Open janrueth opened 4 years ago
Lukas955
commented
4 years ago Hi, thank you for your feedback. I believe it shouldn't be hard to add these override options. I will try to add them during the next week and I will let you know.
Timestamps and time zones are endless story :). As for the timestamps, do you mean values in flow records or file naming?
janrueth
commented
4 years ago Awesome!
Timestamps: Just the file naming! In my mental model the flowrecord times come from the exporters?
But regardless, I agree the timestamp/zones thing is debatable and not a real "must"
Lukas955
commented
4 years ago Timestamp in flow records always come in UTC format from exporters (NetFlow/IPFIX).
Nevertheless, file names based on local time are usually quite tricky if you live in a country with daylight saving time. Once a year, you will override/loose 60 minutes. Therefore, I would like to avoid this configuration options until it is really necessary.
janrueth
commented
4 years ago Oh you are right, I did not think of daylight savings... Don't add that option then 👍 This just came to me because when I switched from nfcapd to ipfixcol2+infstore, I could not find the output files as it was overriding older files from nfcapd because nfcapd does save by localtime (utc+2 right now).
Hi,
just found ipfixcol2 and tried to replace nfcapd with it in an nfsen system. Works well so far. It would however be very helpful to be able to configure the file prefixes and suffix such that e.g., a nfsen system would pick them up.
To this end, it would be awesome if one could set/override the defaults in
LNF_FILE_PREFIXandBF_FILE_PREFIXandSUFFIX_MASKvia the the plugin configFurthermore, the plugin right now seems to convert timestamps to UTC (which is what I would prefer), however it would be nice if it one could toggle this via the config.
Best Jan