That's exactly what I am trying to do.
I did consider using the -x parameter after reading through the man page for
nfdump, but I wasn't exactly sure how to use it.
One problem I had with hacking up the source is that the nfsen frontend then
needed to be modified to look for filenames named `nfcapd.hhmm`; the filenames
with hour and minute.
If -x is used with nfcapd, will nfsen still need to be modified or is there a
config bit we can set , instructing nfsen what filenames to look for?
Thanks,
--Chad
On Mar 30, 2010, at 12:53 AM, Manish Kumar wrote:
> Hi ckotil,
> If I get your problem, there is one way out. At the time of
> capturing itself you can rename your file like this.
>
> ./nfcapd -p port_no -t rotating_time -l location_of_files -I Binary_file_name
> -x 'mv file_location_dir/%f file_location_dir/%i'
>
> By this You will always have a single file in ur directory with the name of
> Binary_file_name, so that you don't have to use wild card while reading with
> nfdump -r, you can run the collector at the specified time only and stop it
> by controlling with a script.
>
> May be it work for you.
>
>
> On Mon, Mar 29, 2010 at 9:08 PM, ckotil <[email protected]> wrote:
> Hi,
> I would like to collect statistics on my netflow from multiple hosts ,
> spanning multiple days and a specific time. For example from host1 , host2,
> and host3, on 03/26/2010, 03/27/2010, and 03/28/2010 at 0800. The problem I
> am having is that nfdump seems unable to use a wildcard.
> Here is the command:
>
> [u...@netflow]$ nfdump -M
> /var/data/nfsen/profiles-data/live/cr-ul/2010/03/26:27:28 -R nfcapd.*0800
> 'inet6 and not dst ip fec0:0:0:ffff::1' -S
> WARNING: -S depricated! use -s record/packets/bytes instead. Option will get
> removed.
> stat() error
> '/var/data/nfsen/profiles-data/live/cr-ul/2010/03/26/nfcapd.*0800': File not
> found!
>
> I was able to wrap this command in a script, and by using the -R command I
> could make this work.
> Another solution I found was to hack the source code so that filenames were
> written to disk without year, month, and day; nfcapd.0800 for example. Then I
> could use the command above without a wildcard.
>
> Is there another way to do this without additional scripting or hacking up
> the source?
>
> Thanks,
>
> --Chad
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Nfsen-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
>
> --
> Thanks & Regards,
> Manish Kumar,
> Project Associate,
> Computer Networks & Internet Engineering Division,
> Centre for Development of Advanced Computing R&D,
> #68,Electronics City,
> Bangalore 560100,
> Karnataka, India
> Mobile:9886739073
> Ph: 080 28523300 Extn: 2511
> Email: [email protected]
> http://cens.cdac.in/
Chad E. Kotil
GRNOC Systems Engineer
812-855-5288
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
