Softflowd > nfdump timestamps wrong
-
Not a pfsense issue, or even a softflowd but thought I'd post in case others are searching the net because they may of ran into the same problem.
when exporting via softflowd and analysing the data via nfdump, the time stamps may be very wrong (by months) if you are exporting v9 data. switch softflowd to export v5 data and the time stamps will be correct.
-g
-
Yes, I've seen the same problem. There is a bug that reverses the start and end time of the flows when a Netflow v9 flow is exported.
I'm hoping that this issue can be fixed by whomever maintains this package.
-
I'm hoping that this issue can be fixed by whomever maintains this package.
Very unlikely since the upstream is basically dead.
https://bugzilla.mindrot.org/show_bug.cgi?id=1944
-
Hmm this is sad news. I am not familiar with the differences between v5 and v9. Is there much drawback to using the v5 format? What are people using for traffic monitoring these days? Am I the only nutcase that's interested in visualizing this data? :o
-
FYI. If you're looking for progress on this I would go here : https://github.com/irino/softflowd
Found it here: http://lists.mindrot.org/pipermail/netflow-tools/2016-July/000596.html
