hi i am using Dell sonicwall firewall and have enabled flow reporting on it. it sends netflow v5 to nfsen. We are facing a strange issue. Even though nfsen is receiving all the data the first time seen is coming as 16th December 2013! Nfsen runs on a centos server and is configured to synchronise time from ntp server. We have set the timezone as GMT in both the server and its php file.
Here is the sample of nfdump in raw format: nfdump -M /data/nfsen/profiles-data/live/***** -T -R 2014/01/31/nfcapd.201401311150 -n 1 -o raw Flow Record: Flags = 0x00 Unsampled size = 52 first = 1387230769 [2013-12-16 21:52:49] last = 1387231981 [2013-12-16 22:13:01] msec_first = 112 msec_last = 112 src addr = ************* dst addr = ************** src port = 61641 dst port = 61262 fwd status = 0 tcp flags = 0x13 .A..SF proto = 6 (src)tos = 0 (in)packets = 9 (in)bytes = 476 input = 4 output = 3 src as = 0 dst as = 0 Flow Record: Flags = 0x00 Unsampled size = 52 first = 1387229009 [2013-12-16 21:23:29] last = 1387231981 [2013-12-16 22:13:01] msec_first = 112 msec_last = 112 src addr = ************** dst addr = **************** src port = 443 dst port = 63281 fwd status = 0 tcp flags = 0x13 .A..SF proto = 6 (src)tos = 0 (in)packets = 19 (in)bytes = 1655 input = 2 output = 1 src as = 0 But when i run a tcpdump on the server and check it in wireshark, i see the correct date and time in the timestamp field of the packet. Moreover we are sending sflow and netflow data from juniper switches and they are working just fine. what can be the issue? thanks anadi chaturvedi ------------------------------------------------------------------------------ WatchGuard Dimension instantly turns raw network data into actionable security intelligence. It gives you real-time visual feedback on key security issues and trends. Skip the complicated setup - simply import a virtual appliance and go from zero to informed in seconds. http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
