
Jonathan,<br><br>I think I have an idea of what may have gone wrong. The second patch, as you refered to it, replaces the first patch. If you apply both patches then you will probably have a problem applying the second one. You should start from a clean copy of the source and apply only the second revision of the patch. I have only tested the patch against version 0.9.1.<br>

<br>If you are still unable to apply the patch please let me know and I'll take another look at it.<br><br>On the subject of my patch, there are two deficiencies, one of which is fairly critical; <br> - It doesn't import 

packet start/stop time<br> - It also doesn't record the NATed address (which 

also should be available in the packets from the ASA, as of yet unconfirmed)<br><br>It would be pretty interesting to implement these features, especially the first one. If you do so please update the list :)<br><br>-JohnF<br>

<br><div class="gmail_quote">On Tue, Mar 20, 2012 at 4:24 PM, Jonathan Fontaine <span dir="ltr"><<a href="mailto:jfontaine420@gmail.com">jfontaine420@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<span lang="EN-CA">Hi,</span><div class="gmail_quote">


<p class="MsoNormal"><span lang="EN-CA"> </span></p>


<p class="MsoNormal"><span lang="EN-CA">I have

posted an issue on the google code page but it seems this mailing list is still

used.</span></p>


<p class="MsoNormal"><span lang="EN-CA">So here is

the issue I posted :</span></p>


<p class="MsoNormal"><span lang="EN-CA">______________________________________________________________________________________________________________</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">Hi, </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">Collecting netflow v9 data from a CISCO ASA 5505 with

flowd</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">When I take a look at the collected data, all values

are set to 0 for the "octects" and "packets" fields.</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">I know a patch has been issued to resolved this issue

so I successfully applied the first patch (asa_patch.diff).</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">I had trouble applying the second patch

(asa_patch_2.diff). I get the following output when trying to patch the

netflow.h file :</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">Hunk #1 FAILED at 162.</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">1 out of 1 hunk FAILED -- saving rejects to file</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">This is the content of netflow.h.rej :</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">--- netflow.h   Sun Oct 31 16:36:52 2010

+0000</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">+++ netflow.h   Wed Aug 31 09:09:01 2011

-0400</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">@@ -162,7 +162,10 @@</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">#define NF9_ENGINE_ID                 

39</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">/* ... */</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">#define

NF9_IPV6_NEXT_HOP             

62</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">-</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">+/* ... */</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">+//Cisco ASA Netflow</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">+#define

NF9_ASA_NF_F_FLOW_BYTES               

85</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">+/* ... */</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">+#define

NF9_ASA_NF_F_FW_EVENT         

40005</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">#endif /* _NETFLOW_H */</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">-</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">I am using flowd 0.9.1 on CentOS 6.2</span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA"> </span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"" lang="EN-CA">Thanks for the great collector by the way</span></p>


<p class="MsoNormal"><span lang="EN-CA"> </span></p>


</div><br>

<br>_______________________________________________<br>

netflow-tools mailing list<br>

<a href="mailto:netflow-tools@mindrot.org">netflow-tools@mindrot.org</a><br>

<a href="https://lists.mindrot.org/mailman/listinfo/netflow-tools" target="_blank">https://lists.mindrot.org/mailman/listinfo/netflow-tools</a><br>

<br></blockquote></div><br>