-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 YES! This idea solved our problem.
Thank you! Tomas On 12.2.2013 11:00, Guy, Neale wrote: > Remove the '/' from the end of your -M path. EG should be: > /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel> > > Neale > > -----Original Message----- From: Tomas Plesnik > [mailto:[email protected]] Sent: 12 February 2013 09:10 To: > [email protected] Subject: [Nfdump-discuss] > Segmentation fault with combination of options -M and -R > > Hi list, > > we found a problem with using of combination -M and -R options. > When we use the -R parameter and only one nfcapd file: > > $ /usr/bin/nfdump -R > /data/nfsen/profiles-data/live/<channel>/2012/12/07/nfcapd.201212072340 > > 'proto > tcp and dst port 3389 and flags S and not flags ARFUP and net > <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q > > everything is OK. When we use the -R parameter and a range of > nfcapd files: > > $ /usr/bin/nfdump -R > /data/nfsen/profiles-data/live/<channel>/2012/12/07/nfcapd.201212070000:nfcapd.201212072355 > > 'proto tcp and dst port 3389 and flags S and not flags ARFUP and net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q > > everything is OK too, but when we add the -M option to process > nfcapd files from one or more days, we get the segmentation fault: > > $ /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel>/ -R > 2012/12/07/nfcapd.201212070000:2012/12/07/nfcapd.201212072355 > 'proto tcp and dst port 3389 and flags S and not flags ARFUP and > net <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q > Segmentation fault > > or > > $ /usr/bin/nfdump -M /data/nfsen/profiles-data/live/<channel>/ -R > 2012/12/07/nfcapd.201212072355:2012/12/08/nfcapd201212080000 'proto > tcp and dst port 3389 and flags S and not flags ARFUP and net > <subnet/16>' -o 'fmt:%ts;%sa;%da;%fl' -a -A srcip,dstip -q > Segmentation fault > > Our nfdump version is: > > nfdump: Version: 1.6.5 $Date: 2011-12-30 15:36:48 +0100 (Fri, 30 > Dec 2011) $ > > Do you have any idea how to fix it? Thank you. > > Best regards, > > Tomas Plesnik > > > ------------------------------------------------------------------------------ > > Free Next-Gen Firewall Hardware Offer > Buy your Sophos next-gen firewall before the end March 2013 and get > the hardware for free! Learn more. > http://p.sf.net/sfu/sophos-d2d-feb > _______________________________________________ Nfdump-discuss > mailing list [email protected] > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > > This e-mail (and any attachments) contains information which is > intended solely for the attention of the person to whom it has been > sent. If you are not the intended recipient, you are not authorised > to copy, distribute or use it for any purpose or disclose the > contents to any person. If you have received this e-mail in error, > please notify us immediately at [email protected] and delete this > e-mail from your systems. NTT Europe makes no warranty that this > message is error or virus free. Any comments or opinions expressed > are those of the originator not of NTT Europe Ltd. unless otherwise > expressly stated. NTT Europe Limited is a company registered in > England and Wales with company number 2307625. Registered Address: > 3rd Floor, Devon House, 58-60 St. Katharine's Way, London, E1W 1LB, > UK. > - -- Tomas Plesnik [email protected] CSIRT-MU, Network Security Department http://www.muni.cz/csirt Institute of Computer Science, Masaryk University, Brno, Czech Republic PGP key ID: 0x9D3722F3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEaWF0ACgkQGA/bT503IvPM2wCg0UFC4LV9A38fbB+VttNPvHMA /uMAoNqUzDWFl8R8lrAse3+a/eKgnvwf =UEEx -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
