Hi,
  add -T all or select only the extensions you want to store. It's
documented in nfcapd man page.

M.

On 10/12/2016 12:19 PM, Octavio Alfageme wrote:
> Great, Gaspard!!! That's what I'm looking for. Thanks a lot for your help.
> 
> I launch it this way.
> 
> nfcapd -w -D -l /netflow/spool/allflows -p 9996
> 
> If you see my output I don't get the "create" and "delete" events
> either, so there's something I'm doing wrong.
> 
> Thanks a lot for your help
> 
> Kind regards
> 
> Octavio
> 
> On Wed, Oct 12, 2016 at 11:57 AM, Gaspard Laurent <glaur...@guyacom.fr> wrote:
>> Hello Octavio,
>>
>> Thanks to the great set of tools provided by NFDump, I am succesfuly logging
>> ASR 1000 NEL records with nfcapd 1.6.13, see attached.
>>
>> Which arguments do you use to launch your nfcapd daemon?
>>
>> Best
>> Gaspard
>>
>> On 12 October 2016 at 05:56, Octavio Alfageme <octavio.alfag...@gmail.com>
>> wrote:
>>>
>>> Sorry, by mistake, I sent the previous message as html.
>>>
>>> Thanks a lot, Peter. Unfortunately, I think that's not the case. Here you
>>> have an snapshot of a packet capture at the collector. As you can see there
>>> is a 'Timestamp' Jun 30, 2016 13:16:43.000000000 CEST. It's as nfdump had
>>> problems storing that information.
>>>
>>> Thank you
>>>
>>> Octavio
>>>
>>> On Wed, Oct 12, 2016 at 9:16 AM, Peter Haag <ph...@users.sourceforge.net>
>>> wrote:
>>>>
>>>> So it seems your device does not export any timestamps at all.
>>>>
>>>> 1970-01-01 means timestamp '0'
>>>>
>>>>         - Peter
>>>>
>>>> On 12/10/16 09:09, Octavio Alfageme wrote:
>>>>> Dear all,
>>>>>
>>>>> I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based
>>>>> CGNAT logs from a Cisco ASR1000. My linux machine running as a
>>>>> virtual-machine on vmware is properly synchronized by NTP. The ASR1000 is
>>>>> synchronized to the same reference and the
>>>>> sent Netflowv9 records have the right timestamps. I properly collect
>>>>> the Netflowv9 traffic coming from the router, but ,when I review the
>>>>> records, the date first seen and the duration are all "0s" and don't
>>>>> represent the timestamp of the received
>>>>> Netflowv9 based CGNAT records.
>>>>>
>>>>> [root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240
>>>>> Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port
>>>>> Packets Bytes Flows
>>>>> 1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651
>>>>> <http://100.64.32.46:62651/> -> 17.146.1.72:443 <http://17.146.1.72:443/> >>>>> 0
>>>>> 0 1
>>>>> 1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702
>>>>> <http://100.64.48.86:36702/> -> 172.31.205.3:123 
>>>>> <http://172.31.205.3:123/>
>>>>> 0 0 1
>>>>> 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848
>>>>> <http://172.30.41.5:62848/> -> 4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1
>>>>> 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216
>>>>> <http://172.30.41.4:58216/> -> 8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1
>>>>>
>>>>> I would be grateful if anyone could give me a hint about what is
>>>>> happening.
>>>>>
>>>>> Thanks in advance
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Octavio
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Check out the vibrant tech community on one of the world's most
>>>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Nfdump-discuss mailing list
>>>>> Nfdump-discuss@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>>>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Nfdump-discuss mailing list
>>> Nfdump-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>>>
>>
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most 
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to