Werner Schram wrote:
> I suspect that it is netflow v9 related. We have a machine that runs two
> instances of nfsen 1.2.4, where one collects v5 data and the other
> collects v9 data from the same sources, and only the v5 data contains
> the interface information.
The flowd collected data are from the same v9 stream. I simply killed
nfcapd and started flowd on the same machine and listening to the same port.
>> $ flowd-reader -v flowd_200707131045 | head -2
>>
>> LOGFILE flowd_200707131045
>> FLOW tag 3 recv_time 2007-07-13T10:42:08.734652 proto 6 tcpflags 18 tos
>> 00 agent [XXX.XXX.XXX.XXX] src [XXX.XXX.XXX.XXX]:80 dst
>> [XXX.XXX.XXX.XXX]:51795 packets 18 octets 27000
>> in_if 7 out_if 8 sys_uptime_ms 6w2d7h27m26s.559 time_sec
^^^^^^^^^^^^^^^^
>> 2007-07-13T10:42:08 time_nanosec 0 netflow ver 9 flow_start
^^^^^^^^^^^^^
>> 6w2d7h27m16s.283 flow_finish 6w2d7h26m37s.159 src_
>> AS 0 src_masklen 19 dst_AS 0 dst_masklen 23
This is v9 and in_if and out_if are set. The information is in the UDP
stream.
So you experience the same problem, but it is nfcapd or nfdump related,
not NetFlow. Looks like a bug to me.
The question is now: Does nfcapd not dump it or does nfdump not show it?
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
