[Flow-tools] Bad Timestamp with flow-print

BONIN Nathanaël BONIN.N at mipih.fr
Thu Aug 13 03:25:30 EDT 2009 

Hello everyone,

 

I am a new flow-tools French user and I have a problem with flow-print. I explain my architecture : I have my firewall on OpenBSD (packet filter) and flow-tools is installed on a Debian.

I am using pflow interface on OpenBSD to send netflow data and the version used is 5.

 

All of my files are created, but the timestamp is weird.

 

Flow capture command is :  -w /data/flows/Router -n 287 -N -1 0/10.31.34.10/2058 -z0 -V5 -S5

 

I installed the last version of flow-tools (0.68) but I have a weird timestamp :

 

0816.02:38:24.871 0816.02:39:31.871 0     10.31.0.246     138   0     10.31.255.255   138   17  0  1          245

0816.02:38:26.871 0816.02:39:31.871 0     10.31.0.74      138   0     10.31.255.255   138   17  0  1          264

0816.02:38:27.871 0816.02:39:32.871 0     10.31.30.87     138   0     10.31.255.255   138   17  0  1          251

0816.02:38:27.871 0816.02:39:32.871 0     10.31.0.138     138   0     10.31.255.255   138   17  0  1          238

0816.02:38:28.871 0816.02:39:32.871 0     10.31.0.44      138   0     10.31.255.255   138   17  0  1          262

0816.02:38:29.871 0816.02:39:32.871 0     10.31.1.64      137   0     10.31.255.255   137   17  0  1          78

0816.02:38:54.871 0816.02:39:34.871 0     10.31.30.113    137   0     10.31.255.255   137   17  0  17         1326

0816.02:38:55.871 0816.02:39:34.871 0     10.31.0.175     137   0     10.31.255.255   137   17  0  3          234

 

This is a capture from today (08/13/2009) but the timestamp is for the 08/16/2009 and the time is bad too because when I write, it's 09:15...

 

I have tried on a 32-bits and on a 64-bits but it's the same problem.

 

On 64-bits I tried with the patch, but this has not changed.

 

I have synchronized with NTP the time and the date of my OpenBSD and my Debian, it's the same, and it's the good date and time.

 

I don't really know what is the problem. Could you help me please ?


Thanks!

 

---------------------------

Nathanaël BONIN

CSIM - Bureau 011

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20090813/4c351337/attachment.htm

More information about the Flow-tools mailing list