Hi Dave et. al.
I'd happily look into this, if I can get a raw flow packet dump in
order to analyse this. I would need a tcpdump packet dump of the
traffic, what the collector gets, recorded for a reasonable time
so packet/template/sampling data gets included. Those of you, who
can provide me this dump, please send it to me off list.
tcpdump -n -i <ethX> -s 1600 -w /tmp/packets.raw 'udp and port XXXX'
with ethX whatever interface you collect the data and XXXX the port, the
collector is listening.
Thanks
- Peter
On 10/1/12 18:45, Dave hartzell wrote:
> Jakub-
>
> I too have noticed this, with Netflow v9 export from the CRS. But I
> don't think it is platform specific....
>
> I collect at 1:1500 on the CRS. When I force nfcapd to ignore the
> sample rate exported by the router (using the -S 1 switch) the sampled
> values are correct, as output by nfdump. I then later apply the math
> (x 1500) and get the correct values in the post-processed data.
>
> We're not the first to notice this, and it would be really nice if we
> could track this down and fix it.
>
> See:
> http://sourceforge.net/tracker/?func=detail&atid=683752&aid=3427615&group_id=119350
>
> for a similar issue, I commented on this bug at the bottom of the thread.
>
> Dave
>
>
> On Mon, Oct 1, 2012 at 6:14 AM, Jakub Słociński <[email protected]> wrote:
>
>>
>> So, in summary:
>> a) data seems to be gathered in a proper way
>> b) summary counters from nfcapd works well (those put into syslog each
>> rotation)
>> c) all other displayed data have crappy bytes/pkts couters.
>>
>> How can I check if data is stored properly and this is only presentation
>> layer bug? Data counters are 64bit long.
>> BTW. setup_translation_table fills proper elements (NF9_IN_BYTES).
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
--
Be nice to your netflow data
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
