-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/4/10 8:47 PM, ckotil wrote:
> I am using -x to rename the files to nfcapd.hhmm. Nfsen looks for files named
> nfcapd.YYYYMMDDhhmm. I think that's why Nfsen is no longer populating the
> RRDs, cannot process netflow via the webinterface, and nfexpire isn't purging
> the old flows..
> If I remove the optional argument to move the flows, everything starts
> working again.
>
This _does_ work. As already mentioned, NfSen has no clue about this additional
argument. Expiring the profile is fully
independant from optarg.
> --Chad
>
>
> On Apr 6, 2010, at 4:23 AM, Peter Haag wrote:
>
>
>
> On 4/2/10 22:06, ckotil wrote:
>>>> I was able to rename the nfcapd files by using a perl script.
>>>>
>>>> 'optarg' => '-x "perl /usr/local/bin/nfcapd-rewrite.pl %d/%f %d %f'"},
There is btw a mistake with quotes:
'optarg' => "-x 'perl /usr/local/bin/nfcapd-rewrite.pl %d/%f %d %f'"}
- Peter
>>>>
>>>> However, This makes Nfsen sad. Nfsen loses track of the files. The rrd
>>>> graphs have holes in them. Nfexpire does not purge flows, and the Nfsen
>>>> frontend is unable to process stats on the flows.
>
> There is no reason, why NfSen shouldn't like this additional -x. It's
> executed in the additional nfcapd/launcher
> process, which NfSen has no knowledge about it's existance anyway.
> So there must be another reason for that. What do the logfiles say??
>
> - Peter
>
>>>>
>>>> It looks like we need a better way to rename nfcapd files. Feature request?
>>>>
>>>> Thanks,
>>>>
>>>> --Chad
>>>>
>>>>
>>>>
>>>> On Apr 1, 2010, at 2:02 PM, ckotil wrote:
>>>>
>>>>> As long as NfSen can find the renamed nfcapd files, then that will be OK.
>>>>> However, So far I am unable to get optarg -x to move the nfcapd file from
>>>>> nfcapd.YYYYmmddhhmm to nfcapd.hhmm. It seems to be a problem with the -x
>>>>> variables; %d %f. Whenever you try to combine any -x variable such as %d
>>>>> or %f with any string, they stop working.
>>>>>
>>>>> None of the examples below work.
>>>>> 'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type'
>>>>> => 'netflow', 'optarg' => '-t 5 -x "mv -f %d/%f %d/nfcapd.new"' },
>>>>> The next two examples , are how i envision renaming the nfcapd files.
>>>>> Stripping out YYYYmmdd from the filename and replacing it with hhmm:
>>>>> 'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type'
>>>>> => 'netflow', 'optarg' => '-t 5 -x "perl -e \"my ($suf) = $ARGV[0] =~
>>>>> m/(....)$/; `mv %d/$ARGV[0] nfcapd.$suf`;\" %f"' },
>>>>> 'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type'
>>>>> => 'netflow', 'optarg' => '-t 5 -x "suf=`expr substr %f 16 4`;mv -f %d/%f
>>>>> %d/nfcapd.$suf"' },
>>>>>
>>>>>
>>>>>
>>>>> The examples below actually work. But as soon as I combine the use of a
>>>>> -x variable, such as %d. They no longer work, as seen above.
>>>>> 'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type'
>>>>> => 'netflow', 'optarg' => '-t 5 -x "mv -f %d/%f /tmp/testflow"'
>>>>> 'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type'
>>>>> => 'netflow', 'optarg' => '-t 5 -x "mv -f %d/%f
>>>>> /var/data/nfsen/profiles-data/live/cr-ul/2010/04/01/nfcapd.new"' },
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> --Chad
>>>>>
>>>>>
>>>>>
>>>>> On Apr 1, 2010, at 1:41 AM, Peter Haag wrote:
>>>>>
>>>>
>>>>
>>>> On 3/30/10 15:11, ckotil wrote:
>>>>>>>> That's exactly what I am trying to do.
>>>>>>>> I did consider using the -x parameter after reading through the man
>>>>>>>> page for nfdump, but I wasn't exactly sure how to use it.
>>>>>>>> One problem I had with hacking up the source is that the nfsen
>>>>>>>> frontend then needed to be modified to look for filenames named
>>>>>>>> `nfcapd.hhmm`; the filenames with hour and minute.
>>>>>>>>
>>>>>>>> If -x is used with nfcapd, will nfsen still need to be modified or is
>>>>>>>> there a config bit we can set , instructing nfsen what filenames to
>>>>>>>> look for?
>>>>
>>>> No - you can use the 'optarg' argument in the %sources definition.
>>>> 'optarg' => '-x whatever ...'
>>>>
>>>> - Peter
>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>>
>>>>>>>> --Chad
>>>>>>>>
>>>>>>>> On Mar 30, 2010, at 12:53 AM, Manish Kumar wrote:
>>>>>>>>
>>>>>>>>> Hi ckotil,
>>>>>>>>> If I get your problem, there is one way out. At the time
>>>>>>>>> of capturing itself you can rename your file like this.
>>>>>>>>>
>>>>>>>>> ./nfcapd -p port_no -t rotating_time -l location_of_files -I
>>>>>>>>> Binary_file_name -x 'mv file_location_dir/%f file_location_dir/%i'
>>>>>>>>>
>>>>>>>>> By this You will always have a single file in ur directory with the
>>>>>>>>> name of Binary_file_name, so that you don't have to use wild card
>>>>>>>>> while reading with nfdump -r, you can run the collector at the
>>>>>>>>> specified time only and stop it by controlling with a script.
>>>>>>>>>
>>>>>>>>> May be it work for you.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Mar 29, 2010 at 9:08 PM, ckotil <[email protected]> wrote:
>>>>>>>>> Hi,
>>>>>>>>> I would like to collect statistics on my netflow from multiple hosts
>>>>>>>>> , spanning multiple days and a specific time. For example from host1
>>>>>>>>> , host2, and host3, on 03/26/2010, 03/27/2010, and 03/28/2010 at
>>>>>>>>> 0800. The problem I am having is that nfdump seems unable to use a
>>>>>>>>> wildcard.
>>>>>>>>> Here is the command:
>>>>>>>>>
>>>>>>>>> [u...@netflow]$ nfdump -M
>>>>>>>>> /var/data/nfsen/profiles-data/live/cr-ul/2010/03/26:27:28 -R
>>>>>>>>> nfcapd.*0800 'inet6 and not dst ip fec0:0:0:ffff::1' -S
>>>>>>>>> WARNING: -S depricated! use -s record/packets/bytes instead. Option
>>>>>>>>> will get removed.
>>>>>>>>> stat() error
>>>>>>>>> '/var/data/nfsen/profiles-data/live/cr-ul/2010/03/26/nfcapd.*0800':
>>>>>>>>> File not found!
>>>>>>>>>
>>>>>>>>> I was able to wrap this command in a script, and by using the -R
>>>>>>>>> command I could make this work.
>>>>>>>>> Another solution I found was to hack the source code so that
>>>>>>>>> filenames were written to disk without year, month, and day;
>>>>>>>>> nfcapd.0800 for example. Then I could use the command above without a
>>>>>>>>> wildcard.
>>>>>>>>>
>>>>>>>>> Is there another way to do this without additional scripting or
>>>>>>>>> hacking up the source?
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>>
>>>>>>>>> --Chad
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>> Download Intel® Parallel Studio Eval
>>>>>>>>> Try the new software tools for yourself. Speed compiling, find bugs
>>>>>>>>> proactively, and fine-tune applications for parallel performance.
>>>>>>>>> See why Intel Parallel Studio got high marks during beta.
>>>>>>>>> http://p.sf.net/sfu/intel-sw-dev
>>>>>>>>> _______________________________________________
>>>>>>>>> Nfsen-discuss mailing list
>>>>>>>>> [email protected]
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Thanks & Regards,
>>>>>>>>> Manish Kumar,
>>>>>>>>> Project Associate,
>>>>>>>>> Computer Networks & Internet Engineering Division,
>>>>>>>>> Centre for Development of Advanced Computing R&D,
>>>>>>>>> #68,Electronics City,
>>>>>>>>> Bangalore 560100,
>>>>>>>>> Karnataka, India
>>>>>>>>> Mobile:9886739073
>>>>>>>>> Ph: 080 28523300 Extn: 2511
>>>>>>>>> Email: [email protected]
>>>>>>>>> http://cens.cdac.in/
>>>>>>>>
>>>>>>>> Chad E. Kotil
>>>>>>>> GRNOC Systems Engineer
>>>>>>>> 812-855-5288
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> Download Intel® Parallel Studio Eval
>>>>>>>> Try the new software tools for yourself. Speed compiling, find bugs
>>>>>>>> proactively, and fine-tune applications for parallel performance.
>>>>>>>> See why Intel Parallel Studio got high marks during beta.
>>>>>>>> http://p.sf.net/sfu/intel-sw-dev
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Nfsen-discuss mailing list
>>>>>>>> [email protected]
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>>
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Download Intel® Parallel Studio Eval
>>>>> Try the new software tools for yourself. Speed compiling, find bugs
>>>>> proactively, and fine-tune applications for parallel performance.
>>>>> See why Intel Parallel Studio got high marks during beta.
>>>>> http://p.sf.net/sfu/intel-sw-dev
>>>>> _______________________________________________
>>>>> Nfsen-discuss mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBS7y4o/5AbZRALNr/AQLiSgP+OKB8ugLlFu8iQRUrXOXM9wzgRVsYpYnM
LkkgGqgXPpQEp/A3vFKrmhzYilsWaRcuYAZyUqeQL4Bv12beaA9qQsvlkj7o91no
pPP7X/hGVVDhsj4arlDUERZ7KSUIaSHAoxjwJ0f7xxIDt7AXXWbMVIRgBvfo7CfO
EDVaApOUfi8=
=pJcO
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
