Hi, I am currently using a netflow version 9 to record the firewall flows from a Cisco ASR1K. Does NFDUMP support version 9 templates cause I'm not seeing the data in the flows that I require?
Snippet of the firewall netflow template ID's below. FW_SRC_INTF_ID 10 2 Ingress SNMP IF Index FW_DST_INTF_ID 14 2 Egress SNMP IF Index FW_SRC_VRF_ID 234 4 Ingress (Initiator) Virtual Routing/Forwarding Identifier (vrf id) FW_DST_VRF_ID 235 4 Egress (Responder) Virtual Routing/Forwarding Identifier (vrf id) FW_VRF_NAME 236 32 VRF Name FW_XLATE_SRC_ADDR_IPV4 225 4 Mapped Source IPv4 Address FW_XLATE_DST_ADDR_IPV4 226 4 Mapped Destination IPv4 Address FW_XLATE_SRC_PORT 227 2 Mapped Source Port FW_XLATE_DST_PORT 228 2 Mapped Destination Port FW_EVENT 233 1 High level event code 0 - Ignore (invalid) 1 - Flow Created 2 - Flow Deleted 3 - Flow Denied 4 - Flow Alert (Need to add to standard) FW_EXT_EVENT 35001 2 Extended Event code. These values provided additional information about the event (TBD on values - value descriptions may be sent as options records.) Enterprise private FW_EVENT_TIME_MSEC 323 8 Time event occurred in milliseconds since 0000 UTC Jan 1st 1970 (use 324 if micro or 325 if nano) Riza Kamalie Core Data Networks Vodacom SA Email: [email protected]<mailto:[email protected]> Phone: 021 940 9295 Mobile: 082 998 3360 Fax: 021 940 9102 [cid:[email protected]] This e-mail is classified C2 - Vodacom Restricted. The information is for use internally in Vodacom, and may also be shared with authorised third-parties “This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.co.za/legal/email.jsp "
<<inline: image001.png>>
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
