Re: [Nfdump-discuss] vSphere 5.1 distributed switch to nfcapd with IPFIX
netflow collecting and processing tools
Brought to you by:
phaag
From: David W. <da...@on...> - 2013-11-08 03:39:43
|
Hi, Here is an update on this issue….. From VMware: "This is with regards to the vDS issue. Just to keep you updated that engineering have isolated the code that seems to be causing the issue. We are working on a fix and I will share further updates as and when the same is available” Hopefully it will be part of Update 2 of v5.1. I have not tested 5.5 yet. On 14 May 2013, at 10:59 am, David Walsh <da...@on...> wrote: > FYI > > I have finally got VMware looking at this for me. I'll reply to the list when I get more information. I am providing them with the logs of my vDS. > > Cheers, > David > > On 07/05/2013, at 10:44 AM, David Walsh <da...@on...> wrote: > >> Hi, >> I have some vSphere 5.1 VDS's sending IPFIX net flow to our nfsen server. (nfsen v 1.3.5) >> >> I am running nfdump Version: 1.6.9 with the IPFIX patch posted on this list on the 13/4/2013 by Peter. >> >> I am receiving the net flow data and below is the output in raw form after I applied the patch. You will notice that "first" and "last" are set on 1970-01-01 10:00:00. There is an up to date time in the last variable of the packet in "received at". >> >> NFsen can read the data and it is correct (I compare it to data we pull via snmp) however NFsen /ndump are formatting the data with timestamps of 1970-01-01 10:00:00 instead of the actual time. >> >> I notice this has been raised on various sites but I have not seen a fix. I don't mind testing some patches if they become available to fix up this timestamp issue. >> >> >> >> # nfdump -M /opt/data/nfsen/profiles-data/live/netflow-vds-vsh -R 2013/05/03/nfcapd.201305031040 -c 100 -o raw >> >> >> Flow Record: >> Flags = 0x06 FLOW, Unsampled >> export sysid = 2 >> size = 72 >> first = 0 [1970-01-01 10:00:00] >> last = 0 [1970-01-01 10:00:00] >> msec_first = 0 >> msec_last = 0 >> src addr = 110.175.94.222 >> dst addr = 192.168.64.6 >> src port = 58464 >> dst port = 443 >> fwd status = 157 >> tcp flags = 0x00 ...... >> proto = 6 >> (src)tos = 0 >> (in)packets = 9 >> (in)bytes = 1500 >> input = 1678 >> output = 1799 >> ip router = 10.1.4.39 >> received at = 1367541600163 [2013-05-03 10:40:00.163] >> >> >> Flow Record: >> Flags = 0x06 FLOW, Unsampled >> export sysid = 2 >> size = 72 >> first = 0 [1970-01-01 10:00:00] >> last = 0 [1970-01-01 10:00:00] >> msec_first = 0 >> msec_last = 0 >> src addr = 101.163.67.76 >> dst addr = 192.168.64.6 >> src port = 2735 >> dst port = 443 >> fwd status = 255 >> tcp flags = 0x00 ...... >> proto = 6 >> (src)tos = 0 >> (in)packets = 1 >> (in)bytes = 40 >> input = 1678 >> output = 1799 >> ip router = 10.1.4.39 >> received at = 1367541600163 [2013-05-03 10:40:00.163] >> >> Kind Regards, >> David >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and >> their applications. This 200-page book is written by three acclaimed >> leaders in the field. The early access version is available now. >> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may >> _______________________________________________ >> Nfdump-discuss mailing list >> Nfd...@li... >> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > |