Hello,
My answer is inline.
On Wed, May 16, 2012 at 8:17 AM, John Elliot <johnellio...@hotmail.com>wrote:
> Hi,
>
>
> We currently use a number of flow-tools servers, and are looking to
> migrate to nfdump/nfsen due to lack of development of flow-tools(It has
> served us well for 10years)
>
>
> We predominantly use flow-tools for IP billing, and basic traffic analysis.
>
>
> With our current flow-tools deployments, we store 40Gb of historic flow
> data (./flow-capture -w /netflow/oar/krc3.v5 -E40G ...), once the flow data
> reaches 40Gb in this dir the oldest data is removed/deleted - Is this
> housekeeping feature available in nfcapd? (The 40G gives us ~1month of
> raw flow data history if we need to perform traffic analysis for a client)
>
> Yes, nfsen can impose size or time limits on its profiles and expire older
data automatically. See the Stats tab in the web interface for size and
expire settings.
>
> We also run a cron job every morning just after midnight, that dumps the
> previous 24 hours flow data into the following file format:
>
>
> # src IPaddr dst IPaddr flows octets
> packets
>
>
> We then import this into sql/billing system
>
> You can generate raw flow reports in the format desired by using nfdump
with the -o fmt parameter, similar to this:
[root@hail ~]# nfdump -M /data/nfsen/profiles/live/router -T -r
nfcapd.201205152100 -c 20 -o "fmt:%sa%da%fl%byt%pkt"
Src IP Addr Dst IP AddrFlows Bytes Packets
� 79.131.xxx.xx� 46.214.xxx.xxx 1 140000 2500
� 90.193.xxx.xx� 193.164.xx.xxx 1 63000 500
Search nfdump's man page for "fmt:" to get all parameters.
> Can nfdump produce something "similar" to this? (And is it possible to
> have the flow data directory structure as /YYYY/MM/DD/flow data in 5 or 10
> min file?)
>
> You can configure a directory structure for data when installing nfsen.
Data is kept in 5 minute files.
>
> Thanks in advance.
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nfsen-discuss mailing list
> Nfsen-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
