I have Cisco ASR1006 Router and recently i setup netflow with nfsen,
everything looks working except i am seeing wrong date.
root@netflow tmp]# nfdump -V
nfdump: Version: 1.6.11 $Date: 2013-11-16 09:04:43 +0100 (Sat, 16 Nov 2013) $
[root@netflow rtr5a1]# nfdump -M /data/nfsen/profiles-data/live/r1 -T
-r 2016/07/01/nfcapd.201607010030 -n 5 -s ip/flows
Top 5 IP Addr ordered by flows:
Date first seen Duration Proto IP Addr Flows(%)
Packets(%) Bytes(%) pps bps bpp
1969-12-31 19:00:00.45890 -45.890 any 221.122.37.33
256(27.9) 9088(26.7) 399872(20.3) 18446744.1 T 18446744.1 T
44
1969-12-31 19:00:00.000 0.000 any 64.xx.xx.58 88( 9.6)
90( 0.3) 5400( 0.3) 0 0 60
1969-12-31 19:00:00.000 0.000 any 93.xx.xx.94 61(
6.7) 3965(11.6) 158600( 8.1) 0 0 40
1969-12-31 19:00:00.000 0.000 any 66.xx.xx.121 33( 3.6)
116( 0.3) 9192( 0.5) 0 0 79
1969-12-31 19:00:00.000 0.000 any 66.xx.xx.122 25( 2.7)
26( 0.1) 1552( 0.1) 0 0 59
Summary: total flows: 916, total bytes: 1965113, total packets: 34066,
avg bps: 0, avg pps: 0, avg bpp: 0
Time window: 2016-07-01 00:30:00 - 2016-07-01 00:35:00
Total flows processed: 916, Blocks skipped: 0, Bytes read: 47768
Sys: 0.005s flows/second: 167244.8 Wall: 0.003s flows/second: 236753.7
[root@netflow 01]# nfdump -r nfcapd.201607010950 -o raw
Flow Record:
Flags = 0x06 FLOW, Unsampled
export sysid = 1
size = 52
first = 0 [1969-12-31 19:00:00]
last = 0 [1969-12-31 19:00:00]
msec_first = 0
msec_last = 0
src addr = 66.xx.xx.65
dst addr = 66.xx.xx.66
src port = 179
dst port = 39840
fwd status = 0
tcp flags = 0x00 ......
proto = 6 TCP
(src)tos = 0
(in)packets = 2
(in)bytes = 99
I have checked Cisco Router timestampe and its correct also we are
using exporter v9.
CIsco configuration:
flow record netflow-record
match ipv4 destination address
match ipv4 source address
match transport destination-port
match transport source-port
match ipv4 protocol
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow exporter netflow-exporter
description Netflow-Exporter
destination xx.xx.xx.xx
source TenGigabitEthernet0/0/0
transport udp 9995
!
!
flow monitor netflow-monitor
exporter netflow-exporter
cache timeout active 60
record netflow-record
!
interface TenGigabitEthernet0/3/0
description foo
ip address 66.xx.xx.66 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow monitor netflow-monitor input
!
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
