Finally nfdump-1.5.8-NSEL is released and available at Sourceforge.
Many thanks to all testers, for giving valuable feedback
- Peter
On 18/12/10 1:45 PM, Peter Haag wrote:
> Dear all,
> Due to the high demand to support NSEL event flows for CISCO ASA devices, and
> due to some bugs in nfdump-1.5.7-nsel, I
> decided to create and updated version nfdump-1.5.8-NSEL.
>
> In order to release this version on Sourceforge, I would like to get some
> feedback first from testers, willing to use
> and test nfdump-1.5.8-NSEL thoroughly. If you want to help to test, feel free
> to ping me off list, and I will send you a
> tar ball. As I have no CISCO ASA equipment for testing, I only can do limited
> testing with flow tracks sent by
> supporting users. Many thanks to all of them.
>
> Notes on nfdump-1.5.8-NSEL:
> Why nfdump-1.5.8-NSEL and no integration into nfdump-1.6.x ?
> The original NSEL code was contributed by CISCO and applied to nfdump-1.5.7.
> Therefore, it was a lot easier for me to
> port this code to nfdump-1.5.8 and fix the bugs related to nfdump-1.5.7-nsel.
> Once the code turns out to be stable and running, I will port it to
> nfdump-1.6.
>
> Limitation: Due to a major code cleanup and in respect to future upwards
> compatibility with nfdump-1.6.x, the binary
> data format changed from nfdump-1.5.7-nsel to nfdump-1.5.8-NSEL. Therefore
> the bad news is, that flows collected with
> nfdump-1.5.7-nsel can no longer be processed be nfdump-1.5.8-NSEL - sorry!
>
> The good news: nfdump-1.5.8-NSEL is fully nfdump-1.5.8 up and downwards
> compatible. Both versions can read either data
> likewise, with the limitation of course, that nfdump-1.5.8 skips NSEL
> specifics but displays other data correctly. This
> also allows, that upcoming nfdump-1.6.x with NSEL support will be able to
> read and upgrade data from nfdump-1.5.8-NSEL
> transparently. It's fully 64bit compatible and should compile and run on any
> standard *NIX.
>
> NSEL event flows use a different time formats, than standard v9 flows.
> nfdump-1.5.8-NSEL maps the time directly into
> flow start/end time records likewise. For statistics reason, at least one
> packet is accounted for each event flow.
> Furthermore nfdump-1.5.8-NSEL has been upgraded to support NSEL specific
> output formats and tags. The default display
> format is -o nsel. All other formats like raw, line, long and extended are
> still available. If you want to see a full
> NSEL record use -o raw. See also the nfdump(1) man page for further details
> on NSEL specific output formats.
>
> nfdump-1.5.8-NSEL is fully NfSen compatible. --enable-nfprofile builds the
> required profiler and the nseld binary for
> the NSELtracker. NSELTracker is an NfSen plugin contributed by CISCO. See the
> coresponding NSELTracker subdirectory for
> further information.
>
> Cheers
>
> - Peter
>
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
