Hello Octavio,

Thanks to the great set of tools provided by NFDump, I am succesfuly
logging ASR 1000 NEL records with nfcapd 1.6.13, see attached.

Which arguments do you use to launch your nfcapd daemon?

Best
Gaspard

On 12 October 2016 at 05:56, Octavio Alfageme <octavio.alfag...@gmail.com>
wrote:

> Sorry, by mistake, I sent the previous message as html.
>
> Thanks a lot, Peter. Unfortunately, I think that's not the case. Here you
> have an snapshot of a packet capture at the collector. As you can see there
> is a 'Timestamp' Jun 30, 2016 13:16:43.000000000 CEST. It's as nfdump had
> problems storing that information.
>
> Thank you
>
> Octavio
>
> On Wed, Oct 12, 2016 at 9:16 AM, Peter Haag <ph...@users.sourceforge.net>
> wrote:
>
>> So it seems your device does not export any timestamps at all.
>>
>> 1970-01-01 means timestamp '0'
>>
>>         - Peter
>>
>> On 12/10/16 09:09, Octavio Alfageme wrote:
>> > Dear all,
>> >
>> > I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based
>> CGNAT logs from a Cisco ASR1000. My linux machine running as a
>> virtual-machine on vmware is properly synchronized by NTP. The ASR1000 is
>> synchronized to the same reference and the
>> > sent Netflowv9 records have the right timestamps. I properly collect
>> the Netflowv9 traffic coming from the router, but ,when I review the
>> records, the date first seen and the duration are all "0s" and don't
>> represent the timestamp of the received
>> > Netflowv9 based CGNAT records.
>> >
>> > [root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240
>> > Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port
>> Packets Bytes Flows
>> > 1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651 <
>> http://100.64.32.46:62651/> -> 17.146.1.72:443 <http://17.146.1.72:443/>
>> 0 0 1
>> > 1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702 <
>> http://100.64.48.86:36702/> -> 172.31.205.3:123 <http://172.31.205.3:123/>
>> 0 0 1
>> > 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848 <
>> http://172.30.41.5:62848/> -> 4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1
>> > 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216 <
>> http://172.30.41.4:58216/> -> 8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1
>> >
>> > I would be grateful if anyone could give me a hint about what is
>> happening.
>> >
>> > Thanks in advance
>> >
>> > Kind regards
>> >
>> > Octavio
>> >
>> >
>> >
>> > ------------------------------------------------------------
>> ------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> >
>> >
>> >
>> > _______________________________________________
>> > Nfdump-discuss mailing list
>> > Nfdump-discuss@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>> >
>>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to