Gaspard, Matěj, Peter, Ivan, thanks a lot for your help once again,
guys. It's working as expected. I noticed that I didn't install
neither nel nor nsel extensions, so I reinstalled nfdump the following
way:
".\configure --enable-nel --enable-nsel --enable-nfprofile
--enable-nftrack --enable-s
Gaspard, Matěj, Peter, Ivan, thanks a lot for your help, guys. I'm a
newbie with nfdump and I overlooked that option in the man page. Sorry
about that. Tomorrow I'll be back in my lab and I'll try -T option
once I carefully review the man page. As soon as it works I'll be back
to you.
One again, t
Hi,
add -T all or select only the extensions you want to store. It's
documented in nfcapd man page.
M.
On 10/12/2016 12:19 PM, Octavio Alfageme wrote:
> Great, Gaspard!!! That's what I'm looking for. Thanks a lot for your help.
>
> I launch it this way.
>
> nfcapd -w -D -l /netflow/spool/allf
Try to launch it with -Tall or select the extensions you want (-T NEL for
sure).
G.
On 12 October 2016 at 07:19, Octavio Alfageme
wrote:
> Great, Gaspard!!! That's what I'm looking for. Thanks a lot for your help.
>
> I launch it this way.
>
> nfcapd -w -D -l /netflow/spool/allflows -p 9996
>
>
Great, Gaspard!!! That's what I'm looking for. Thanks a lot for your help.
I launch it this way.
nfcapd -w -D -l /netflow/spool/allflows -p 9996
If you see my output I don't get the "create" and "delete" events
either, so there's something I'm doing wrong.
Thanks a lot for your help
Kind regar
Hello Octavio,
Thanks to the great set of tools provided by NFDump, I am succesfuly
logging ASR 1000 NEL records with nfcapd 1.6.13, see attached.
Which arguments do you use to launch your nfcapd daemon?
Best
Gaspard
On 12 October 2016 at 05:56, Octavio Alfageme
wrote:
> Sorry, by mistake, I
Hello everyone.
I recommend to:
1. wireshark the packet to know if there is any date or not.
2. Stop the collector, stop the sender (ASR). Then start the collector
and after that start the netflow exporting.
12.10.2016 10:16, Peter Haag пишет:
So it seems your device does not export any ti
So it seems your device does not export any timestamps at all.
1970-01-01 means timestamp '0'
- Peter
On 12/10/16 09:09, Octavio Alfageme wrote:
> Dear all,
>
> I'm working with nfcapd version 1.6.13 and collecting Netflowv9 based CGNAT
> logs from a Cisco ASR1000. My linux machine run
