View Single Post
  #1   (View Single Post)  
Old 31st August 2009
schrodinger's Avatar
schrodinger schrodinger is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Ireland
Posts: 69
Default Weird time issues

Hey folks,

I have a weird problem with OpenBSD 4.5 running on my soekris box.

The time on my box is NTP sync from my primary firewall, which ntp syncs from ie.pool.ntp.org, and both are as expected quite accurate. I also have my timezone set correctly.

Code:
$ ls -l /etc/localtime 
lrwxr-xr-x  1 root  wheel  33 Mar 21 18:30 /etc/localtime -> /usr/share/zoneinfo/Europe/Dublin
However I am having a problem with the "time". The two places I am seeing the issue is with nfdump for Netflow processing from my main firewall and Nagios running on this soekris.

When logged into Nagios the time of the checks is always an hour behind what I expect. It is 09:44 here in Dublin and my Nagios reports it was last updated at 08:44.

Also when processing my netflow files the date is messed up.

I am using nfsen for graphing and easy selection of time periods and the following sample output is for the time perdiod:

start 2009-08-31-04-45
end 2009-08-31-05-50

Quote:
$ nfdump -M /var/www/profiles-data/live/defiant -T -R 2009/35/1/04/nfcapd.200908310445:2009/35/1/05/nfcapd.200908310550 -o extended -c 100
Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows
2009-09-14 18:41:57.649 18.000 ICMP 10.51.2.130:0 -> 192.168.1.1:64.74 ...... 0 5 420 0 186 84 1
2009-09-14 18:41:57.649 18.000 ICMP 192.168.1.1:0 -> 10.51.2.130:64.74 ...... 0 5 420 0 186 84 1
2009-09-14 18:41:57.649 19.000 ICMP 79.97.171.175:0 -> 192.168.1.1:145.211 ...... 0 5 420 0 176 84 1
2009-09-14 18:41:57.649 19.000 ICMP 192.168.1.1:0 -> 79.97.171.175:145.211 ...... 0 5 420 0 176 84 1
[...]
Summary: total flows: 100, total bytes: 53719, total packets: 314, avg bps: 3551, avg pps: 2, avg bpp: 171
Time window: 2009-09-14 18:41:45 - 2009-09-14 18:47:02
Total flows processed: 325, Records skipped: 0, Bytes read: 16912
Sys: 0.109s flows/second: 2971.5 Wall: 0.086s flows/second: 3745.7
The 14th of September? Why or how is this happening? I can't find anything that would be causing this. Nfdump has no configuration it simply reads in Netflow files and dumps the data. Nfsen is setup as the collector and lays the files out under the OpenBSD chrooted webroot as:

/var/www/profiles-data/live/defiant/year/week_of_year/day_of_week/hour

Defiant being the hostname of my primary firewall (I have a bit of a Starfleet ships naming convention going on )

I'd appreciate any help or insight people may have.
__________________
It was a new day yesterday, but it's an old day now.
Reply With Quote