Luca or others,
I am currently using nprobe to capture v9 NetFlows from a cisco 6509 and then
write the flows into a MySQL database table. Nprobe receives the flows, creates
the table, and it does actually populate the DB with some data but for some
reason the FIRST_SWITCHED and LAST_SWITCHED timestamps do not update which, of
course, is not good for reporting. :)
I found this mailing list post on the same thing happening with fastbit
exports: http://www.gossamer-threads.com/lists/ntop/misc/27203 and the bug in
bugzilla: https://www.ntop.org/bugzilla3/show_bug.cgi?id=127
Is there any patch or workaround that you would recommend for this?
OS: Linux netflow 2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64
x86_64 x86_64 GNU/Linux (CentOS release 5.4 (Final))
nProbe version: nprobe_6.5.0_052611_pro
Command line parameters: nprobe -n none --collector-port 9996 -b 1 -V 9
--mysql=10.83.3.6:netflow:raw:foo:bar
A brief dump of the data in mysql:
NOTE: All 560k+ entires have the same timestamps
mysql> explain rawflows;
+----------------+----------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra
|
+----------------+----------------------+------+-----+---------+----------------+
| idx | int(11) | NO | PRI | NULL | auto_increment
|
| IPV4_SRC_ADDR | int(20) unsigned | NO | MUL | 0 |
|
| IPV4_DST_ADDR | int(20) unsigned | NO | MUL | 0 |
|
| IPV4_NEXT_HOP | int(20) unsigned | NO | | 0 |
|
| INPUT_SNMP | smallint(6) unsigned | NO | | 0 |
|
| OUTPUT_SNMP | smallint(6) unsigned | NO | | 0 |
|
| IN_PKTS | int(20) unsigned | NO | | 0 |
|
| IN_BYTES | int(20) unsigned | NO | | 0 |
|
| FIRST_SWITCHED | int(20) unsigned | NO | MUL | 0 |
|
| LAST_SWITCHED | int(20) unsigned | NO | MUL | 0 |
|
| L4_SRC_PORT | smallint(6) unsigned | NO | MUL | 0 |
|
| L4_DST_PORT | smallint(6) unsigned | NO | MUL | 0 |
|
| TCP_FLAGS | tinyint(4) unsigned | NO | | 0 |
|
| PROTOCOL | tinyint(4) unsigned | NO | | 0 |
|
| SRC_TOS | tinyint(4) unsigned | NO | | 0 |
|
| SRC_AS | int(20) unsigned | NO | | 0 |
|
| DST_AS | int(20) unsigned | NO | | 0 |
|
| IPV4_SRC_MASK | tinyint(4) unsigned | NO | | 0 |
|
| IPV4_DST_MASK | tinyint(4) unsigned | NO | | 0 |
|
| IPV6_SRC_ADDR | varchar(32) | NO | | |
|
| IPV6_DST_ADDR | varchar(32) | NO | | |
|
| IPV6_NEXT_HOP | varchar(32) | NO | | |
|
| IPV6_SRC_MASK | tinyint(4) unsigned | NO | | 0 |
|
| IPV6_DST_MASK | tinyint(4) unsigned | NO | | 0 |
|
+----------------+----------------------+------+-----+---------+----------------+
24 rows in set (0.03 sec)
mysql> select count(*) from rawflows;
+----------+
| count(*) |
+----------+
| 569508 |
+----------+
1 row in set (0.02 sec)
mysql> select distinct first_switched, last_switched from rawflows;
+----------------+---------------+
| first_switched | last_switched |
+----------------+---------------+
| 1318360154 | 1318360154 |
+----------------+---------------+
1 row in set (0.61 sec)
Thanks!,
-Ezra
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
