Em 28-02-2014 17:16, LEVAI Daniel escreveu: > Hi! > > Under the spell of the recent undeadly article about pflow(4) and stuff, > I started to fool around with nfsen and pflow a bit. > The setup was really easy... I had the nfsen web interface up and > running and displaying uninteresting graphs in no time. (I must say, > the system is a 5.4-stable). > > But eventually, I wanted to see what kind of reports I can get from the > collected data using the command line. So I started to read about nfdump > and flow-tools' utilities. > > 1) Using nfdump seems pretty straightforward, but no matter how I try to > shape my output, I always get '1970-01-01 01:00:00.000' as "Date first > seen" time. Also, "Duration" is always 0.000 ... Any ideas why? > > 2) I tried to use the flow-tools utilities with the data captured by > nfcapd (from nfsen), but eg. flow-print and flow-report says: > flow-print: ftiheader_read(): Warning, bad magic number > flow-print: ftiheader_read(): failed > flow-print: ftio_init(): failed > ... when I try to open the nfcapd.* files. > Well, okay, but how can I use the captured data with flow-tools? Can I? > > > Thanks in advance for some insight :) > > > Daniel > First of all, what flowproto do you have set in your pflow interface. I had the same problem with the first time seem date, and I was using flowproto 10. There had been some recent (as in 5.5) commits that seems to correct this issue. I had to switch back to flowproto 5. Try that and see if it helps.
-- Giancarlo Razzolini GPG: 4096R/77B981BC
