Can anyone confirm whether the PortTracker plugin is able to read compressed files? I have a new NfSen installation that I'm testing. I had the PortTracker plugin half working, where the summary at the bottom had correct-looking data but the graphs were blank. Now the summary is garbage, with 66635 as the only port with more bytes than is possible. Between then and now, I did enable compression in the nfsen.conf file.
I did a couple of tests using nftrack on one of the original uncompressed files and a newer compressed file. It looks like from the results that nftrack can't deal with a compressed file. --- [EMAIL PROTECTED] 19]# /usr/local/bin/nftrack -r nfcapd.200805191720 -d /local/nfsen/plugins-data/PortTracker -s -t 200805191720 -p 1211232000 10 0 0 515 80 25 443 524 135 21 3396 113 139 4667 2893 926 389 203 187 183 160 136 105 10 1 0 80 524 1976 3389 49409 35182 443 1979 25 515 47574 31628 23494 16627 16343 10244 7422 7276 6281 5823 10 2 0 1976 35182 9100 80 2495 2510 2522 2811 2540 524 18952960 15213336 8561650 6610134 6503022 5609872 5444351 4953478 3593795 2817093 10 0 1 7000 161 7001 0 53 1347 1346 2967 137 123 12545 7260 6403 4036 3714 2587 1818 1188 1173 661 10 1 1 7000 7001 161 0 2967 53 1347 1346 137 1851 25411 12216 12152 8239 6791 5656 4757 3336 1561 1489 10 2 1 7001 0 2967 7000 1346 1347 1851 161 53 694 15540246 11160809 3034373 2385728 1546072 1378910 1226395 985230 414838 383264 [EMAIL PROTECTED] 21]# /usr/local/bin/nftrack -r nfcapd.200805211550 -d /local/nfsen/plugins-data/PortTracker -s -t 200805211550 -p 1211399400 10 0 0 0 65535 65534 65533 65532 65531 65530 65529 65528 65527 0 0 0 0 0 0 0 0 0 0 10 1 0 0 65535 65534 65533 65532 65531 65530 65529 65528 65527 0 0 0 0 0 0 0 0 0 0 10 2 0 0 65535 65534 65533 65532 65531 65530 65529 65528 65527 0 0 0 0 0 0 0 0 0 0 10 0 1 0 65535 65534 65533 65532 65531 65530 65529 65528 65527 0 0 0 0 0 0 0 0 0 0 10 1 1 0 65535 65534 65533 65532 65531 65530 65529 65528 65527 0 0 0 0 0 0 0 0 0 0 10 2 1 0 65535 65534 65533 65532 65531 65530 65529 65528 65527 0 0 0 0 0 0 0 0 0 0 --- Are there any tricks with nfdump or other tools that could uncompress the file and feed it to stdin on nftrack? Any other workarounds? Best regards, Danny ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
