Hello everyone. I recommend to:
1. wireshark the packet to know if there is any date or not. 2. Stop the collector, stop the sender (ASR). Then start the collector and after that start the netflow exporting. 12.10.2016 10:16, Peter Haag пишет:
So it seems your device does not export any timestamps at all. 1970-01-01 means timestamp '0' - Peter On 12/10/16 09:09, Octavio Alfageme wrote:Dear all, I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based CGNAT logs from a Cisco ASR1000. My linux machine running as a virtual-machine on vmware is properly synchronized by NTP. The ASR1000 is synchronized to the same reference and the sent Netflowv9 records have the right timestamps. I properly collect the Netflowv9 traffic coming from the router, but ,when I review the records, the date first seen and the duration are all "0s" and don't represent the timestamp of the received Netflowv9 based CGNAT records. [root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240 Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651 <http://100.64.32.46:62651/> -> 17.146.1.72:443 <http://17.146.1.72:443/> 0 0 1 1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702 <http://100.64.48.86:36702/> -> 172.31.205.3:123 <http://172.31.205.3:123/> 0 0 1 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848 <http://172.30.41.5:62848/> -> 4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216 <http://172.30.41.4:58216/> -> 8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1 I would be grateful if anyone could give me a hint about what is happening. Thanks in advance Kind regards Octavio ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
