[netflow-tools] Converting tcpdump log to NetFlow stats
screw.badluck at seznam.cz
screw.badluck at seznam.cz
Thu Jun 24 00:23:19 EST 2010
> Hi, is it possible to convert data logged with tcpdump -w to netflow statistic
> with proper timestamps using softflowd and flowd or does flowd mark data as
> "now"+
>
> Thanks, badluck.
>
>
So, from what i've learned, it's not possible export flows that spans more than ~49 days because first/last switched are expressed in ms since boot on 32bits = max 4294967296ms ... ~49days. So even when i'd tried to fake boot time (in softflowd.c line 1876) i could still export data with correct timestamps only 49days into the future then i would need to restart export and compute new head (sys_uptime and unix_secs) and also first last for each flow.
Or is there an easier way out?
More information about the netflow-tools
mailing list