Hi! Under the spell of the recent undeadly article about pflow(4) and stuff, I started to fool around with nfsen and pflow a bit. The setup was really easy... I had the nfsen web interface up and running and displaying uninteresting graphs in no time. (I must say, the system is a 5.4-stable).
But eventually, I wanted to see what kind of reports I can get from the collected data using the command line. So I started to read about nfdump and flow-tools' utilities. 1) Using nfdump seems pretty straightforward, but no matter how I try to shape my output, I always get '1970-01-01 01:00:00.000' as "Date first seen" time. Also, "Duration" is always 0.000 ... Any ideas why? 2) I tried to use the flow-tools utilities with the data captured by nfcapd (from nfsen), but eg. flow-print and flow-report says: flow-print: ftiheader_read(): Warning, bad magic number flow-print: ftiheader_read(): failed flow-print: ftio_init(): failed ... when I try to open the nfcapd.* files. Well, okay, but how can I use the captured data with flow-tools? Can I? Thanks in advance for some insight :) Daniel -- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
