Re: [Nfsen-discuss] flow-tools -> nfdump/nfsen

Thu, 17 May 2012 01:59:08 -0700 

Hi Guys,
With nfdump "
fmt: " is there an octets or bits (Doesnt look like it?) - 
%byt I can deal with but it automatically converts the number to Mb...If I can 
dump as octets(And have no conversion to Mb as our billing system does this), 
it would make the transition much simpler.
Also, I added a 10Mb limit under stats/Max size in nfsen- How often is this 
checked(And "older" files deleted?)
Cheers.


Date: Wed, 16 May 2012 09:14:39 +0300
Subject: Re: [Nfsen-discuss] flow-tools -> nfdump/nfsen
From: adrian.popa...@gmail.com
To: johnellio...@hotmail.com
CC: nfsen-discuss@lists.sourceforge.net

Hello,

My answer is inline.

On Wed, May 16, 2012 at 8:17 AM, John Elliot <johnellio...@hotmail.com> wrote:






Hi,

We currently use a number of flow-tools servers, and are looking to migrate to 
nfdump/nfsen due to lack of development of flow-tools(It has served us well for 
10years)


We predominantly use flow-tools for IP billing, and basic traffic analysis.

With our current flow-tools deployments, we store 40Gb of historic flow data 
(./flow-capture -w /netflow/oar/krc3.v5 -E40G ...), once the flow data reaches 
40Gb in this dir the oldest data is removed/deleted - Is this housekeeping 
feature available in nfcapd?   (The 40G gives us ~1month of raw flow data 
history if we need to perform traffic analysis for a client)

Yes, nfsen can impose size or time limits on its profiles and expire older data 
automatically. See the Stats tab in the web interface for size and expire 
settings. 


We also run a cron job every morning just after midnight, that dumps the 
previous 24 hours flow data into the following file format:


# src IPaddr     dst IPaddr       flows                 octets                
packets

We then import this into sql/billing system
You can generate raw flow reports in the format desired by using nfdump with 
the -o fmt parameter, similar to this:


[root@hail ~]# nfdump -M /data/nfsen/profiles/live/router -T  -r 
nfcapd.201205152100 -c 20 -o "fmt:%sa%da%fl%byt%pkt"
     Src IP Addr     Dst IP AddrFlows   Bytes Packets
   79.131.xxx.xx  46.214.xxx.xxx    1  140000    2500

  90.193.xxx.xx 193.164.xx.xxx    1   63000     500

Search nfdump's man page for "fmt:" to get all parameters.




Can nfdump produce something "similar" to this?  (And is it possible to have 
the flow data directory structure as /YYYY/MM/DD/flow data in 5 or 10 min file?)

You can configure a directory structure for data when installing nfsen. Data is 
kept in 5 minute files. 


Thanks in advance.
                                          

------------------------------------------------------------------------------

Live Security Virtual Conference

Exclusive live event will cover all the ways today's security and

threat landscape has changed and how IT managers can respond. Discussions

will include endpoint security, mobile security and the latest in malware

threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________

Nfsen-discuss mailing list

Nfsen-discuss@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/nfsen-discuss



                                          
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to