Hi Guys,
We often receive requests from EC's to provide traffic analysis when there
usuage is "abnormal"
Typically, with flow-tools it is analysis of a days flow data (24hours), and we
provide:
Total Octets
Top port usage
Top src/dst IP
With flow-tools, we create a specific acl to only provide analysis on an EC's
IP(could be a /32 or larger subnet)
Is the following the correct way to provide similar reports in nfdmp? (i.e. No
acl, all inclusions/exclusions are added in command line?)
nfdump -R /data/nfsen/profiles-data/live/ASR1006/2012/05/21/ 'dst net
10.1.1.0/24' -s dstip/bytes -s port/bytes -s record/bytes -n 20| more
Thanks in advance.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
