Hello all. Wondering if anyone has had success capturing netflow off an ASA. I am running a 5510 with version 8.3.2. I see the same results others have reported. Specifically, I get flows and can graph the number of flows with nfsen. The time and date are way off in the flow data, but are correct on both the sending ASA and the receiving host.
I have tried the nfdump 1.5.7 with patches previously mentioned and seem to get the same results as with other versions. The dump data seems to have valid port and protocol information. Here is an example taken 2010-10-07 Flow Record: Flags = 0x00000000 size = 44 mark = 0 srcaddr = 192.168.201.64 dstaddr = 192.168.101.22 first = 1284249453 [2010-09-11 18:57:33] last = 1284249453 [2010-09-11 18:57:33] msec_first = 504 msec_last = 504 dir = 0 tcp_flags = 0x 0 ...... prot = 17 tos = 0 input = 13 output = 11 srcas = 0 dstas = 0 srcport = 32808 dstport = 53 dPkts = 0 dOctets = 44 Summary: total flows: 2664, total bytes: 117172, total packets: 0, avg bps: 943034, avg pps: 0, avg bpp: 0 Time window: 2010-09-11 18:57:33 - 2010-09-11 18:57:34 Total flows processed: 2664, Records skipped: 0, Bytes read: 117228 Sys: 0.057s flows/second: 45938.2 Wall: 1.540s flows/second: 1729.5 The ASA is dumping flows every 5 minutes so the time window, besides being in the past, is too short. Any feedback greatly appreciated. -jim ------------------------------------------------------------------------------ Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scalable, end-to-end client virtualization framework. Read more! http://p.sf.net/sfu/dell-eql-dev2dev _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
