2 and the others is that its shifted by another value than 32 bits. It needs to carry a UNIX timestamp, which is correctly 'received' by nfcapd (I've verified that). However, after reading the file by nfdump, the value is wrong. For example, the HEX value '516C5DE4' (1366056420) results in the decimal value after processing '81'. Does anyone of you have a clue what may be the (direction of the) problem? Any idea is appreciated! Kind regards, -- Rick Hofstede ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
