Our infrastructure requires that we run both ip flow ingress _and_ ip flow egress on several interfaces.
The result is that the netflow data received by nfcapd is containing redundant information and it basically tells us that we are having twice as much traffic than we really have. Is there a way to have some interfaces (multiple routers - one collector) removed before the data is written to file? I know you can do rules once the raw data is stored on the hard drive. However the bigger issue is that we are currently collecting about 800MB every 5 minutes, and removing redundant flows before it is being stored would reduce the raw data to 400MB or less and overall performance would also be slightly better. I am aware that sampling will dramatically reduce the flow size, but it does not solve the core issue imho. Any suggestions? -Andy ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
