Hello everyone.

I recommend to:

1. wireshark the packet to know if there is any date or not.
2. Stop the collector, stop the sender (ASR). Then start the collector
   and after that start the netflow exporting.


12.10.2016 10:16, Peter Haag пишет:
So it seems your device does not export any timestamps at all.

1970-01-01 means timestamp '0'

        - Peter

On 12/10/16 09:09, Octavio Alfageme wrote:
Dear all,

I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based CGNAT 
logs from a Cisco ASR1000. My linux machine running as a virtual-machine on 
vmware is properly synchronized by NTP. The ASR1000 is synchronized to the same 
reference and the
sent Netflowv9 records have the right timestamps. I properly collect the Netflowv9 
traffic coming from the router, but ,when I review the records, the date first seen and 
the duration are all "0s" and don't represent the timestamp of the received
Netflowv9 based CGNAT records.

[root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes 
Flows
1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651 <http://100.64.32.46:62651/> -> 
17.146.1.72:443 <http://17.146.1.72:443/> 0 0 1
1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702 <http://100.64.48.86:36702/> -> 
172.31.205.3:123 <http://172.31.205.3:123/> 0 0 1
1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848 <http://172.30.41.5:62848/> -> 
4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1
1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216 <http://172.30.41.4:58216/> -> 
8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1

I would be grateful if anyone could give me a hint about what is happening.

Thanks in advance

Kind regards

Octavio



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot



_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to