Re: [Nfsen-discuss] flow-tools -> nfdump/nfsen

Mon, 21 May 2012 07:28:07 -0700 

On 5/17/12 10:57, John Elliot wrote:
> Hi Guys,
> 
> With nfdump " fmt: " is there an octets or bits (Doesnt look like it?) -  
> %byt I can deal with but it automatically
> converts the number to Mb...If I can dump as octets(And have no conversion to 
> Mb as our billing system does this), it
> would make the transition much simpler.

option -N prints plain numbers. You may also consider using -o csv output.

> 
> Also, I added a 10Mb limit under stats/Max size in nfsen- How often is this 
> checked(And "older" files deleted?)

Limits are checked every 5 min and expired accordingly. That's the case for 
NfSen together with nfdump.
For standalone nfcapd checks/expires at every defined interval (-t)

        - Peter
> 
> Cheers.
> 
> 
> 
> ------------------------------------------------------------------------------------------------------------------------
> Date: Wed, 16 May 2012 09:14:39 +0300
> Subject: Re: [Nfsen-discuss] flow-tools -> nfdump/nfsen
> From: adrian.popa...@gmail.com
> To: johnellio...@hotmail.com
> CC: nfsen-discuss@lists.sourceforge.net
> 
> Hello,
> 
> My answer is inline.
> 
> On Wed, May 16, 2012 at 8:17 AM, John Elliot <johnellio...@hotmail.com 
> <mailto:johnellio...@hotmail.com>> wrote:
> 
>     Hi,
> 
> 
>     We currently use a number of flow-tools servers, and are looking to 
> migrate to nfdump/nfsen due to lack of
>     development of flow-tools(It has served us well for 10years)
> 
> 
>     We predominantly use flow-tools for IP billing, and basic traffic 
> analysis.
> 
> 
>     With our current flow-tools deployments, we store 40Gb of historic flow 
> data (./flow-capture -w /netflow/oar/krc3.v5
>     -E40G ...), once the flow data reaches 40Gb in this dir the oldest data 
> is removed/deleted - Is this housekeeping
>     feature available in nfcapd?   (The 40G gives us ~1month of raw flow data 
> history if we need to perform traffic
>     analysis for a client)
> 
> Yes, nfsen can impose size or time limits on its profiles and expire older 
> data automatically. See the Stats tab in the
> web interface for size and expire settings.
> 
> 
>     We also run a cron job every morning just after midnight, that dumps the 
> previous 24 hours flow data into the
>     following file format:
> 
> 
>     # src IPaddr     dst IPaddr       flows                 octets            
>     packets
> 
> 
>     We then import this into sql/billing system
> 
> You can generate raw flow reports in the format desired by using nfdump with 
> the -o fmt parameter, similar to this:
> 
> [root@hail ~]# nfdump -M /data/nfsen/profiles/live/router -T  -r 
> nfcapd.201205152100 -c 20 -o "fmt:%sa%da%fl%byt%pkt"
>      Src IP Addr     Dst IP AddrFlows   Bytes Packets
>    79.131.xxx.xx  46.214.xxx.xxx    1  140000    2500
>   90.193.xxx.xx 193.164.xx.xxx    1   63000     500
> 
> Search nfdump's man page for "fmt:" to get all parameters.
> 
> 
> 
>     Can nfdump produce something "similar" to this?  (And is it possible to 
> have the flow data directory structure as
>     /YYYY/MM/DD/flow data in 5 or 10 min file?)
> 
> You can configure a directory structure for data when installing nfsen. Data 
> is kept in 5 minute files.
> 
> 
>     Thanks in advance.
> 
> 
>     
> ------------------------------------------------------------------------------
>     Live Security Virtual Conference
>     Exclusive live event will cover all the ways today's security and
>     threat landscape has changed and how IT managers can respond. Discussions
>     will include endpoint security, mobile security and the latest in malware
>     threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>     _______________________________________________
>     Nfsen-discuss mailing list
>     Nfsen-discuss@lists.sourceforge.net 
> <mailto:Nfsen-discuss@lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
> 
> 
> 
> 
> This body part will be downloaded on demand.
> 
> 
> 
> This body part will be downloaded on demand.

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to