Hi list,
I had a look of the packet trace I god and came to the conclusion, that this
must be a Cisco bug, as the elements
NF_F_FLOW_BYTES(85) and NF_F_FW_EVENT(40005) are missing in the stream.
Apart from that, there is no change or new elements. This means, that nfdump
has always
byte count of 0 ad Event-Code 'IGNORE'. Maybe somebody can file a CISCO bug
report.
Regards
- Peter
On 19/11/12 12:07 PM, Evgheni Dereveanchin wrote:
> HI all,
>
> We've upgraded one of our ASA devices to software 8.4.5 and now the netflow
> data shown by nfsen shows no byte count.
> I think now some option should be passed to the ASA explicitly to enable
> sending byte count via netflow.
>
> The config I have on the ASA is the following:
>
> flow-export destination internal 192.168.0.22 9995
> flow-export template timeout-rate 5
> flow-export delay flow-create 30
> class-map netflow_export_class
> match any
> policy-map global_policy
> class netflow_export_class
> flow-export event-type all destination 192.168.0.22
>
> it worked with ASA 8.4.4 without issues.
> We use nfdump-1.5.8-2-NSEL + nfsen-1.3.6p1 on a CentOS 6 machine.
>
> An upgrade is planned on other ASA devices and if the problem is in nfdump
> and not the ASA then we're stuck.
>
> Anyone also hit this issue? Please advise :)
>
> Best regards,
> Evgheni Dereveanchin
>
>
> ________________________________
> The information in this email is confidential and may be legally privileged.
> It is intended solely for the addressee. Any opinions expressed are mine and
> do not necessarily represent the opinions of the Company. Emails are
> susceptible to interference. If you are not the intended recipient, any
> disclosure, copying, distribution or any action taken or omitted to be taken
> in reliance on it, is strictly prohibited and may be unlawful. If you have
> received this message in error, do not open any attachments but please notify
> the EndavaIT Support Service Desk on (+44 (0)870 423 0187), and delete this
> message from your system. The sender accepts no responsibility for
> information, errors or omissions in this email, or for its use or misuse, or
> for any act committed or omitted in connection with this communication. If in
> doubt, please verify the authenticity of the contents with the sender. Please
> rely on your own virus checkers as no responsibility is taken by the sender
> for any dam
age risin
g out of any bug or virus infection.
>
> Endava Limited is a company registered in England under company number
> 5722669 whose registered office is at 125 Old Broad Street, London, EC2N 1AR,
> United Kingdom. Endava Limited is the Endava group holding company and does
> not provide any services to clients. Each of Endava Limited and its
> subsidiaries is a separate legal entity and has no liability for another such
> entity's acts or omissions. Please refer to the "Legal" section on our
> website for a list of legal entities.
>
>
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
