Try to launch it with -Tall or select the extensions you want (-T NEL for
sure).

G.

On 12 October 2016 at 07:19, Octavio Alfageme <octavio.alfag...@gmail.com>
wrote:

> Great, Gaspard!!! That's what I'm looking for. Thanks a lot for your help.
>
> I launch it this way.
>
> nfcapd -w -D -l /netflow/spool/allflows -p 9996
>
> If you see my output I don't get the "create" and "delete" events
> either, so there's something I'm doing wrong.
>
> Thanks a lot for your help
>
> Kind regards
>
> Octavio
>
> On Wed, Oct 12, 2016 at 11:57 AM, Gaspard Laurent <glaur...@guyacom.fr>
> wrote:
> > Hello Octavio,
> >
> > Thanks to the great set of tools provided by NFDump, I am succesfuly
> logging
> > ASR 1000 NEL records with nfcapd 1.6.13, see attached.
> >
> > Which arguments do you use to launch your nfcapd daemon?
> >
> > Best
> > Gaspard
> >
> > On 12 October 2016 at 05:56, Octavio Alfageme <
> octavio.alfag...@gmail.com>
> > wrote:
> >>
> >> Sorry, by mistake, I sent the previous message as html.
> >>
> >> Thanks a lot, Peter. Unfortunately, I think that's not the case. Here
> you
> >> have an snapshot of a packet capture at the collector. As you can see
> there
> >> is a 'Timestamp' Jun 30, 2016 13:16:43.000000000 CEST. It's as nfdump
> had
> >> problems storing that information.
> >>
> >> Thank you
> >>
> >> Octavio
> >>
> >> On Wed, Oct 12, 2016 at 9:16 AM, Peter Haag <
> ph...@users.sourceforge.net>
> >> wrote:
> >>>
> >>> So it seems your device does not export any timestamps at all.
> >>>
> >>> 1970-01-01 means timestamp '0'
> >>>
> >>>         - Peter
> >>>
> >>> On 12/10/16 09:09, Octavio Alfageme wrote:
> >>> > Dear all,
> >>> >
> >>> > I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based
> >>> > CGNAT logs from a Cisco ASR1000. My linux machine running as a
> >>> > virtual-machine on vmware is properly synchronized by NTP. The
> ASR1000 is
> >>> > synchronized to the same reference and the
> >>> > sent Netflowv9 records have the right timestamps. I properly collect
> >>> > the Netflowv9 traffic coming from the router, but ,when I review the
> >>> > records, the date first seen and the duration are all "0s" and don't
> >>> > represent the timestamp of the received
> >>> > Netflowv9 based CGNAT records.
> >>> >
> >>> > [root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240
> >>> > Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port
> >>> > Packets Bytes Flows
> >>> > 1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651
> >>> > <http://100.64.32.46:62651/> -> 17.146.1.72:443 <
> http://17.146.1.72:443/> 0
> >>> > 0 1
> >>> > 1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702
> >>> > <http://100.64.48.86:36702/> -> 172.31.205.3:123 <
> http://172.31.205.3:123/>
> >>> > 0 0 1
> >>> > 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848
> >>> > <http://172.30.41.5:62848/> -> 4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1
> >>> > 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216
> >>> > <http://172.30.41.4:58216/> -> 8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1
> >>> >
> >>> > I would be grateful if anyone could give me a hint about what is
> >>> > happening.
> >>> >
> >>> > Thanks in advance
> >>> >
> >>> > Kind regards
> >>> >
> >>> > Octavio
> >>> >
> >>> >
> >>> >
> >>> >
> >>> > ------------------------------------------------------------
> ------------------
> >>> > Check out the vibrant tech community on one of the world's most
> >>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >>> >
> >>> >
> >>> >
> >>> > _______________________________________________
> >>> > Nfdump-discuss mailing list
> >>> > Nfdump-discuss@lists.sourceforge.net
> >>> > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> >>> >
> >>
> >>
> >>
> >>
> >> ------------------------------------------------------------
> ------------------
> >> Check out the vibrant tech community on one of the world's most
> >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> >> _______________________________________________
> >> Nfdump-discuss mailing list
> >> Nfdump-discuss@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> >>
> >
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to