Gaspard, Matěj, Peter, Ivan, thanks a lot for your help, guys. I'm a
newbie with nfdump and I overlooked that option in the man page. Sorry
about that. Tomorrow I'll be back in my lab and I'll try -T option
once I carefully review the man page. As soon as it works I'll be back
to you.

One again, thank you for your so valuable assist.

Regards

Octavio

On Wed, Oct 12, 2016 at 12:40 PM, Gaspard Laurent <glaur...@guyacom.fr> wrote:
> Try to launch it with -Tall or select the extensions you want (-T NEL for
> sure).
>
> G.
>
> On 12 October 2016 at 07:19, Octavio Alfageme <octavio.alfag...@gmail.com>
> wrote:
>>
>> Great, Gaspard!!! That's what I'm looking for. Thanks a lot for your help.
>>
>> I launch it this way.
>>
>> nfcapd -w -D -l /netflow/spool/allflows -p 9996
>>
>> If you see my output I don't get the "create" and "delete" events
>> either, so there's something I'm doing wrong.
>>
>> Thanks a lot for your help
>>
>> Kind regards
>>
>> Octavio
>>
>> On Wed, Oct 12, 2016 at 11:57 AM, Gaspard Laurent <glaur...@guyacom.fr>
>> wrote:
>> > Hello Octavio,
>> >
>> > Thanks to the great set of tools provided by NFDump, I am succesfuly
>> > logging
>> > ASR 1000 NEL records with nfcapd 1.6.13, see attached.
>> >
>> > Which arguments do you use to launch your nfcapd daemon?
>> >
>> > Best
>> > Gaspard
>> >
>> > On 12 October 2016 at 05:56, Octavio Alfageme
>> > <octavio.alfag...@gmail.com>
>> > wrote:
>> >>
>> >> Sorry, by mistake, I sent the previous message as html.
>> >>
>> >> Thanks a lot, Peter. Unfortunately, I think that's not the case. Here
>> >> you
>> >> have an snapshot of a packet capture at the collector. As you can see
>> >> there
>> >> is a 'Timestamp' Jun 30, 2016 13:16:43.000000000 CEST. It's as nfdump
>> >> had
>> >> problems storing that information.
>> >>
>> >> Thank you
>> >>
>> >> Octavio
>> >>
>> >> On Wed, Oct 12, 2016 at 9:16 AM, Peter Haag
>> >> <ph...@users.sourceforge.net>
>> >> wrote:
>> >>>
>> >>> So it seems your device does not export any timestamps at all.
>> >>>
>> >>> 1970-01-01 means timestamp '0'
>> >>>
>> >>>         - Peter
>> >>>
>> >>> On 12/10/16 09:09, Octavio Alfageme wrote:
>> >>> > Dear all,
>> >>> >
>> >>> > I'm working with nfcapd version 1.6.13 and collecting Netflowv9
>> >>> > based
>> >>> > CGNAT logs from a Cisco ASR1000. My linux machine running as a
>> >>> > virtual-machine on vmware is properly synchronized by NTP. The
>> >>> > ASR1000 is
>> >>> > synchronized to the same reference and the
>> >>> > sent Netflowv9 records have the right timestamps. I properly collect
>> >>> > the Netflowv9 traffic coming from the router, but ,when I review the
>> >>> > records, the date first seen and the duration are all "0s" and don't
>> >>> > represent the timestamp of the received
>> >>> > Netflowv9 based CGNAT records.
>> >>> >
>> >>> > [root@GRA-VS01 allflows]# nfdump -r nfcapd.201610031240
>> >>> > Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port
>> >>> > Packets Bytes Flows
>> >>> > 1970-01-01 01:00:00.000 0.000 TCP 100.64.32.46:62651
>> >>> > <http://100.64.32.46:62651/> -> 17.146.1.72:443
>> >>> > <http://17.146.1.72:443/> 0
>> >>> > 0 1
>> >>> > 1970-01-01 01:00:00.000 0.000 UDP 100.64.48.86:36702
>> >>> > <http://100.64.48.86:36702/> -> 172.31.205.3:123
>> >>> > <http://172.31.205.3:123/>
>> >>> > 0 0 1
>> >>> > 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.5:62848
>> >>> > <http://172.30.41.5:62848/> -> 4.2.2.3:53 <http://4.2.2.3:53/> 0 0 1
>> >>> > 1970-01-01 01:00:00.000 0.000 UDP 172.30.41.4:58216
>> >>> > <http://172.30.41.4:58216/> -> 8.8.4.4:53 <http://8.8.4.4:53/> 0 0 1
>> >>> >
>> >>> > I would be grateful if anyone could give me a hint about what is
>> >>> > happening.
>> >>> >
>> >>> > Thanks in advance
>> >>> >
>> >>> > Kind regards
>> >>> >
>> >>> > Octavio
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> >
>> >>> > ------------------------------------------------------------------------------
>> >>> > Check out the vibrant tech community on one of the world's most
>> >>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> >>> >
>> >>> >
>> >>> >
>> >>> > _______________________________________________
>> >>> > Nfdump-discuss mailing list
>> >>> > Nfdump-discuss@lists.sourceforge.net
>> >>> > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>> >>> >
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Check out the vibrant tech community on one of the world's most
>> >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> >> _______________________________________________
>> >> Nfdump-discuss mailing list
>> >> Nfdump-discuss@lists.sourceforge.net
>> >> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>> >>
>> >
>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to