Hi Ralf, I suspect that it is netflow v9 related. We have a machine that runs two instances of nfsen 1.2.4, where one collects v5 data and the other collects v9 data from the same sources, and only the v5 data contains the interface information.
Ralf Kleineisel wrote: > I tried version nfdump-snapshot-20070312.tar.gz. Is there a newer > version? Mine definitely shows only zeroes: > > > $nfdump -r nfcapd.200707121600 -o 'fmt:%in %out' | sort | uniq > 0 0 > InputzusOutput > Summary: total flows: 229991, total bytes: 557.0 M, total packets: > 743515, avg bps: 10.9 M, avg pps: 1822, avg bpp: 785 > > > This what flow-tools sees (NetFlow data from the same router): > > $ flowd-reader -v flowd_200707131045 | head -2 > > LOGFILE flowd_200707131045 > FLOW tag 3 recv_time 2007-07-13T10:42:08.734652 proto 6 tcpflags 18 tos > 00 agent [XXX.XXX.XXX.XXX] src [XXX.XXX.XXX.XXX]:80 dst > [XXX.XXX.XXX.XXX]:51795 packets 18 octets 27000 > in_if 7 out_if 8 sys_uptime_ms 6w2d7h27m26s.559 time_sec > 2007-07-13T10:42:08 time_nanosec 0 netflow ver 9 flow_start > 6w2d7h27m16s.283 flow_finish 6w2d7h26m37s.159 src_ > AS 0 src_masklen 19 dst_AS 0 dst_masklen 23 > > Perhaps we have a bug/compilation problem here? I compiled on Solaris 9 > and I did apply the include order patch and the library path fix patch. > > >> have you checked that the other fields are filled ok as collected by >> nfcapd ? >> > > All other fields seem to be fine. > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Nfdump-discuss mailing list > Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
