-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Cédric,
- --On November 12, 2007 11:38:59 +0100 "cedric.delaunay" <[EMAIL PROTECTED]>
wrote:
| Hy nfsen-users,
| I'm trying to understand the porttracker's Top 10 statistics.
| Unfortunately I have some difficulties. So here are a few questions for
| nfsen's experts.
|
| - Which nfsen's sources are considered in porttracker's statistics ?
By default it takes all sources available.
| - Is there a nfdump command giving me an equivalent of the top 10 stats ?
Well - not exactly, as it's splotted up into all protocols. Something alike:
./nfdump -M <allsources> -r nfcapd.xx -p dstport:p/flows -s dstport:p/packets
-s dstport:p/bytes -n 0
This should give a familiar table.
|
| A newbie question : I didn't find how to get only stats lines with
Well - you are no longer a newbie, as to my knowledge :)
| nfdump ( -z option doesn't seems to modify the results)
old -z is obsolete, as never really used. It's recycled in 1.5.6 for
compression.
| as an example, I would like find the bytes send from X.Y.Z/24 network
| during the last day.
well - that's a bit of a trick:
./nfdump -R nfcapd.xx0000:nfcapd.xx2355 -A srcip4/4 -s record/bytes 'src net
x.y.z/24'
There will be only a single line showing your net.
Hope this helps.
- Peter
|
|
| Regards,
| Cédric
|
|
|
|
|
| -------------------------------------------------------------------------
| This SF.net email is sponsored by: Splunk Inc.
| Still grepping through log files to find problems? Stop.
| Now Search log events and configuration files using AJAX and a browser.
| Download your FREE copy of Splunk now >> http://get.splunk.com/
| _______________________________________________
| Nfsen-discuss mailing list
| [email protected]
| https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRzoDS/5AbZRALNr/AQKNrQP8DMJCelrgX30PFu7XpVVLwfsG4n74MQhk
KOpbXvVWN7mkxtazJoPvfKrFigsv70QSYb+wMPGlnnCnzXMIMG8lFWI4yq7ruP9N
0maRFwWmxGW1TC0j+yy6crwJl0OEHPGBhVjXaVWmrrOYMYv1o8OuCPowDJRHMKNv
ppGf4boo1yI=
=lD+x
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
