I've upgraded to nfdump 1.6.1 and the syntax works fine, but without any result setting the "router ip" syntax with any router ip that I have.
Except for ex, If I ran "router ip 0.0.0.0", in this case I got results, like: ** nfdump -M /usr/local/nfsen/profiles-data/live/ROUTER -T -r 2012/03/07/nfcapd.201203071110 -o long -c 20 nfdump filter: router ip 0.0.0.0 Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes Flows 2012-03-07 11:39:52.980 0.000 TCP 172.20.31.42:62165 -> 172.20.110.31:445 .A.... 0 1 52 1 2012-03-07 11:39:53.116 0.000 TCP 172.20.110.146:1189 -> 172.20.254.131:443 .A.... 0 1 40 1 2012-03-07 11:39:53.432 0.000 UDP 172.20.110.34:138 -> 172.20.110.255:138 .A.... 0 1 233 1 2012-03-07 11:39:53.432 0.000 UDP 172.20.110.34:138 -> 172.20.110.255:138 .A.... 0 1 233 1 2012-03-07 11:39:54.636 12.064 TCP 10.10.7.24:1534 -> 10.10.3.5:12062 .AP.SF 104 6 351 1 2012-03-07 11:39:54.704 11.996 TCP 10.10.3.5:12062 -> 10.10.7.24:1534 .A..SF 104 5 268 1 2012-03-07 11:39:48.836 4.704 TCP 172.20.110.31:62975 -> 172.20.254.111:5723 .AP... 0 4 1800 1 2012-03-07 11:39:49.088 4.256 TCP 172.20.254.111:5723 -> 172.20.110.31:62975 .AP... 0 3 320 1 But If I ran the syntax "router ip <any_exporter_router_ip>", I got NO results: Mar 7 11:12:53 localhost nfcapd[23497]: Process_v5: New exporter: engine id 0, type 0, IP: 172.20.110.1, Sampling Mode: 0, Sampling Interval: 1 Ex. ** nfdump -M /usr/local/nfsen/profiles-data/live/ROUTER -T -r 2012/03/07/nfcapd.201203071110 -o long -c 20 nfdump filter: router ip 172.20.110.1 Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes Flows Summary: total flows: 0, total bytes: 0, total packets: 0, avg bps: 0, avg pps: 0, avg bpp: 0 Time window: 2038-01-19 01:14:07 - 1969-12-31 21:00:00 Total flows processed: 156224, Blocks skipped: 0, Bytes read: 8123760 Sys: 0.046s flows/second: 3324480.8 Wall: 0.040s flows/second: 3843148.8 Why I can't Match the syntax with any exporter router ? any suspect? Cheers Tiago 2012/3/7 Adrian Popa <[email protected]>: > I'm using > > [root@hail ~]# nfdump -V > nfdump: Version: 1.6.1 $LastChangedDate: 2010-03-05 07:50:35 +0100 (Fri, 05 > Mar 2010) $ > > > > On Wed, Mar 7, 2012 at 2:09 PM, Tiago Flôres <[email protected]> > wrote: >> >> Adrian, >> >> Please tell me which version of nfdump and nfsen are you referring to? >> >> Unfortunately because an incompatibility between latest nfsen/nfdump >> and latest rrdtool 1.4.x (in RHEL 5), I have to use nfsen 1.3.2 with >> nfdump 1.5.8 and older rrdtool 1.2.x :( >> >> I got "Filter error: line 1: syntax error at 'router'!", with simple >> syntax "router ip 172.0.0.1" >> >> This feature should have been implemented in newer versions. I'll >> think about another way to work around. >> >> Thank you anyway! >> >> Tiago >> >> >> >> 2012/3/7 Adrian Popa <[email protected]>: >> > Sure it is. >> > >> > man nfdump: >> > >> > Router IP >> > router ip <ipaddr> >> > Filter the flows according the IP address of the exporting >> > router. >> > >> > Also, you can export to different ports and have multiple entries in >> > nfsen >> > (each router exports to a different UDP port) and you won't need >> > filtering >> > by router ip. >> > >> > On Wed, Mar 7, 2012 at 1:20 PM, Tiago Flôres <[email protected]> >> > wrote: >> >> >> >> I am not aware of this "router ip" syntax. This is very useful expr >> >> but it doesn't exist in the manuals?!?! >> >> >> >> Thanks all of you for the answers! >> >> >> >> Cheers >> >> >> >> Tiago >> >> >> >> >> >> 2012/3/7 Adrian Popa <[email protected]>: >> >> > Also, you can edit your filters to take into account the exporter >> >> > router >> >> > ip >> >> > and input/output interface indexes when you count traffic for a >> >> > prefix. >> >> > Something like >> >> > >> >> > router ip ip_of_router1 and in if snmp_index_of_input_interface and >> >> > src >> >> > ip >> >> > 1.2.3.4 and dst net 5.6.7.0/24 >> >> > >> >> > >> >> > >> >> > On Tue, Mar 6, 2012 at 7:23 PM, Tiago Flôres >> >> > <[email protected]> >> >> > wrote: >> >> >> >> >> >> Dear colleagues >> >> >> >> >> >> I have eight routers exporting flow to one source (I am not sure if >> >> >> it >> >> >> is the best scenario) or should I have each router exporting flow to >> >> >> own source (router1 -> source1, router2 -> source2, ...). One of >> >> >> these >> >> >> routers is a mpls concentrator and the others seven are peers, like >> >> >> clients. The concentrator is where the servers are installed. The >> >> >> network traffic are mostly destinated to the main site (router1) >> >> >> which >> >> >> has 34Mbps mpls bandwidth. >> >> >> >> >> >> I am using DST NET and SRC NET to classify the traffic for down and >> >> >> upload directions. The thing is I've been getting discrepancies in >> >> >> traffic graphs. The main site where I've 34Mbps 'physically limited' >> >> >> is showing me up to 90 Mbps in nfsen graphs. >> >> >> >> >> >> Remembering that I have eight routers exporting to one source. In >> >> >> this >> >> >> among of flows I am trying to analyze and identify the traffic which >> >> >> goes to router1, but the traffic graphed is much more than the >> >> >> interface is able to support. >> >> >> >> >> >> The flows are from all interfaces of all routers? LAN and WAN? >> >> >> >> >> >> By default nfsen aggregates identical network traffic? Or could the >> >> >> flows are not been aggregated? >> >> >> >> >> >> I am guessing around .... the same traffic which ingress in router1 >> >> >> WAN is arriving in router1 LAN interface, what about it? >> >> >> >> >> >> Thanks in advance for any explanations >> >> >> >> >> >> >> >> >> Hugs >> >> >> >> >> >> Tiago >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> Keep Your Developer Skills Current with LearnDevNow! >> >> >> The most comprehensive online learning library for Microsoft >> >> >> developers >> >> >> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, >> >> >> MVC3, >> >> >> Metro Style Apps, more. Free future releases when you subscribe now! >> >> >> http://p.sf.net/sfu/learndevnow-d2d >> >> >> _______________________________________________ >> >> >> Nfsen-discuss mailing list >> >> >> [email protected] >> >> >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >> >> > >> >> > >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Virtualization & Cloud Management Using Capacity Planning >> >> Cloud computing makes use of virtualization - but cloud computing >> >> also focuses on allowing computing to be delivered as a service. >> >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> >> >> >> _______________________________________________ >> >> Nfsen-discuss mailing list >> >> [email protected] >> >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >> > >> > >> >> >> ------------------------------------------------------------------------------ >> Virtualization & Cloud Management Using Capacity Planning >> Cloud computing makes use of virtualization - but cloud computing >> also focuses on allowing computing to be delivered as a service. >> http://www.accelacomm.com/jaw/sfnl/114/51521223/ >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
