Dear all,

I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based CGNAT
logs from a Cisco ASR1000. My linux machine running as a virtual-machine on
vmware is properly synchronized by NTP. The ASR1000 is synchronized to the
same reference and the sent Netflowv9 records have the right timestamps. I
properly collect the Netflowv9 traffic coming from the router, but ,when I
review the records, the date first seen and the duration are all "0s" and
don't represent the timestamp of the received Netflowv9 based CGNAT records.

[root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets
Bytes Flows
1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651 -> 17.146.1.72:443 0 0
1
1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702 -> 172.31.205.3:123 0
0 1
1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848 -> 4.2.2.3:53 0 0 1
1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216 -> 8.8.4.4:53 0 0 1

I would be grateful if anyone could give me a hint about what is happening.

Thanks in advance

Kind regards

Octavio
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to