Re: [Nfdump-discuss] problems with nfcapd and openbsd's pflow interface for netflow > 5

Fri, 19 Apr 2013 09:56:51 -0700 

Which version of nfdump are you using?  1.6.9 should work find with IPFIX.
Otherwise I need to check.

        - Peter


On 4/18/13 W16 15:12, Tor Houghton wrote:
> Hi,
> 
> I'm capturing flows on an OpenBSD 5.2 system using the pflow interface. When
> I export data using version 5, nfcapd behaves as expected.
> 
> However, if I export the flows as version 9, or IPFIX, nfcapd has a problem
> with the "first" and "last" fields of the flow record:
> 
> Flow Record: 
>   Flags        =              0x06 FLOW, Unsampled
>   export sysid =                 1
>   size         =               564
>   first        =                 0 [1970-01-01 01:00:00]
>   last         =                 0 [1970-01-01 01:00:00]
>   msec_first   =                 0
>   msec_last    =                 0
> ..
> ..
> ..
>   (src)tos     =                 0
>   (in)packets  =                 6
>   (in)bytes    =               598
>   ip router    =      192.168.16.1
>   received at  =     1366290086402 [2013-04-18 15:01:26.402]
> 
> Wireshark has no trouble decoding the packet. Has anyone else experienced
> this? 
> 
> Tor
> 
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to