Re: [Nfdump-discuss] NFDUMP-1.6.4 and ASA problem NSEL

Peter Haag Mon, 03 Oct 2011 03:39:47 -0700

Hi Adam,
For CISCO ASA please use nfdump-1.5.8-NSEL. AT some point, it will get 
integrated into 1.6, however the 1.6 features
apply mostly to v9 and FNF which is not an issue for NSEL AA, as this is 
different anyway. For NfSen


NfSen work up to 1.3.2. If you use any newer version apply this patch:

@@ -311,7 +288,7 @@
                my $channellist  = join ':', keys %{$profileinfo{'channel'}};
                my $subdirlayout = $NfConf::SUBDIRLAYOUT ? "-S 
$NfConf::SUBDIRLAYOUT" : "";
                my $arg = "-I -t $timeslot -p $NfConf::PROFILEDATADIR -P 
$NfConf::PROFILESTATDIR $subdirlayout
$NfConf::ZIPprofiles";
-               my $flist = "-L $NfConf::syslog_facility -M 
$NfConf::PROFILEDATADIR/live/$channellist -r nfcapd.$t_iso";
+               my $flist = "-M $NfConf::PROFILEDATADIR/live/$channellist -r 
nfcapd.$t_iso";

It backports/removes some newer options of nfprofile. The rest should pretty 
much work. I will address this in NfSen 1.3.6

        - Peter

On 9/9/11 9:27, Adam Gill wrote:
> Hi,
> 
> I have a problem with version nfdump-1.6.4.
> Its not support my ASA.
> nfdump get wrong time stamp and all packets are the same size 2.6M.
> 
> When i used version nfsdump-1.5.8-NSEL all data (time stamp, packets) are 
> correct, but problem is with nfsen.
> nfsen does not work profile (ERR Error reading channel stat information. 
> Missing key 'first') and do not work alerts and bi-directional.
> 
> Is possible to implement all patches NSEL version 1.5.8 to 1.6.4 ?
> 
> Thanks!
> 
> Adam
> 
> ------------------------------------------------------------------------------
> Why Cloud-Based Security and Archiving Make Sense
> Osterman Research conducted this study that outlines how and why cloud
> computing security and archiving is rapidly being adopted across the IT 
> space for its ease of implementation, lower cost, and increased 
> reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Re: [Nfdump-discuss] NFDUMP-1.6.4 and ASA problem NSEL

Reply via email to