Hi list,
I had a look of the packet trace I god and came to the conclusion, that this
must be a Cisco bug, as the elements
NF_F_FLOW_BYTES(85) and NF_F_FW_EVENT(40005) are missing in the stream.
Apart from that, there is no change or new elements. This means, that nfdump
has always
byte count of 0 ad Event-Code 'IGNORE'. Maybe somebody can file a CISCO bug
report.
Regards
- Peter
On 20/11/12 8:59 AM, Peter Haag wrote:
>
> I got a packet trace from a 8.4.5 device, but had not yet have time to look
> into - sorry.
> I'll do it as soon as I can.
>
> - Peter
>
> On 11/19/12 12:07, Evgheni Dereveanchin wrote:
>> HI all,
>>
>>
>>
>> We’ve upgraded one of our ASA devices to software 8.4.5 and now the netflow
>> data shown by nfsen shows no byte count.
>>
>> I think now some option should be passed to the ASA explicitly to enable
>> sending byte count via netflow.
>>
>>
>>
>> The config I have on the ASA is the following:
>>
>>
>>
>> flow-export destination internal 192.168.0.22 9995
>>
>> flow-export template timeout-rate 5
>>
>> flow-export delay flow-create 30
>>
>> class-map netflow_export_class
>>
>> match any
>>
>> policy-map global_policy
>>
>> class netflow_export_class
>>
>> flow-export event-type all destination 192.168.0.22
>>
>>
>>
>> it worked with ASA 8.4.4 without issues.
>>
>> We use nfdump-1.5.8-2-NSEL + nfsen-1.3.6p1 on a CentOS 6 machine.
>>
>>
>>
>> An upgrade is planned on other ASA devices and if the problem is in nfdump
>> and not the ASA then we’re stuck.
>>
>>
>>
>> Anyone also hit this issue? Please advise J
>>
>>
>>
>> Best regards,
>>
>> Evgheni Dereveanchin
>>
>>
>>
>>
>> ------------------------------------------------------------------------------------------------------------------------
>> The information in this email is confidential and may be legally privileged.
>> It is intended solely for the addressee.
>> Any opinions expressed are mine and do not necessarily represent the
>> opinions of the Company. Emails are susceptible to
>> interference. If you are not the intended recipient, any disclosure,
>> copying, distribution or any action taken or
>> omitted to be taken in reliance on it, is strictly prohibited and may be
>> unlawful. If you have received this message in
>> error, do not open any attachments but please notify the EndavaIT Support
>> Service Desk on (+44 (0)870 423 0187), and
>> delete this message from your system. The sender accepts no responsibility
>> for information, errors or omissions in this
>> email, or for its use or misuse, or for any act committed or omitted in
>> connection with this communication. If in doubt,
>> please verify the authenticity of the contents with the sender. Please rely
>> on your own virus checkers as no
>> responsibility is taken by the sender for any damage rising out of any bug
>> or virus infection.
>>
>> Endava Limited is a company registered in England under company number
>> 5722669 whose registered office is at 125 Old
>> Broad Street, London, EC2N 1AR, United Kingdom. Endava Limited is the Endava
>> group holding company and does not provide
>> any services to clients. Each of Endava Limited and its subsidiaries is a
>> separate legal entity and has no liability for
>> another such entity's acts or omissions. Please refer to the “Legal” section
>> on our website for a list of legal entities.
>>
>>
>> ------------------------------------------------------------------------------
>> Monitor your physical, virtual and cloud infrastructure from a single
>> web console. Get in-depth insight into apps, servers, databases, vmware,
>> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
>> Pricing starts from $795 for 25 servers or applications!
>> http://p.sf.net/sfu/zoho_dev2dev_nov
>>
>>
>>
>> _______________________________________________
>> Nfdump-discuss mailing list
>> nfdump-disc...@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>>
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
