Hmm .. obviously your VDS's don't send the date, as other IPFIX exporters do. I
would need a packet dump of your VDS's
traffic to the nfcapd collector. If you can send me the data off list, I'll
have a look.
- Peter
On 7/5/13 2:44 AM, David Walsh wrote:
> Hi,
> I have some vSphere 5.1 VDS's sending IPFIX net flow to our nfsen
> server. (nfsen v 1.3.5)
>
> I am running nfdump Version: 1.6.9 with the IPFIX patch posted on this list
> on the 13/4/2013 by Peter.
>
> I am receiving the net flow data and below is the output in raw form after I
> applied the patch. You will notice that "first" and "last" are set on
> 1970-01-01 10:00:00. There is an up to date time in the last variable of the
> packet in "received at".
>
> NFsen can read the data and it is correct (I compare it to data we pull via
> snmp) however NFsen /ndump are formatting the data with timestamps of
> 1970-01-01 10:00:00 instead of the actual time.
>
> I notice this has been raised on various sites but I have not seen a fix. I
> don't mind testing some patches if they become available to fix up this
> timestamp issue.
>
>
>
> # nfdump -M /opt/data/nfsen/profiles-data/live/netflow-vds-vsh -R
> 2013/05/03/nfcapd.201305031040 -c 100 -o raw
>
>
> Flow Record:
> Flags = 0x06 FLOW, Unsampled
> export sysid = 2
> size = 72
> first = 0 [1970-01-01 10:00:00]
> last = 0 [1970-01-01 10:00:00]
> msec_first = 0
> msec_last = 0
> src addr = 110.175.94.222
> dst addr = 192.168.64.6
> src port = 58464
> dst port = 443
> fwd status = 157
> tcp flags = 0x00 ......
> proto = 6
> (src)tos = 0
> (in)packets = 9
> (in)bytes = 1500
> input = 1678
> output = 1799
> ip router = 10.1.4.39
> received at = 1367541600163 [2013-05-03 10:40:00.163]
>
>
> Flow Record:
> Flags = 0x06 FLOW, Unsampled
> export sysid = 2
> size = 72
> first = 0 [1970-01-01 10:00:00]
> last = 0 [1970-01-01 10:00:00]
> msec_first = 0
> msec_last = 0
> src addr = 101.163.67.76
> dst addr = 192.168.64.6
> src port = 2735
> dst port = 443
> fwd status = 255
> tcp flags = 0x00 ......
> proto = 6
> (src)tos = 0
> (in)packets = 1
> (in)bytes = 40
> input = 1678
> output = 1799
> ip router = 10.1.4.39
> received at = 1367541600163 [2013-05-03 10:40:00.163]
>
> Kind Regards,
> David
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
