[Flow-tools] timestamp problem fanout/capture

Fernando Garcia fernandosetegarcia at uol.com.br
Wed Jul 4 12:35:46 EDT 2007 

Hi all,

I'm just starting using flow-fanout and flow-capture to use netflow 
traffic on two servers.
On the fisrt, the one who receive original flows from routers, I have this:

/usr/local/netflow/bin/flow-fanout -s 192.168.2.142//2055 0/0/2054 
0/192.168.2.237/2055
/usr/local/netflow/bin/flow-capture -z0 -N0 -V5 -n287 -E5G 
-w/export/netflow/flow-files -R/usr/local/netflow/bin/linkme //2054


On the second, I have this:
/usr/local/netflow/bin/flow-capture -z0 -N0 -V5 -n287 -E80G 
-w/export/netflow/flow-files //2055

The problem is, on the second server the timestamp of the flows are 
totally wrong:

[root at secondserver flow-files]# flow-print -f5 < 
ft-v05.2007-07-04.130000-0300 | more
Start             End               Sif   SrcIPaddress    SrcP  DIf   
DstIPaddress    DstP    P Fl Pkts       Octets

0108.07:35:35.485 0108.07:35:35.485 33    89.129.186.17   3950  42    
200.100.4.89    80    6   0  1          40
0926.04:52:52.492 0926.04:52:52.492 70    69.191.186.17   1381  75    
200.100.3.168   80    6   0  1          476
0223.06:43:41.878 0223.06:43:41.878 38    69.178.187.17   1702  42    
200.100.7.37    80    6   0  1          40
[root at secondserver flow-files]# date
Wed Jul  4 13:35:59 BRT 2007


On the first server, it looks right:
root at firstserver:/export/netflow/flow-files# flow-print -f5 < 
ft-v05.2007-07-04.130000-0300 | more
Start             End               Sif   SrcIPaddress    SrcP  DIf   
DstIPaddress    DstP    P Fl Pkts       Octets

0704.12:58:42.208 0704.12:58:42.208 32    200.100.29.129  25    31    
200.196.233.36  54614 6   0  1          40
0704.12:59:00.011 0704.12:59:00.502 32    200.100.29.129  25    31    
200.154.152.38  40884 6   0  3          120
0704.12:58:23.555 0704.12:58:23.555 32    200.100.29.129  25    31    
200.154.152.47  34057 6   0  2          80
0704.12:58:47.902 0704.12:58:47.902 32    200.100.29.129  25    31    
200.154.152.47  34710 6   0  1          40
0704.12:59:04.588 0704.12:59:04.588 32    200.100.29.129  25    31    
69.45.152.47  35034 6   0  1          40
root at firstserver:/export/netflow/flow-files# date
Wed Jul  4 13:37:37 BRT 2007

Date and time on both server are equal.


Is there any problem on fanout when it send flows, changing timestamps ?

I really aprecciate any help.

More information about the Flow-tools mailing list