Florian, the following two information elements contain the beginning/end of the flow [ 21] %LAST_SWITCHED %flowEndSysUpTime SysUptime (msec) of the last flow pkt [ 22] %FIRST_SWITCHED %flowStartSysUpTime SysUptime (msec) of the first flow pkt
as well [130] %EXPORTER_IPV4_ADDRESS %exporterIPv4Address Exporter IPv4 Address [131] %EXPORTER_IPV6_ADDRESS %exporterIPv6Address Exporter IPv6 Address that contain the probe that originated such flow. In essence you should have all you need. The whole idea is that with JSON you get the same info you specify with -T, so no extra field can be added. Thus if you want to export specific information elements you need to add them to -T Regards Luca > On 02 Sep 2015, at 14:25, Florian Pieper <[email protected]> wrote: > > Hi all, > > I am trying to use nprobe to collect netflow packages (v5, v9 and IPFIX) > and forward them to a server in JSON format. > > This already kind of works but we really need the timestamp field as well. > > Having a look at the netflow message definition (taken from > https://www.plixer.com/support/netflow_v5.html > <https://www.plixer.com/support/netflow_v5.html>), > There is a field „unix_secs“ in the header at byte 8-11. > > Is there any way of adding all / specific header fields to the JSON body and > not only what is sent in the netflow body ? > > So something similar to that –T option to define which fields you want but to > be used in the JSON body. > > Thanks in advance, > > Florian > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
