On 28 Jul 2015, at 19:58, Brian Epstein <bepst...@ias.edu> wrote: > Thank you so much for getting back to me. We are using the EPEL6 > package for nfdump. It's spec file has the following flags for configur > e. > > %configure \ > --enable-nel \ > --enable-nsel \ > --enable-nfprofile \ > --enable-nftrack \ > --enable-sflow \ > --enable-readpcap \ > --enable-nfpcapd > > I did replace the nfdump-1.6.11.tar.gz file with the > nfdump-1.6.13.tar.gz tarball and updated the spec to use it instead in > the hopes that 1.6.13 fixed something broken in 1.6.11, but have the > same results in both.
It's not broken -- those fields just aren't used for regular traffic - only NSEL ones (such as that for an ASA). I think nfdump is just displaying 'INVALID' and 'Ignore' because there is no data in those fields for those flows. This is to be expected and not a problem. I'm not sure why nfdump doesn't display something less confusing, such as a '-' (same goes for the X-Src and X-Dst fields). Peter will know why that is. - Bob -- Bob Franklin rc...@cam.ac.uk / +44 1223 748479 Networks, University Information Services, University of Cambridge ------------------------------------------------------------------------------ _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
