Yann Berthier wrote:
>you can check with nfcapd -E what's collected
The input/output fields are zero in the -E output.
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 expr
On Fri, 13 Jul 2007, at 12:59, Ralf Kleineisel wrote:
> The question is now: Does nfcapd not dump it or does nfdump not show it?
you can check with nfcapd -E what's collected
-
This SF.net email is sponsored by DB2 Expre
Werner Schram wrote:
> I suspect that it is netflow v9 related. We have a machine that runs two
> instances of nfsen 1.2.4, where one collects v5 data and the other
> collects v9 data from the same sources, and only the v5 data contains
> the interface information.
The flowd collected data are
Hi Ralf,
I suspect that it is netflow v9 related. We have a machine that runs two
instances of nfsen 1.2.4, where one collects v5 data and the other
collects v9 data from the same sources, and only the v5 data contains
the interface information.
Ralf Kleineisel wrote:
> I tried version nfdump-
Are the data fields "src net mask length" and "dst net mask length"
available in nfcapd files?
It would be great to be able to aggregate data according to "src net/src
mask len" and "dst net/dst mask len".
-
This SF.net email
Yann Berthier wrote:
>> When I use "fmt:%in;%out" the fields are always 0, though they should be
>> set.
>good news for you - it is:
>
> nfdump -r nfcapd.200707122350 -o "fmt:%in %out" | head -4
> Input Output
> 1 8
> 1 8
> 9 10
I tried version nfdump-snapshot
Yann Berthier wrote:
>> where can I find documentation which field in the "pipe" output format
>> is what?
>
>like, in the nfdump man page where it should be ?
OK, now I understand it. I didn't expect the IP to be split across 4
fields. With IPv4 traffic only I get lots of zeroes which conf
