Hi Peter
May be you can add special label for converting from ifIndex to ifName for
inif and outif.
We can run a offline script that will build a table of
router,ifIndex,ifName and then use this information to add the label.
This way the filtering and understanding the output will be much easier.
Thanks
Nitzan
On Mon, Aug 20, 2012 at 8:06 PM, Peter Haag <ph...@users.sourceforge.net>wrote:
> Dear all,
> As I'm currently implementing some nfdump features, I could
> implement flow tags, an issue which I was asked every now
> and then.
>
> Please comment on the following ideas, if you are interested
> in this feature:
>
> Question: What do you prefer:
> 1. Each flow may be assigned a unique tag/label. The number of
> tags is limited to 16 or 32 bits. Least storage requirement.
> 2. Each flow may be assigned multiple tags/labels. The number of
> total tags is limited to 32 or 64. More storage, more flexible.
> Using as 32bit value could take either version.
>
> How many labels and what flexibility would you want? Which
> version would you prefer?
>
> o tags are numerical ids with an optional string labels. These
> string labels are stored along the flows in the nfdump file.
> o The nfdump filter language is extended, such that each valid
> nfdump filter expression can assign or filter a tag:
> set tag <nr>[(label)] if <expr> for example:
> # numerical assignment:
> set tag 10 if dst port 80
> # numerical and string assignment:
> set tag 20(http) if dst port 80
> o matching tags in the filter language:
> tag <nr>
> tag <label>
> o printing tags in output with %tag
> o instead of a new tag file, tag assignment can be specified in
> a standard nfdump filter file such as:
>
> # tags to be assigned:
> set tag 10(http) if ( src port 80 ) or
>
> # comment your tags/labels
> set tag 11(https) if ( dst port 443) or
> ...
>
> which can be given to nfdump as an argument -f <filter>
>
> Would the tagging system as described above match the
> requirements for those planing to use tags?
>
> Feedback is welcomed.
>
> - Peter
>
> --
> Be nice to your netflow data. Use NfSen and nfdump :)
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nfdump-discuss mailing list
> nfdump-disc...@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
