Re: [Nfdump-discuss] Issue with TimeStamp

[Dave D. <dei...@cy...>]

Hello Dhanasekaran,

Timestamps in flow records are set by the device that's exporting the data.  If some of the devices you're exporting from from have unsynchronized clocks then you'll likely get some records with bizarre timestamps.  This has nothing to do with how nfcapd works.

Try checking your exporters to make sure they're running ntp and are synced to a reliable ntp source.  Hope this helps!

--
Dave Deitrich
dei...@cy...


On 7/9/14, 6:47 PM, Dhanasekaran Anbalagan wrote:
> Hi Guys,
> 
> I am new to nfdump project, When I try to collect netflow data to nfcapd. I
> am getting different time stamp for different source IP's
> 
> For Example:
> 
> [/tmp/dhana/2014/07/09/18]$ nfdump -R nfcapd.201407091820
> Date first seen          Duration Proto      Src IP Addr:Port          Dst
> IP Addr:Port   Packets    Bytes Flows
> 1969-12-31 19:00:00.995    -0.995 UDP      192.168.70.81:48095 ->
> 8.8.8.8:53           0       80     1
> 2014-07-09 14:20:19.555     0.000 TCP      192.168.70.81:44418 ->
> 176.74.176.178:25           0        0     1
> 1969-12-31 19:00:00.115    -0.115 TCP      192.168.70.74:52010 ->
> 216.17.0.221:443          0   390837     1
> 
> 
> 
> Please guide me How to understand data, Why it's show different time stamp.
> 
> 
> I am using package versions ::
> 
> [/tmp/dhana/2014/07/09/18]$ *nfcapd -V*
> *nfcapd: Version: 1.6.12 $Date: 2014-04-02 20:08:48 +0200 (Wed, 02 Apr
> 2014) $*
> [/tmp/dhana/2014/07/09/18]$* nfdump -V*
> *nfdump: Version: 1.6.12 $Date: 2014-04-02 20:08:48 +0200 (Wed, 02 Apr
> 2014) $*
> 
> 
> Did I learn something today? If not, I wasted it.
> 
>