FYI
I have finally got VMware looking at this for me. I'll reply to the list when
I get more information. I am providing them with the logs of my vDS.
Cheers,
David
On 07/05/2013, at 10:44 AM, David Walsh <da...@onthenet.com.au> wrote:
> Hi,
> I have some vSphere 5.1 VDS's sending IPFIX net flow to our nfsen server.
> (nfsen v 1.3.5)
>
> I am running nfdump Version: 1.6.9 with the IPFIX patch posted on this list
> on the 13/4/2013 by Peter.
>
> I am receiving the net flow data and below is the output in raw form after I
> applied the patch. You will notice that "first" and "last" are set on
> 1970-01-01 10:00:00. There is an up to date time in the last variable of the
> packet in "received at".
>
> NFsen can read the data and it is correct (I compare it to data we pull via
> snmp) however NFsen /ndump are formatting the data with timestamps of
> 1970-01-01 10:00:00 instead of the actual time.
>
> I notice this has been raised on various sites but I have not seen a fix. I
> don't mind testing some patches if they become available to fix up this
> timestamp issue.
>
>
>
> # nfdump -M /opt/data/nfsen/profiles-data/live/netflow-vds-vsh -R
> 2013/05/03/nfcapd.201305031040 -c 100 -o raw
>
>
> Flow Record:
> Flags = 0x06 FLOW, Unsampled
> export sysid = 2
> size = 72
> first = 0 [1970-01-01 10:00:00]
> last = 0 [1970-01-01 10:00:00]
> msec_first = 0
> msec_last = 0
> src addr = 110.175.94.222
> dst addr = 192.168.64.6
> src port = 58464
> dst port = 443
> fwd status = 157
> tcp flags = 0x00 ......
> proto = 6
> (src)tos = 0
> (in)packets = 9
> (in)bytes = 1500
> input = 1678
> output = 1799
> ip router = 10.1.4.39
> received at = 1367541600163 [2013-05-03 10:40:00.163]
>
>
> Flow Record:
> Flags = 0x06 FLOW, Unsampled
> export sysid = 2
> size = 72
> first = 0 [1970-01-01 10:00:00]
> last = 0 [1970-01-01 10:00:00]
> msec_first = 0
> msec_last = 0
> src addr = 101.163.67.76
> dst addr = 192.168.64.6
> src port = 2735
> dst port = 443
> fwd status = 255
> tcp flags = 0x00 ......
> proto = 6
> (src)tos = 0
> (in)packets = 1
> (in)bytes = 40
> input = 1678
> output = 1799
> ip router = 10.1.4.39
> received at = 1367541600163 [2013-05-03 10:40:00.163]
>
> Kind Regards,
> David
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
