Hi, add -T all or select only the extensions you want to store. It's documented in nfcapd man page.
M. On 10/12/2016 12:19 PM, Octavio Alfageme wrote: > Great, Gaspard!!! That's what I'm looking for. Thanks a lot for your help. > > I launch it this way. > > nfcapd -w -D -l /netflow/spool/allflows -p 9996 > > If you see my output I don't get the "create" and "delete" events > either, so there's something I'm doing wrong. > > Thanks a lot for your help > > Kind regards > > Octavio > > On Wed, Oct 12, 2016 at 11:57 AM, Gaspard Laurent <[email protected]> wrote: >> Hello Octavio, >> >> Thanks to the great set of tools provided by NFDump, I am succesfuly logging >> ASR 1000 NEL records with nfcapd 1.6.13, see attached. >> >> Which arguments do you use to launch your nfcapd daemon? >> >> Best >> Gaspard >> >> On 12 October 2016 at 05:56, Octavio Alfageme <[email protected]> >> wrote: >>> >>> Sorry, by mistake, I sent the previous message as html. >>> >>> Thanks a lot, Peter. Unfortunately, I think that's not the case. Here you >>> have an snapshot of a packet capture at the collector. As you can see there >>> is a 'Timestamp' Jun 30, 2016 13:16:43.000000000 CEST. It's as nfdump had >>> problems storing that information. >>> >>> Thank you >>> >>> Octavio >>> >>> On Wed, Oct 12, 2016 at 9:16 AM, Peter Haag <[email protected]> >>> wrote: >>>> >>>> So it seems your device does not export any timestamps at all. >>>> >>>> 1970-01-01 means timestamp '0' >>>> >>>> - Peter >>>> >>>> On 12/10/16 09:09, Octavio Alfageme wrote: >>>>> Dear all, >>>>> >>>>> I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based >>>>> CGNAT logs from a Cisco ASR1000. My linux machine running as a >>>>> virtual-machine on vmware is properly synchronized by NTP. The ASR1000 is >>>>> synchronized to the same reference and the >>>>> sent Netflowv9 records have the right timestamps. I properly collect >>>>> the Netflowv9 traffic coming from the router, but ,when I review the >>>>> records, the date first seen and the duration are all "0s" and don't >>>>> represent the timestamp of the received >>>>> Netflowv9 based CGNAT records. >>>>> >>>>> [root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240 >>>>> Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port >>>>> Packets Bytes Flows >>>>> 1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651 >>>>> <http://100.64.32.46:62651/> -> 17.146.1.72:443 <http://17.146.1.72:443/> >>>>> 0 >>>>> 0 1 >>>>> 1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702 >>>>> <http://100.64.48.86:36702/> -> 172.31.205.3:123 >>>>> <http://172.31.205.3:123/> >>>>> 0 0 1 >>>>> 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848 >>>>> <http://172.30.41.5:62848/> -> 4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1 >>>>> 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216 >>>>> <http://172.30.41.4:58216/> -> 8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1 >>>>> >>>>> I would be grateful if anyone could give me a hint about what is >>>>> happening. >>>>> >>>>> Thanks in advance >>>>> >>>>> Kind regards >>>>> >>>>> Octavio >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Check out the vibrant tech community on one of the world's most >>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Nfdump-discuss mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss >>>>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Nfdump-discuss mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss >>> >> > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Nfdump-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss >
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
