Re: [Nfdump-discuss] vSphere 5.1 distributed switch to nfcapd with IPFIX
netflow collecting and processing tools
Brought to you by:
phaag
From: David W. <da...@on...> - 2013-05-14 00:59:18
|
FYI I have finally got VMware looking at this for me. I'll reply to the list when I get more information. I am providing them with the logs of my vDS. Cheers, David On 07/05/2013, at 10:44 AM, David Walsh <da...@on...> wrote: > Hi, > I have some vSphere 5.1 VDS's sending IPFIX net flow to our nfsen server. (nfsen v 1.3.5) > > I am running nfdump Version: 1.6.9 with the IPFIX patch posted on this list on the 13/4/2013 by Peter. > > I am receiving the net flow data and below is the output in raw form after I applied the patch. You will notice that "first" and "last" are set on 1970-01-01 10:00:00. There is an up to date time in the last variable of the packet in "received at". > > NFsen can read the data and it is correct (I compare it to data we pull via snmp) however NFsen /ndump are formatting the data with timestamps of 1970-01-01 10:00:00 instead of the actual time. > > I notice this has been raised on various sites but I have not seen a fix. I don't mind testing some patches if they become available to fix up this timestamp issue. > > > > # nfdump -M /opt/data/nfsen/profiles-data/live/netflow-vds-vsh -R 2013/05/03/nfcapd.201305031040 -c 100 -o raw > > > Flow Record: > Flags = 0x06 FLOW, Unsampled > export sysid = 2 > size = 72 > first = 0 [1970-01-01 10:00:00] > last = 0 [1970-01-01 10:00:00] > msec_first = 0 > msec_last = 0 > src addr = 110.175.94.222 > dst addr = 192.168.64.6 > src port = 58464 > dst port = 443 > fwd status = 157 > tcp flags = 0x00 ...... > proto = 6 > (src)tos = 0 > (in)packets = 9 > (in)bytes = 1500 > input = 1678 > output = 1799 > ip router = 10.1.4.39 > received at = 1367541600163 [2013-05-03 10:40:00.163] > > > Flow Record: > Flags = 0x06 FLOW, Unsampled > export sysid = 2 > size = 72 > first = 0 [1970-01-01 10:00:00] > last = 0 [1970-01-01 10:00:00] > msec_first = 0 > msec_last = 0 > src addr = 101.163.67.76 > dst addr = 192.168.64.6 > src port = 2735 > dst port = 443 > fwd status = 255 > tcp flags = 0x00 ...... > proto = 6 > (src)tos = 0 > (in)packets = 1 > (in)bytes = 40 > input = 1678 > output = 1799 > ip router = 10.1.4.39 > received at = 1367541600163 [2013-05-03 10:40:00.163] > > Kind Regards, > David > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and > their applications. This 200-page book is written by three acclaimed > leaders in the field. The early access version is available now. > Download your free book today! http://p.sf.net/sfu/neotech_d2d_may > _______________________________________________ > Nfdump-discuss mailing list > Nfd...@li... > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss |