Actually, this is what you are looking for:
ip flow-cache timeout active 1
Breaks up long-lived flows into 1-minute fragments. You can choose any
number of minutes between 1 and 60. If you leave it at the default of 30
minutes your traffic reports will have spikes.
It is important to set this value to *1 minute* in order to generate
alerts<http://www.manageengine.com/products/netflow/help/admin-operations/alert-profiles.html>and
view troubleshooting
data<http://www.manageengine.com/products/netflow/help/getting-started/netflow-interface-view.html>
.
So, set it to 5 minutes, and leave the inactive timeout to 15 (seconds).
On Tue, May 15, 2012 at 6:18 PM, djwil mer <djwilmer...@gmail.com> wrote:
> So I will need to change the following value from 15 to 300?
>
> from
>
> ip flow-cache timeout inactive 15
>
> to
>
> ip flow-cache timeout inactive 300
>
> Thanks.
> On Tue, May 15, 2012 at 1:31 AM, Adrian Popa <adrian.popa...@gmail.com>wrote:
>
>> Flows that started on 2012-03-25 had just finished and were exported to
>> nfsen inside the time window you selected. To have a better view of your
>> data, and in near real time, you should set flow expire timers on your
>> routers to 300s. This will force a flow to be expired even if the data
>> transfer hasn't finished, and you will get the records sooner in nfsen.
>>
>> On Tue, May 15, 2012 at 12:33 AM, djwil mer <djwilmer...@gmail.com>wrote:
>>
>>> Today I created a time window request from 7:00 to 7:10 but for some
>>> reason there are entries from 3/25/2012 as the start date. Why is this
>>> happening? Is this some type of bug?
>>>
>>> Thanks.
>>>
>>>
>>> ** nfdump -M /var/nfsen/profiles-data/test/test1:test2:test2:test1 -T
>>> -R 2012/05/14/nfcapd.201205140700:2012/05/14/nfcapd.201205140710 -n 10 -s
>>> record/flows
>>> nfdump filter:
>>> ip 10.10.30.3
>>> Aggregated flows 368
>>> Top 10 flows ordered by flows:
>>> Date flow start Duration Proto Src IP Addr:Port
>>> Dst IP Addr:Port Packets Bytes Flows
>>> 2012-05-14 06:59:33.262 865.084 TCP 10.10.25.163:3322 ->
>>> 10.10.30.3:44574 57 4707 11
>>> 2012-05-14 06:59:33.325 865.149 TCP 10.10.30.3:44574 ->
>>> 10.10.25.163:3322 57 4872 11
>>> 2012-05-14 07:00:00.010 781.825 TCP 10.10.30.3:58997 ->
>>> 10.10.78.151:3750 4473 1.2 M 11
>>> 2012-03-25 13:58:27.496 4295747.373 TCP 10.10.78.59:3714 ->
>>> 10.10.30.3:49502 45 4140 10
>>> 2012-03-25 13:57:12.743 4295749.100 TCP 10.10.78.151:3750 ->
>>> 10.10.30.3:58997 2632 852472 10
>>> 2012-05-14 06:59:44.719 870.268 TCP 10.10.30.3:49502 ->
>>> 10.10.78.59:3714 59 5054 10
>>> 2012-03-25 13:57:12.935 4295749.102 TCP 10.10.71.54:3778
>>> -> 10.10.30.3:64588 30 2375 7
>>> 2012-05-14 07:00:00.203 781.889 TCP 10.10.30.3:64588 ->
>>> 10.10.71.54:3778 30 2425 7
>>> 2012-05-14 07:09:01.641 0.000 TCP 10.10.25.170:3322 ->
>>> 10.10.30.3:47887 1 46 1
>>> 2012-05-14 07:13:53.545 0.000 TCP 10.10.25.170:3322 ->
>>> 10.10.30.3:55910 1 46 1
>>> Summary: total flows: 437, total bytes: 2.1 M, total packets: 7745, avg
>>> bps: 3, avg pps: 0, avg bpp: 272
>>> Time window: 2012-03-25 13:57:12 - 2012-05-14 07:14:14
>>> Total flows processed: 437, Blocks skipped: 0, Bytes read: 23252
>>> Sys: 0.004s flows/second: 109250.0 Wall: 0.002s flows/second: 211724.8
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Nfsen-discuss mailing list
>>> Nfsen-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>
>>>
>>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
