Peter Haag

Actually nfcapd does no magic. It collects, what is sent by the exporter. In order to understand, why you have such long lifetimes, I would need a pcapd which you...

According the data you sent I must assume, that your exporter is sending wrong data. The exporter uses tags 21,22 in order to send start/end time. These are relative miliseconds...

Hmm .. I don't see, what you mean by "simply adding the two dwords works." Can you please elaborate a bit more on this?

Ahh - what a wired definition! Indeed, this is not handled by nfdump. The quick and dirty solution would be to take the first occurrence and ignore the second. This...

Do you have any pcap to the collector to share with UserID and AppID in PaloAlto Firewalls netflow v9. I would like to verify the correct working. You may send...

Currently the router is not considered, as the flow is defined independently from the router. If the router is integrated, you would be required also to print the router IP...

Current the sflow version is not properly stored, however this can be fixed. Forwarding sflow using the built-in forwarder in sflowd is not affected by this. nfreplay does not forward...

I need to check how complicated it is.

The format is basically explained in nffile.h. I plan changes in the file format - however I am not sure if the ietf format will be supported.

Yes - my focus is speed and efficiency. compatibility is nice but not a top priority.