[netflow-tools] Softflowd IPFIX date and time problem.
Varun Sharma
vsdssd at gmail.com
Thu Aug 28 15:22:03 EST 2014
Hi ,
I am using Softflowd IPFIX supported version ( Revision : 80aac3b2fec3
) downloaded from google code. I export flows in IPFIX format to
collector server ( NFDUMP 1.6.10 ) . I am seeing issue with date and
time field when I am reading nfdump logs .
Whereas In case of Netflow v5 and v9 it is working fine means proper
date and time comes in nfdump logs.
Command run :
softflowd -i eth3 -n 192.168.50.2:9995 -v 10 -d -t maxlife=30 -D -A milli
nfdump log :
$ nfdump -r nfcapd.201408280909
Date first seen Duration Proto Src IP Addr:Port
Dst IP Addr:Port Packets Bytes Flows
2005-04-02 04:35:37.968 1970-01-01 05:30:00.000 3182570558.032 TCP
192.168.50.1:43241 -> 192.168.50.2:5001 .AP.SF 0 17405
823.5 M 1
2005-04-02 04:35:37.968 1970-01-01 05:30:00.000 3182570558.032 TCP
192.168.50.2:5001 -> 192.168.50.1:43241 .A..SF 0 15470
711626 1
2005-04-02 04:35:37.968 1970-01-01 05:30:00.000 3182570558.032 TCP
192.168.50.1:43242 -> 192.168.50.2:5001 .AP.SF 0 20138
928.1 M 1
2005-04-02 04:35:37.968 1970-01-01 05:30:00.000 3182570558.032 TCP
192.168.50.2:5001 -> 192.168.50.1:43242 .A..SF 0 20814
957450 1
2005-04-02 04:35:37.967 1970-01-01 05:30:00.000 3182570558.033 TCP
192.168.50.1:43243 -> 192.168.50.2:5001 .AP.SF 0 20031
925.8 M 1
.......
2015-06-17 11:04:55.259 1970-01-01 05:30:00.000 2860448000.741 TCP
192.168.50.1:43257 -> 192.168.50.2:5001 .AP.SF 0 7235
348.3 M 1
2015-06-17 11:04:55.259 1970-01-01 05:30:00.000 2860448000.741 TCP
192.168.50.2:5001 -> 192.168.50.1:43257 .A..SF 0 10138
466354 1
2015-06-17 11:04:55.248 1970-01-01 05:30:00.000 2860448000.752 TCP
192.168.50.1:43258 -> 192.168.50.2:5001 .AP.SF 0 13164
610.1 M 1
2015-06-17 11:04:55.248 1970-01-01 05:30:00.000 2860448000.752 TCP
192.168.50.2:5001 -> 192.168.50.1:43258 .A..SF 0 15663
720504 1
.......
2016-01-02 07:16:04.432 1970-01-01 05:30:00.000 2843268131.568 TCP
192.168.50.2:5001 -> 192.168.50.1:43268 .A..SF 0 18639
857400 1
2016-01-02 07:16:04.421 1970-01-01 05:30:00.000 2843268131.579 TCP
192.168.50.1:43269 -> 192.168.50.2:5001 .AP.SF 0 28301
1.3 G 1
2016-01-02 07:16:04.421 1970-01-01 05:30:00.000 2843268131.579 TCP
192.168.50.2:5001 -> 192.168.50.1:43269 .A..SF 0 34656
1.6 M 1
2016-01-02 07:16:04.421 1970-01-01 05:30:00.000 2843268131.579 TCP
192.168.50.1:43270 -> 192.168.50.2:5001 .AP.SF 0 29209
1.3 G 1
....
Summary: total flows: 162, total bytes: 59.4 G, total packets: 2.6 M,
avg bps: 0, avg pps: 0, avg bpp: 0
Time window: 2014-08-28 09:09:31 - 2014-08-28 09:14:31
Total flows processed: 162, Blocks skipped: 0, Bytes read: 9832
Sys: 0.005s flows/second: 27009.0 Wall: 0.005s flows/second: 30291.7
I also used sec with –A option but in that case also same problem
persist. I attached tcpdump pcap file also. Pls find attachment.
Can anybody know why it’s happening ?
Regards
Varun
-------------- next part --------------
A non-text attachment was scrubbed...
Name: softflowd IPIX.pcap
Type: application/octet-stream
Size: 2278 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/netflow-tools/attachments/20140828/ccd5e0ee/attachment.obj>
More information about the netflow-tools
mailing list