Re: [Nfdump-discuss] Cisco 4500x netflow v9 and IPFIX gives bad timestamps in nfcapd
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] Cisco 4500x netflow v9 and IPFIX gives bad timestamps in nfcapd
|
From: Robert F. <rc...@ca...> - 2015-07-31 13:45:34
|
On 28 Jul 2015, at 19:58, Brian Epstein <bep...@ia...> wrote: > Thank you so much for getting back to me. We are using the EPEL6 > package for nfdump. It's spec file has the following flags for configur > e. > > %configure \ > --enable-nel \ > --enable-nsel \ > --enable-nfprofile \ > --enable-nftrack \ > --enable-sflow \ > --enable-readpcap \ > --enable-nfpcapd > > I did replace the nfdump-1.6.11.tar.gz file with the > nfdump-1.6.13.tar.gz tarball and updated the spec to use it instead in > the hopes that 1.6.13 fixed something broken in 1.6.11, but have the > same results in both. It's not broken -- those fields just aren't used for regular traffic - only NSEL ones (such as that for an ASA). I think nfdump is just displaying 'INVALID' and 'Ignore' because there is no data in those fields for those flows. This is to be expected and not a problem. I'm not sure why nfdump doesn't display something less confusing, such as a '-' (same goes for the X-Src and X-Dst fields). Peter will know why that is. - Bob -- Bob Franklin rc...@ca... / +44 1223 748479 Networks, University Information Services, University of Cambridge |