Hi,
We have a Palo Alto firewall and are trying to use pmacct to collect its
netflow data. I have been able to get everything to work for netflow v9 type
data expect for the timestamps. Most timestamps are current and some go back
one month. The wireshark trace of the netflow data does show such values in the
Timestamp field. When writing out the data to flat files the time goes back in
the past. That same data written to the mysql server is correct in terms of the
timestamp - todays date/time.
I have the following
nfacctd_time_new: true
which is apparently effective for the mysql side - but it appears not on the
file side...
file output
{"label": "netflow_fcnet_in_conv", "tcp_flags": "0", "application":
"bittorrent", "ip_src": "144.76.96.199", "port_src": 38914, "ip_dst":
"148.85.185.85", "port_dst": 41986, "timestamp_start": "2015-03-09 15:25:43.0",
"ip_proto": "udp", "timestamp_end": "2015-03-09 15:45:43.0", "username": "",
"packets": 4, "bytes": 409, "flows": 1}
Mysql output
ip_src ip_dst port_src port_dst tcp_flags ip_proto
packets bytes stamp_inserted stamp_updated country_ip_src country_ip_dst
username application
144.76.96.199 148.85.185.85 38914 41986 0 udp 4 409
4/1/2015 4:25:00 PM 4/1/2015 4:25:15 PM -- --
bittorrent
Steffen
_______________________________________________________________________________________________
Steffen Plotner Amherst College Tel (413)
542-2348
Systems/Network Administrator/Programmer PO BOX 5000 Fax (413)
542-2626
Systems & Networking Amherst, MA 01002-5000
swplot...@amherst.edu
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
