I have been using the NetFlow processing tool under the Stats tab in NfSen,
and I was hoping someone could help explain why I'm seeing discrepencies in
the time range specified.
Output from command, with pertinent lines:
--
** nfdump -M /usr/local/nfsen/profiles-data/live/<<hostname>> -T -R
2007/09/25/nfcapd.200709251235:2007/09/25/nfcapd.200709251240 -n 20 -s
record/bytes -A srcip,dstip,dstport -o long -L 1M
<<output ommitted>>
Summary: total flows: 13715, total bytes: 55.8 M, total packets: 407076, avg
bps: 197048, avg pps: 171, avg bpp: 143
Time window: 2007-09-25 12:05:20 - 2007-09-25 12:44:56
Total flows processed: 28170, skipped: 0, Bytes read: 1464876
Sys: 0.089s flows/second: 313553.9 Wall: 0.010s flows/second: 2749634.0
--
The part I'm having trouble with is that the time window I've selected in
the graph (12:35 -> 12:40) is not indicated in the Time Window below the
output (12:05:20 -> 12:44:56, in this case).
Is this normal? Am I just interpreting the output incorrectly? I want to
process netflow data on specific time windows, but the above makes me wonder
which time range the data is being parsed from.
Thanks in advance...
--
Eric Cables
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
