The year 1969 has shown up as the start time in some of our data and I'd
like to find out why. I immediately thought that the router must have put
zero in the UNIX_SECONDS field of the cflow header when the cflow export
process was restarted. But, with another restart of the cflow export process
on the router and viewing the packets I saw that this wasn't the case. The
router process has restarted several times, but the 1969 only showed up two
times, both after cflowd was left running for more than a day without
receiving any data (because none was being sent to it).
So, I'm inclined to believe that cflowd or one of its associates causes this
problem when left running with out receiving data for a certain amount of
time. Can someone confirm this?
We're only sending cflow packets from one router now. What if cflowd was
receiving from several routers and one of them stopped sending packets for a
long time? Would 1969 show up as the start time for that one router when it
restarted? (My guess is yes.)
A work around might be to restart cflowd after it has been deprived of data
for a certain amount of time. But, this wouldn't be a good solution when
many routers are sending data.
K.C. Smith
p.s. It's cflowd version 2-1-a9 .
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Mon Oct 30 2000 - 10:44:54 PST