Looking to see a report of all "short" conversations by using the
Duration parameter in the filter expression.. I get all duration sizes
in
the results .. Why doesn't this work ?
Filter: duration < 1
Result:
** nfdump -M /usr/local/nfsen/profiles-data/live/xxxxxx -T -r
2008/09/24/nfcapd.200809240845 -n 100 -s record/flows -o long
nfdump filter:
duration < 1
Aggregated flows 16725
Top 100 flows ordered by flows:
Date flow start Duration Proto Src IP Addr:Port
Dst 2008-09-24 08:45:26.556 220.003 TCP xxx.xxx.236.75:443 ->
<SNIP>
2008-09-24 08:45:26.720 219.979 TCP xxx.xxx.172.6:64297 ->
<SNIP>
2008-09-24 08:46:25.504 180.076 TCP xxx.xxx.236.75:443 ->
<SNIP>
Thanks!
Mike D
--------------------------------------------------------
This e-mail, including any attachments, may be confidential, privileged or
otherwise legally protected. It is intended only for the addressee. If you
received this e-mail in error or from someone who was not authorized to send it
to you, do not disseminate, copy or otherwise use this e-mail or its
attachments. Please notify the sender immediately by reply e-mail and delete
the e-mail from your system.
-----Original Message-----
From: Peter Haag [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 24, 2008 7:00 AM
To: Brown, Robin
Cc: [email protected]
Subject: Re: [Nfsen-discuss] Alert email address issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Robin,
Indeed, there seem to be a bug. Here is the patch:
- --- NfAlert.pm.orig Wed Sep 24 12:57:47 2008
+++ NfAlert.pm Wed Sep 24 12:56:35 2008
@@ -1367,7 +1367,7 @@
$action_email =~ s/^\s+//;
$action_email =~ s/\s$//;
foreach my $email_addr ( split /\s*,\s*/, $action_email
) {
- - if ( $action_email !~
/^([A-Z0-9]+[._]?){1,}[A-Z0-9]+\@(([A-Z0-9]+[-]?){1,}[A-Z0-9]+\.){1,}[A-
Z]{2,4}$/i ) {
+ if ( $action_email !~
/^([A-Z0-9]+[._]?){1,}[A-Z0-9\-]+\@(([A-Z0-9]+[-]?){1,}[A-Z0-9]+\.){1,}[
A-Z]{2,4}$/i ) {
print $socket $EODATA;
print $socket "ERR action_email
'$action_email' not a valid email address\n";
return;
- Peter
Brown, Robin wrote:
> Hi, nfsen 1.3. I am trying to use an email address in an alert of the
> format
>
> [EMAIL PROTECTED]
>
> Nfsen gives this error:
>
> ERROR: nfsend: action_email '[EMAIL PROTECTED]' not a valid email
> address!
>
> But it is valid. Is it the '-' or is it the extra part of the domain
> that it doesn't like? Is there a setting someplace I can change so it
> will accept this as a valid email address?
>
> Thanks and regards,
> Robin Brown
>
>
------------------------------------------------------------------------
-
> This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
> Build the coolest Linux based applications with Moblin SDK & win great
prizes
> Grand prize is a trip for two to an Open Source event anywhere in the
world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Nfsen-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSNodo/5AbZRALNr/AQKdJwP8CJXZ72j4dPr3PLIYx5RTx4cTmeKMlwhw
HxiZlIJcEEH17XIINtTNTwjtvh48JGbTDjeXE5i+OzCJX1IEwC4fglQgU/UOCdwx
96Z3OZr78kKjm8qbzhFHlFd/DWfO188ziTUbnzDOHthWBz/Yg1eWy5AkqneuoOrG
FRhPcyLWANY=
=FVmc
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
-
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the
world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
