Remove the '/' from the end of your -M path. EG should be: /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel>
Neale -----Original Message----- From: Tomas Plesnik [mailto:[email protected]] Sent: 12 February 2013 09:10 To: [email protected] Subject: [Nfdump-discuss] Segmentation fault with combination of options -M and -R -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, we found a problem with using of combination -M and -R options. When we use the -R parameter and only one nfcapd file: $ /usr/bin/nfdump -R /data/nfsen/profiles-data/live/<channel>/2012/12/07/nfcapd.201212072340 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q everything is OK. When we use the -R parameter and a range of nfcapd files: $ /usr/bin/nfdump -R /data/nfsen/profiles-data/live/<channel>/2012/12/07/nfcapd.201212070000:nfcapd.201212072355 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q everything is OK too, but when we add the -M option to process nfcapd files from one or more days, we get the segmentation fault: $ /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel>/ -R 2012/12/07/nfcapd.201212070000:2012/12/07/nfcapd.201212072355 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q Segmentation fault or $ /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel>/ -R 2012/12/07/nfcapd.201212072355:2012/12/08/nfcapd201212080000 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q Segmentation fault Our nfdump version is: nfdump: Version: 1.6.5 $Date: 2011-12-30 15:36:48 +0100 (Fri, 30 Dec 2011) $ Do you have any idea how to fix it? Thank you. Best regards, Tomas Plesnik - -- Tomas Plesnik [email protected] CSIRT-MU, Network Security Department http://www.muni.cz/csirt Institute of Computer Science, Masaryk University, Brno, Czech Republic PGP key ID: 0x9D3722F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEaBt0ACgkQGA/bT503IvNRkgCg1FmgccxLhzWa7wWie0poLRlI ITYAn2DM2ZCJCeluL9+Pt1ShO1cHQzyA =w0Aj -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss This e-mail (and any attachments) contains information which is intended solely for the attention of the person to whom it has been sent. If you are not the intended recipient, you are not authorised to copy, distribute or use it for any purpose or disclose the contents to any person. If you have received this e-mail in error, please notify us immediately at [email protected] and delete this e-mail from your systems. NTT Europe makes no warranty that this message is error or virus free. Any comments or opinions expressed are those of the originator not of NTT Europe Ltd. unless otherwise expressly stated. NTT Europe Limited is a company registered in England and Wales with company number 2307625. Registered Address: 3rd Floor, Devon House, 58-60 St. Katharine's Way, London, E1W 1LB, UK. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
