[flow-tools] Different Time between Flow-tools file and Flow-print
Mark Fullmer
maf@splintered.net
Tue, 2 Apr 2002 23:55:17 -0500
flow-capture does not make any time zone adjustments to the flows
it collects, so I would guess that the router may not have the correct
time zone configured.
% export TZ=GMT
% flow-print < xxx
If the above produces the correct timestamps the router thinks it's in GMT.
To configure a Cisco you would need something like
clock timezone EST5EDT -5
clock summer-time EST5EDT recurring
mark
On Mon, Apr 01, 2002 at 03:24:13PM -0300, alaerte@embratel.com.br wrote:
>
>
>
> Hi,
>
> Could someone help me understanding what is going on with the time in
> flow-print ? It is 3 hours less than the real time.
>
> I have the following file
>
> ft-v07.2002-04-01.144500-0300
>
> It is a flow-tool file generated at 02:45 pm.
>
> When I use flow-print I got the following time:
>
> # flow-print -f5 < ft-v07.2002-04-01.144500-0300
> Start End Sif SrcIPaddress
> SrcP DIf DstIPaddress DstP P Fl Pkts Octets
> 0401.11:46:12.788 0401.11:46:13.669 0 178.50.1.100 8080 0
> 108.6.15.56 2770 6 0 7 968
> 0401.11:46:16.727 0401.11:46:18.202 0 178.50.1.100 8080 0
> 108.6.15.56 2771 6 0 13 4361
>
> The time is 3 hours different. I checked the Unix machine where Flow-tool is
> running and the 6509 switch to see the time, and they were right, around 02:45
> pm.
>
> Thanks in advanced,
>
> Alaerte Gladston Vidali
> 55 11 96193382
>
>
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools