On Thu, May 19, 2011 at 5:56 AM, Peter Haag <[email protected]>wrote:
>
> Thanks for the suggestion. I'm not sure, if I understand you correctly.
> By getting the IFs via SNMP - agains what would you like to map them?
>
Oh by mapping I just mean to obtain the ifName and ifAlias and output them
with nfdump (and then nfsen). I used the word mapping because its more of a
representation of the facts since it came from snmp and not the netflow
itself.
Example:
POS1/3
or:
CABLE & WIRELESS (private peer at NYC2)
Also the output of nfdump doesn't indicate which router an Input If or
Output If belongs to.
Example:
* nfdump -M
/opt/nfsen/profiles-data/live/core1-pao1:core2-sea2:core1-sea2:core1-sea1:core1-chi1:core1-iad1:core2-dca3:core1-dca3:core2-dca2:core1-dca2
-T -r 2011/05/19/nfcapd.201105190320 -n 10 -s inif/flows
nfdump filter:
host XXX.XXX.40.18
Top 10 Input If ordered by flows:
Date first seen Duration Proto Input If Flows(%)
Packets(%) Bytes(%) pps bps bpp
2011-05-19 03:20:41.590 276.347 any 6
17(22.1) 37000(22.3) 1.6 M( 1.4) 133 45044 42
2011-05-19 03:20:26.482 278.578 any 127
15(19.5) 24000(14.5) 1.0 M( 0.9) 86 29061 42
2011-05-19 03:20:55.942 271.923 any 10
12(15.6) 28000(16.9) 40.4 M(35.3) 102 1.2 M 1442
2011-05-19 03:20:51.958 274.483 any 13
10(13.0) 21000(12.7) 28.9 M(25.3) 76 843330 1377
2011-05-19 03:20:28.793 295.363 any 9
9(11.7) 15000( 9.0) 694000( 0.6) 50 18797 46
2011-05-18 20:25:59.465 183.078 any 30 6(
7.8) 10000( 6.0) 919000( 0.8) 54 40157 91
2011-05-18 20:25:10.205 120.124 any 5 3(
3.9) 25000(15.1) 37.5 M(32.7) 208 2.5 M 1500
2011-05-19 03:20:31.985 136.536 any 53 2(
2.6) 3000( 1.8) 3.3 M( 2.9) 21 192418 1094
2011-05-19 03:22:54.354 112.349 any 107 2(
2.6) 2000( 1.2) 224000( 0.2) 17 15950 112
2011-05-19 03:20:57.813 0.000 any 19 1(
1.3) 1000( 0.6) 46000( 0.0) 0 0 46
Summary: total flows: 77, total bytes: 114.6 M, total packets: 166000,
avg bps: 36341, avg pps: 6, avg bpp: 690
Time window: 2011-05-18 20:25:10 - 2011-05-19 03:25:27
Total flows processed: 358089, Blocks skipped: 0, Bytes read: 18621404
Sys: 0.020s flows/second: 17055105.7 Wall: 0.017s flows/second: 20241309.1
The Input If in the example output above could say something like
"core1-sea2:CORE1.SEA1
via ONF-STTL-WGE-11" instead of just 127.
--
Landon Stewart <[email protected]>
SuperbHosting.Net by Superb Internet Corp.
Toll Free (US/Canada): 888-354-6128 x 4199
Direct: 206-438-5879
Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
------------------------------------------------------------------------------
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its
next-generation tools to help Windows* and Linux* C/C++ and Fortran
developers boost performance applications - including clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
