Hi Andrei,
CGSE thingie does not export all the values we might like it too, check the
events and templates with associated fields here. I myself am planning for
production use with bulk port allocation feature and am ok with using
"received at" field for time data.
http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-3/cg_nat/configuration/guide/cgnat_cg43crs/cgnat51log.html
On Wed, Mar 25, 2015 at 12:14 PM, Андрей Седлецкий <asedlet...@spdop.ru>
wrote:
> Hi all!
>
> We have an issue with the Cisco CRS's CGSE+ module. The module is used
> to do NAT (PAT) and the export of netflow is configured on it.
> I try to use nfdump (now it is nfdump-1.6.13) as a netflow collector but
> experience problems wih some fields:
>
> /usr/local/nfdump-1.6.13/bin/nfdump -r nfcapd.201503250700 -o "fmt:%ts
> %te %sap-->%nsa:%nsp >> %nda:%ndp-->%dap %pr %nevt %ivrf %evrf" | less
> Date first seen Date last seen Src IP
> Addr:Port X-late Src IP XsPort X-late Dst IP XdPort
> Dst IP Addr:Port Proto Event I-VRF-ID E-VRF-ID
> 1970-01-01 03:00:00.000 1970-01-01 03:00:00.000
> 10.114.136.169:49958--> 37.190.63.117: 55550 >> 0.0.0.0: 0-->
> 37.58.73.181:80 TCP IGNORE 1610612766 1610612754
> 1970-01-01 03:00:00.48984 1970-01-01 03:00:00.000
> 10.114.136.169:37764--> 37.190.63.117: 22597 >> 0.0.0.0: 0-->
> 37.58.73.181:80 TCP IGNORE 1610612766 1610612754
> 1970-01-01 03:00:00.25651 1970-01-01 03:00:00.000
> 10.114.228.152:30947--> 37.190.63.114: 62311 >> 0.0.0.0: 0-->
> 62.112.113.170:53 UDP IGNORE 1610612766 1610612754,
>
> Mostly it concernes such fields as "Date first seen", "Date last seen"
> etc, while X-late fields as well as "source/destination" fields are
> seems to be correct.
> What I would like to know is if nfdump can support netflow streams from
> CGSE+ card installed in Cisco CRS chassis ?
> If so, are there any special ./configure options? The current one was
> compiled with "$ ./configure --prefix=/usr/local/nfdump-1.6.13
> --enable-nsel --enable-nel" options.
>
> I have also contacted Cisco Technical Support about the problem. They
> answered the ASR9k/CRS routers inform (periodically) the netflow
> collector about the format of data transmitted and then send the data in
> accordence to it.
> Hence they advised to find out if nfdump supports Dynamic Templates.
>
> Thank you in advance.
> Best regards,
> Andrey
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
