Hi, If I run this query (in the web interface) - I get one result back:
*nfdump -M /data/nfsen/profiles/live/router1:router2:router3 -T -r nfcapd.200907221110 -n 200 -s ip/pps -l 2M* nfdump filter: *any* *Packet limit: > 2097152 packets* Top 200 IP Addr ordered by pps: Date first seen Duration Proto IP Addr Flows Packets Bytes pps bps bpp *2009-07-22 11:04:59.864 446.060 any xx.xxx.xx.xxx 39 3.1 M 134.6 M 7349 2.4 M 43* Summary: total flows: 4490413, total bytes: 7.9 G, total packets: 15.6 M, avg bps: 25.9 M, avg pps: 6550, avg bpp: 518 Time window: 2009-07-22 10:33:24 - 2009-07-22 11:14:58 Total flows processed: 4490413, Records skipped: 0, Bytes read: 233505016 Sys: 4.342s flows/second: 1034100.1 Wall: 4.347s flows/second: 1032873.2 If I run this query - I don't get any results back: *nfdump -M /data/nfsen/profiles/live/router1:router2:router3 -T -r nfcapd.200907221110 -n 200 -s ip/pps -l 2M* nfdump filter: *duration > 300000* *Packet limit: > 2097152 packets* Top 200 IP Addr ordered by pps: Date first seen Duration Proto IP Addr Flows Packets Bytes pps bps bpp Summary: total flows: 112657, total bytes: 3.4 G, total packets: 5.8 M, avg bps: 11.2 M, avg pps: 2446, avg bpp: 601 Time window: 2009-07-22 10:33:24 - 2009-07-22 11:14:58 Total flows processed: 4490413, Records skipped: 0, Bytes read: 233505016 Sys: 0.602s flows/second: 7447936.4 Wall: 0.606s flows/second: 7403703.8 In the second case I added a filter - for flows with a duration greater than 300 seconds (5 minutes) - and I don't get any results. Could anyone explain to me why it doesn't work in the second case? My goal is to find flows which have over 2 million packets and lasts over 5 minutes. Thanks, Adrian
------------------------------------------------------------------------------
_______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
