Great work Peter, is it possible to manually specify the sampling rate in this package or will this be released later?
Best Regards, On Tue, Jan 05, 2010 at 09:52:25AM +0100, Peter Haag wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Dear all, > I'm happy to announce, that nfdump-1.6 is available for downloading > @ Sourceforge. Several new features have been added ( see list below ) > nfdump-1.6 is mostly compatible with nfdump-1.5.x. > nfdump-1.6 works with current NfSen 1.3.2, however, the new features are not > accessible using the interface. > *** Please note: *** PortTracker from NfSen 1.3.2 does *NOT* work with > nfdump-1.6. > An updated version for NfSen/PortTracker will be released later. > > > NEW in 1.6 since 1.5.8 ( latest on top ) > - ---------------------- > o Add router IP extension. > o Add router ID extension (engine type/ID) > o Add srcmask and dstmask aggregation > o Aggregated ( -a, -A, -b, -B ) or sorted flows ( -m ) can be written back > to binary files ( -w ) > Note: This results in a behaviour change for -w in combination > with aggregation > o Extend -N ( do not scale numbers ) to all text output not just summary > o Remove header lines of -s stat, when using -q ( quiet ) > Note: This results in a behaviour change for -N > o Remove legacy v1.4 file compatibility > o Remove -S option from nfdump ( legacy 1.4 compatibility ) > o Make use of log (syslog) functions for nfprofile. > o Move log functions to util.c > o Update sflow collector. > o Add parse_csv.pl script as an example to parse csv output > o Add csv output format ( -o cvs ) as replacement for -o pipe - keep -o pipe > for now. > o Flow-tools converter updated - supports all common elements. > o Sflow collector updated. Supports more common elements. > o Add sampling to nfdump. Sampling is automatically recognised > in undocumented v5 header fields and in v9 option templates. > see nfcapd(1) > o Add @include option for filter to include more filter files. > o Add bidirectional aggregation ( -b, -B ) - experimental feature > o Add flexible aggregation comparable to Flexible Netflow (FNF) > over all available v9 tags > o All new tags can be selected in -o fmt:... see nfdump(1) > o topN stat for all new tags is implemented > o Integrate developer code to read from pcap files into stable branch > o Update filter syntax for new tags > o Add flexible storage option for nfcapd. To save disk space, the > data extensions to be stored in the data file are user selectable. > o Added more v9 tags for netflow v9. > The detailed tags are listed in nfcapd(1) Beside of MAC addresses > and VLAN labels, also MPLS labels and many more v9 tags are now > supported. AS numbers and interface numbers are now 32bit clean. > Adding new tags also extended the binary file format with > data block type 2, which is extension based. File format > for version <= 1.5.* ( Data block format type 1 ) is read > transparently. ( --enable-compat15 ) Data block type 2 are skipped > by nfdump 1.5.8. > o Added option for multiple netflow stream to same port. > -n <Ident,IP,base_directory> > Example: -n router1,192.168.100.1,/var/nfdump/router1 > So multiple -n options may be given at the command line > Old style syntax still works for compatibility, ( -I .. -l ... ) > but then only one source is supported. > o Move to automake for building nfdump > o Make nfdump fully 64bit compliant. ( 32/64bit data alignments and access ) > Compiles and runs cleanly on 32/64bit systems > o Switch scaling factor ( k, M, G ) from 1024 to 1000. > > > - -- > _______ SWITCH - The Swiss Education and Research Network ______ > Peter Haag, Security Engineer, Member of SWITCH CERT > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland > E-mail: [email protected] Web: http://www.switch.ch/ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (Darwin) > > iQCVAwUBS0L9xf5AbZRALNr/AQJGlQP9E7DgQKSAYCOWLeU7bWs5tEFmEJUOroGl > g8vj+9buCG7OMVkY5/gtUF69ZyLZ9NM28fQUgVMDmky/LX14uy0GUG9p5HRpBda9 > sUArCOXbzYj0Dl77naj1JUVg7QErUl8AI79GlPJi3oYBEZ8+RGSqRyXyN5WYC6Tq > N24DXT7AZ6w= > =+Qy+ > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > Nfsen-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss -- Alistair Cockeram ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
