Yann Berthier wrote:
>> When I use "fmt:%in;%out" the fields are always 0, though they should be
>> set.
> good news for you - it is:
>
> nfdump -r nfcapd.200707122350 -o "fmt:%in %out" | head -4
> Input Output
> 1 8
> 1 8
> 9 10
I tried version nfdump-snapshot-20070312.tar.gz. Is there a newer
version? Mine definitely shows only zeroes:
$nfdump -r nfcapd.200707121600 -o 'fmt:%in %out' | sort | uniq
0 0
InputzusOutput
Summary: total flows: 229991, total bytes: 557.0 M, total packets:
743515, avg bps: 10.9 M, avg pps: 1822, avg bpp: 785
This what flow-tools sees (NetFlow data from the same router):
$ flowd-reader -v flowd_200707131045 | head -2
LOGFILE flowd_200707131045
FLOW tag 3 recv_time 2007-07-13T10:42:08.734652 proto 6 tcpflags 18 tos
00 agent [XXX.XXX.XXX.XXX] src [XXX.XXX.XXX.XXX]:80 dst
[XXX.XXX.XXX.XXX]:51795 packets 18 octets 27000
in_if 7 out_if 8 sys_uptime_ms 6w2d7h27m26s.559 time_sec
2007-07-13T10:42:08 time_nanosec 0 netflow ver 9 flow_start
6w2d7h27m16s.283 flow_finish 6w2d7h26m37s.159 src_
AS 0 src_masklen 19 dst_AS 0 dst_masklen 23
Perhaps we have a bug/compilation problem here? I compiled on Solaris 9
and I did apply the include order patch and the library path fix patch.
> have you checked that the other fields are filled ok as collected by
> nfcapd ?
All other fields seem to be fine.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
