Hi Peter,
thanks for your swift response.
> > If you are interested in the issue I put several anonymized files where
> > the problem appears on the http://hawk.cis.vutbr.cz/~tpoder/tmp/nfdump/
> > site.
>
> Thanks for the report. There is a bug which was triggered due to the
> somewhat
> interessting flow mapping in your files. Did you collect them with the
> new 1.6
> collector, or is the file a result from profiling or saving
> post-processing flows?
Fles has been collected with 1.6 nfcapd using follow options:
/usr/local/bin/nfcapd -u nobody -g nobody -t 3600 -S 7 -z -D -w -I
CESNET -p 9997 -P /var/run/nfcapd/nfcapd.9997.pid -l /data/netflow/CESNET/
Files placed on the web was only anonymized by command:
nfdump -r nfcapd.201001101300.src -w nfcapd.201001101300 -K <key>
As the source of the data the Hardware FlowMon probes by Invea-tech
(http://www.invea.cz/products/flowmon-probes) are used.
I am ready to provide any additional information or data if you need it.
Best regards,
Tomas
>
>
> > Peter Haag wrote:
> >> Dear all,
> >> I'm happy to announce, that nfdump-1.6 is available for downloading
> >> @ Sourceforge. Several new features have been added ( see list below )
> >> nfdump-1.6 is mostly compatible with nfdump-1.5.x.
> >> nfdump-1.6 works with current NfSen 1.3.2, however, the new features
> >> are not
> >> accessible using the interface.
> >> *** Please note: *** PortTracker from NfSen 1.3.2 does *NOT* work with
> >> nfdump-1.6.
> >> An updated version for NfSen/PortTracker will be released later.
> >>
> >>
> >> NEW in 1.6 since 1.5.8 ( latest on top )
> >> ----------------------
> >> o Add router IP extension.
> >> o Add router ID extension (engine type/ID)
> >> o Add srcmask and dstmask aggregation
> >> o Aggregated ( -a, -A, -b, -B ) or sorted flows ( -m ) can be
> written back
> >> to binary files ( -w )
> >> Note: This results in a behaviour change for -w in combination
> >> with aggregation
> >> o Extend -N ( do not scale numbers ) to all text output not just
> summary
> >> o Remove header lines of -s stat, when using -q ( quiet )
> >> Note: This results in a behaviour change for -N
> >> o Remove legacy v1.4 file compatibility
> >> o Remove -S option from nfdump ( legacy 1.4 compatibility )
> >> o Make use of log (syslog) functions for nfprofile.
> >> o Move log functions to util.c
> >> o Update sflow collector.
> >> o Add parse_csv.pl script as an example to parse csv output
> >> o Add csv output format ( -o cvs ) as replacement for -o pipe - keep
> >> -o pipe for now.
> >> o Flow-tools converter updated - supports all common elements.
> >> o Sflow collector updated. Supports more common elements.
> >> o Add sampling to nfdump. Sampling is automatically recognised
> >> in undocumented v5 header fields and in v9 option templates.
> >> see nfcapd(1)
> >> o Add @include option for filter to include more filter files.
> >> o Add bidirectional aggregation ( -b, -B ) - experimental feature
> >> o Add flexible aggregation comparable to Flexible Netflow (FNF)
> >> over all available v9 tags
> >> o All new tags can be selected in -o fmt:... see nfdump(1)
> >> o topN stat for all new tags is implemented
> >> o Integrate developer code to read from pcap files into stable branch
> >> o Update filter syntax for new tags
> >> o Add flexible storage option for nfcapd. To save disk space, the
> >> data extensions to be stored in the data file are user selectable.
> >> o Added more v9 tags for netflow v9.
> >> The detailed tags are listed in nfcapd(1) Beside of MAC addresses
> >> and VLAN labels, also MPLS labels and many more v9 tags are now
> >> supported. AS numbers and interface numbers are now 32bit clean.
> >> Adding new tags also extended the binary file format with
> >> data block type 2, which is extension based. File format
> >> for version <= 1.5.* ( Data block format type 1 ) is read
> >> transparently. ( --enable-compat15 ) Data block type 2 are skipped
> >> by nfdump 1.5.8.
> >> o Added option for multiple netflow stream to same port.
> >> -n <Ident,IP,base_directory>
> >> Example: -n router1,192.168.100.1,/var/nfdump/router1
> >> So multiple -n options may be given at the command line
> >> Old style syntax still works for compatibility, ( -I .. -l ... )
> >> but then only one source is supported.
> >> o Move to automake for building nfdump
> >> o Make nfdump fully 64bit compliant. ( 32/64bit data alignments and
> >> access )
> >> Compiles and runs cleanly on 32/64bit systems
> >> o Switch scaling factor ( k, M, G ) from 1024 to 1000.
> >>
> >>
> >
> ------------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Verizon Developer Community
> > Take advantage of Verizon's best-in-class app development support
> > A streamlined, 14 day to market process makes app distribution fast
> and easy
> > Join now and get one step closer to millions of Verizon customers
> > http://p.sf.net/sfu/verizon-dev2dev
> > _______________________________________________
> > Nfdump-discuss mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
>
>
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
