This works with nudump 1.6.6:
./nfdump -r
/data/nfsen/profile-data/live/any/2012/09/09/09/nfcapd.201209090900 -o
'fmt:%eng %ra %in %ts %td %pr %sap
-> %dap %pkt %byt %fl' -c 1
engine Router IP Input Date flow start Duration Proto
Src IP Addr:Port Dst IP Addr:Port
Packets Bytes Flows
0/0 zz.zz.34.3 8 2012-09-09 07:31:07.712 57.000 TCP
xx.xxx.52.32:179 -> xx.xxx.52.44:29474
3 218 1
Summary: total flows: 1, total bytes: 218, total packets: 3, avg bps: 30, avg
pps: 0, avg bpp: 72
The tags are documented in nfdump(1) man page.
Hope this helps
- Peter
On 9/14/12 15:04, James A. T. Rice wrote:
> Hi Folks,
>
>
>>> On 09/14/2012 10:09 AM, Peter Haag wrote:
>
>>>> in 1.6.6 .you may add %eng which identifies engine type/id. You'll need
>>>> to enable extension 14 see nfcapd(1). In combination, you may identify
>>>> what you are looking for?
>
>
>> On 9/14/12 11:13, Phil Mayers wrote:
>
>>> %ra?
>
>
> On Fri, 14 Sep 2012, Peter Haag wrote:
>
>> Sure! router IP is also always an (additional) option.
>
>
>
> Interesting - niether %eng nor %ra are documented in the list of
> specifiers at the start of bin/nfdump.c , is there somewhere else I should
> be looking for where all the available specifiers are documented?
>
> It sounded like one or the other of those would be ideal, but actually
> it appears not:
>
> ** nfdump -M /flows/nfsen/profiles-data/live/sup-tfm1:sup-tfm4 -T -r
> 2012/09/14/nfcapd.201209140145 -o 'fmt:%eng %ra %in %ts %td %pr %sap -> %dap
> %pkt %byt %fl' -c 1
> nfdump filter:
> any
> engine Router IP Input Date flow start Duration Proto
> Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
> 0/0 0.0.0.0 19 2012-09-14 01:44:49.820 0.000 UDP
> mumblemumble:61486 -> mumblemumble:53 13 910 1
>
> So I have input interface index '19', but on which router? I could go
> through each source individually (in my case there's only two), but isn't
> there a better way of making it print which source that flow came from?
>
> Cheers
> James
>
> ------------------------------------------------------------------------------
> Got visibility?
> Most devs has no idea what their production app looks like.
> Find out how fast your code is with AppDynamics Lite.
> http://ad.doubleclick.net/clk;262219671;13503038;y?
> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
--
Be nice to your netflow data
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
