Argus-Netflow Time Stamp Issue

[John Kennedy]

All,

I have been running into an issue with time stamps while collecting flows
from my Netflow exporter.  I think it is helpful to describe how I have
things setup in my environment to bring a little context to the table.

I have a single server that connects to all of the argus sensors using
radium.  I then have rasplit connect to the radium processes and write the
records to disk. On this same server I receive Netflows from my exporter.
 I have a radium process running to collect the netflows -- radium -d -S
cisco://serverHostname:9996 -e `hostname` -P 59996.  I then use rasplit to
write the data to disk -- rasplit -d -M time 5m -w
/path/to/argus/dir/\$srcid/%Y/%m/%d/argus.%Y.%m%d.%H.%M.%S -S
127.0.0.4:59996.

I am getting flows from 8 different sources from the exporter.  Rasplit
writes the data in the file structure noted above; however, on one srcid
the data gets written with dates that are in the future. So I see records
being written to disk for March 2013.  Using RA in that directory shows
flows with the same time and date.  Any idea why this would be happening
for just one source?

Thanks

John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130114/5c56fc6b/attachment.html>