Re: [Nfdump-discuss] Fwd: nfdump not showing the right timestamps

Wed, 12 Oct 2016 00:18:07 -0700 

So it seems your device does not export any timestamps at all.

1970-01-01 means timestamp '0'

        - Peter

On 12/10/16 09:09, Octavio Alfageme wrote:
> Dear all,
> 
> I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based CGNAT 
> logs from a Cisco ASR1000. My linux machine running as a virtual-machine on 
> vmware is properly synchronized by NTP. The ASR1000 is synchronized to the 
> same reference and the
> sent Netflowv9 records have the right timestamps. I properly collect the 
> Netflowv9 traffic coming from the router, but ,when I review the records, the 
> date first seen and the duration are all "0s" and don't represent the 
> timestamp of the received
> Netflowv9 based CGNAT records.
> 
> [root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240
> Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets 
> Bytes Flows
> 1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651 
> <http://100.64.32.46:62651/> -> 17.146.1.72:443 <http://17.146.1.72:443/> 0 0 
> 1
> 1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702 
> <http://100.64.48.86:36702/> -> 172.31.205.3:123 <http://172.31.205.3:123/> 0 
> 0 1
> 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848 
> <http://172.30.41.5:62848/> -> 4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1
> 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216 
> <http://172.30.41.4:58216/> -> 8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1
> 
> I would be grateful if anyone could give me a hint about what is happening.
> 
> Thanks in advance
> 
> Kind regards
> 
> Octavio
> 
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most 
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> 
> 
> 
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to