[Flow-tools] timestamp problem fanout/capture

Fernando Garcia fernandosetegarcia at uol.com.br
Wed Jul 4 14:19:06 EDT 2007 

Sorry to bother mates.

I found out it was the problem on 64-bit system.

flow-print garbled dates.

Just aplied this patch: 
http://mailman.splintered.net/pipermail/flow-tools/2004-December/002501.html


Fernando Garcia escreveu:
> Hi all,
>
> I'm just starting using flow-fanout and flow-capture to use netflow 
> traffic on two servers.
> On the fisrt, the one who receive original flows from routers, I have 
> this:
>
> /usr/local/netflow/bin/flow-fanout -s 192.168.2.142//2055 0/0/2054 
> 0/192.168.2.237/2055
> /usr/local/netflow/bin/flow-capture -z0 -N0 -V5 -n287 -E5G 
> -w/export/netflow/flow-files -R/usr/local/netflow/bin/linkme //2054
>
>
> On the second, I have this:
> /usr/local/netflow/bin/flow-capture -z0 -N0 -V5 -n287 -E80G 
> -w/export/netflow/flow-files //2055
>
> The problem is, on the second server the timestamp of the flows are 
> totally wrong:
>
> [root at secondserver flow-files]# flow-print -f5 < 
> ft-v05.2007-07-04.130000-0300 | more
> Start             End               Sif   SrcIPaddress    SrcP  DIf   
> DstIPaddress    DstP    P Fl Pkts       Octets
>
> 0108.07:35:35.485 0108.07:35:35.485 33    89.129.186.17   3950  42    
> 200.100.4.89    80    6   0  1          40
> 0926.04:52:52.492 0926.04:52:52.492 70    69.191.186.17   1381  75    
> 200.100.3.168   80    6   0  1          476
> 0223.06:43:41.878 0223.06:43:41.878 38    69.178.187.17   1702  42    
> 200.100.7.37    80    6   0  1          40
> [root at secondserver flow-files]# date
> Wed Jul  4 13:35:59 BRT 2007
>
>
> On the first server, it looks right:
> root at firstserver:/export/netflow/flow-files# flow-print -f5 < 
> ft-v05.2007-07-04.130000-0300 | more
> Start             End               Sif   SrcIPaddress    SrcP  DIf   
> DstIPaddress    DstP    P Fl Pkts       Octets
>
> 0704.12:58:42.208 0704.12:58:42.208 32    200.100.29.129  25    31    
> 200.196.233.36  54614 6   0  1          40
> 0704.12:59:00.011 0704.12:59:00.502 32    200.100.29.129  25    31    
> 200.154.152.38  40884 6   0  3          120
> 0704.12:58:23.555 0704.12:58:23.555 32    200.100.29.129  25    31    
> 200.154.152.47  34057 6   0  2          80
> 0704.12:58:47.902 0704.12:58:47.902 32    200.100.29.129  25    31    
> 200.154.152.47  34710 6   0  1          40
> 0704.12:59:04.588 0704.12:59:04.588 32    200.100.29.129  25    31    
> 69.45.152.47  35034 6   0  1          40
> root at firstserver:/export/netflow/flow-files# date
> Wed Jul  4 13:37:37 BRT 2007
>
> Date and time on both server are equal.
>
>
> Is there any problem on fanout when it send flows, changing timestamps ?
>
> I really aprecciate any help.
>
> _______________________________________________
> Flow-tools mailing list
> flow-tools at splintered.net
> http://mailman.splintered.net/mailman/listinfo/flow-tools
>

More information about the Flow-tools mailing list