-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This looks like a CISCO ASA.
Please note: Although nfdump supports netflow v9, it does not yet support ASA
templates.
ASA templates are *VERY* different from standard v9 netflow data.
- Peter
On 4/20/10 15:01, Riza Kamalie wrote:
> Hi,
>
> I am currently using a netflow version 9 to record the firewall flows from a
> Cisco ASR1K.
> Does NFDUMP support version 9 templates cause I'm not seeing the data in the
> flows that I require?
>
> Snippet of the firewall netflow template ID's below.
>
>
> FW_SRC_INTF_ID
>
> 10
>
> 2
>
> Ingress SNMP IF Index
>
> FW_DST_INTF_ID
>
> 14
>
> 2
>
> Egress SNMP IF Index
>
> FW_SRC_VRF_ID
>
> 234
>
> 4
>
> Ingress (Initiator) Virtual Routing/Forwarding Identifier
> (vrf id)
>
> FW_DST_VRF_ID
>
> 235
>
> 4
>
> Egress (Responder) Virtual Routing/Forwarding Identifier
> (vrf id)
>
> FW_VRF_NAME
>
> 236
>
> 32
>
> VRF Name
>
> FW_XLATE_SRC_ADDR_IPV4
>
> 225
>
> 4
>
> Mapped Source IPv4 Address
>
> FW_XLATE_DST_ADDR_IPV4
>
> 226
>
> 4
>
> Mapped Destination IPv4 Address
>
> FW_XLATE_SRC_PORT
>
> 227
>
> 2
>
> Mapped Source Port
>
> FW_XLATE_DST_PORT
>
> 228
>
> 2
>
> Mapped Destination Port
>
> FW_EVENT
>
> 233
>
> 1
>
> High level event code
> 0 - Ignore (invalid)
> 1 - Flow Created
> 2 - Flow Deleted
> 3 - Flow Denied
> 4 - Flow Alert (Need to add to standard)
>
> FW_EXT_EVENT
>
> 35001
>
> 2
>
> Extended Event code. These values provided additional information about the
> event (TBD on values - value descriptions may be sent as options records.)
> Enterprise private
>
> FW_EVENT_TIME_MSEC
>
> 323
>
> 8
>
> Time event occurred in milliseconds since 0000 UTC Jan 1st 1970
> (use 324 if micro or 325 if nano)
>
>
>
>
> Riza Kamalie
>
> Core Data Networks
> Vodacom SA
> Email: [email protected]<mailto:[email protected]>
> Phone: 021 940 9295
> Mobile: 082 998 3360
> Fax: 021 940 9102
>
> [cid:[email protected]]
>
> This e-mail is classified C2 - Vodacom Restricted. The information is for use
> internally in Vodacom, and may also be shared with authorised third-parties
>
>
>
>
> ?This e-mail is sent on the Terms and Conditions that can be accessed by
> Clicking on this link http://www.vodacom.co.za/legal/email.jsp "
>
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [email protected] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBS820If5AbZRALNr/AQJe8AP+Ovl6KvNzS+tMxTR0Sv/tlDokpS0WFn4A
20d0613z+z3LR4cFcsZXzlyLKvb3OnhOswaKhgpL0XVSvWLzBCppwPkwmTQhBJjC
tbpWnYqnfy0YQbat9VnzbLHsBuIOuLDbjYaZSVgdlrezoqHGwTr9GRUaIHb9zLig
XK2oyV2yBh4=
=uIYe
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
