[netsa-tools-discuss] Date on SILK/rwflowpack directory is in the future by a good bit.

Collyer, Jeffrey W. (jwc3f) jwc3f at virginia.edu
Tue Jan 23 15:57:33 EST 2018 

So I have a Gigamon generating Netflow v9 and sending it to two collectors, one of which is Silk.
The Silk collector is suddenly writing files with dates in the future.
The second collector is seeing the same flow data and only sees time/date stamps for today, nothing in the future.

Much as I would love to know the future I can’t figure out what is causing this.

For example

/opt/silk/data/GIGAMON-NF-1/in/2018/02/12# ls -al
total 2998086
drwxr-xr-x 2 root root        14 Jan 23 15:27 .
drwxr-xr-x 5 root root         5 Jan 23 04:27 ..
-rw-r--r-- 1 root root 221513566 Jan 23 05:29 in-GIGAMON-NF-1_20180212.00
-rw-r--r-- 1 root root 220770422 Jan 23 06:29 in-GIGAMON-NF-1_20180212.01
-rw-r--r-- 1 root root 238481114 Jan 23 07:29 in-GIGAMON-NF-1_20180212.02
-rw-r--r-- 1 root root 248975819 Jan 23 08:29 in-GIGAMON-NF-1_20180212.03
-rw-r--r-- 1 root root 278772583 Jan 23 09:29 in-GIGAMON-NF-1_20180212.04
-rw-r--r-- 1 root root 288936702 Jan 23 10:29 in-GIGAMON-NF-1_20180212.05
-rw-r--r-- 1 root root 297647756 Jan 23 11:29 in-GIGAMON-NF-1_20180212.06
-rw-r--r-- 1 root root 301989843 Jan 23 12:29 in-GIGAMON-NF-1_20180212.07
-rw-r--r-- 1 root root 296719238 Jan 23 13:29 in-GIGAMON-NF-1_20180212.08
-rw-r--r-- 1 root root 300709672 Jan 23 14:29 in-GIGAMON-NF-1_20180212.09
-rw-r--r-- 1 root root 298666055 Jan 23 15:29 in-GIGAMON-NF-1_20180212.10
-rw-r--r-- 1 root root  77347926 Jan 23  2018 in-GIGAMON-NF-1_20180212.11
/opt/silk/data/GIGAMON-NF-1/in/2018/02/12# date
Tue Jan 23 15:43:12 EST 2018

Ive checked the date on the Gigamon, the VM that Silk is running on, and the Hypervisor.  All are correct and are NTP synced.
I restarted rwflowpack, rebooted the VM, and even motioned it off and bounced the hypervisor.
I was on silk-3.14.0, but I just upgraded to silk-3.16.0 in case that might help. It didn’t.

My conf files are pretty stock, and previously it had been working fine.

Any help/hints/idea about whats wrong and how I might fix this greatly appreciated.

Jeff

Jeffrey Collyer
Information Security Engineer
University of Virginia


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3444 bytes
Desc: not available
URL: <http://lists.sei.cmu.edu/pipermail/netsa-tools-discuss/attachments/20180123/07b920d8/attachment.p7s>

More information about the netsa-tools-discuss mailing list