So I will need to change the following value from 15 to 300?
from
ip flow-cache timeout inactive 15
to
ip flow-cache timeout inactive 300
Thanks.
On Tue, May 15, 2012 at 1:31 AM, Adrian Popa <[email protected]>wrote:
> Flows that started on 2012-03-25 had just finished and were exported to
> nfsen inside the time window you selected. To have a better view of your
> data, and in near real time, you should set flow expire timers on your
> routers to 300s. This will force a flow to be expired even if the data
> transfer hasn't finished, and you will get the records sooner in nfsen.
>
> On Tue, May 15, 2012 at 12:33 AM, djwil mer <[email protected]> wrote:
>
>> Today I created a time window request from 7:00 to 7:10 but for some
>> reason there are entries from 3/25/2012 as the start date. Why is this
>> happening? Is this some type of bug?
>>
>> Thanks.
>>
>>
>> ** nfdump -M /var/nfsen/profiles-data/test/test1:test2:test2:test1 -T
>> -R 2012/05/14/nfcapd.201205140700:2012/05/14/nfcapd.201205140710 -n 10 -s
>> record/flows
>> nfdump filter:
>> ip 10.10.30.3
>> Aggregated flows 368
>> Top 10 flows ordered by flows:
>> Date flow start Duration Proto Src IP Addr:Port
>> Dst IP Addr:Port Packets Bytes Flows
>> 2012-05-14 06:59:33.262 865.084 TCP 10.10.25.163:3322 ->
>> 10.10.30.3:44574 57 4707 11
>> 2012-05-14 06:59:33.325 865.149 TCP 10.10.30.3:44574 ->
>> 10.10.25.163:3322 57 4872 11
>> 2012-05-14 07:00:00.010 781.825 TCP 10.10.30.3:58997 ->
>> 10.10.78.151:3750 4473 1.2 M 11
>> 2012-03-25 13:58:27.496 4295747.373 TCP 10.10.78.59:3714 ->
>> 10.10.30.3:49502 45 4140 10
>> 2012-03-25 13:57:12.743 4295749.100 TCP 10.10.78.151:3750 ->
>> 10.10.30.3:58997 2632 852472 10
>> 2012-05-14 06:59:44.719 870.268 TCP 10.10.30.3:49502 ->
>> 10.10.78.59:3714 59 5054 10
>> 2012-03-25 13:57:12.935 4295749.102 TCP 10.10.71.54:3778 ->
>> 10.10.30.3:64588 30 2375 7
>> 2012-05-14 07:00:00.203 781.889 TCP 10.10.30.3:64588 ->
>> 10.10.71.54:3778 30 2425 7
>> 2012-05-14 07:09:01.641 0.000 TCP 10.10.25.170:3322 ->
>> 10.10.30.3:47887 1 46 1
>> 2012-05-14 07:13:53.545 0.000 TCP 10.10.25.170:3322 ->
>> 10.10.30.3:55910 1 46 1
>> Summary: total flows: 437, total bytes: 2.1 M, total packets: 7745, avg
>> bps: 3, avg pps: 0, avg bpp: 272
>> Time window: 2012-03-25 13:57:12 - 2012-05-14 07:14:14
>> Total flows processed: 437, Blocks skipped: 0, Bytes read: 23252
>> Sys: 0.004s flows/second: 109250.0 Wall: 0.002s flows/second: 211724.8
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Nfsen-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>
>>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
