Hi James I tried that ... It seams not to work, no output. I've tries with the ip where the flows come from and with the loopback ip of the router but no lock.
Also I have the problem as I found out why trying all different combinations
that it only analyses flows from rta and not rtb. Think I'm doing something
completely wrong.
Are my -M and -R definitions correct like that ? FROM and TO are times in
YYYYMMDDhhmm.
Regards
Matthias
On 06/09/12 18:53, James Deaton wrote:
> Use the "router ip" primitive.
>
> For instance:
>
> "(router ip x.x.x.x and in if 46) or (router ip y.y.y.y and in if 10)"
>
> On Sep 6, 2012, at 9:23 AM, Matthias Cramer wrote:
>
>> Hi All
>>
>> Is it possible to filter by flow source ?
>> For example I want to get all traffic from one interface 1 on router A and
>> all traffic on interface 5 on router B.
>>
>> Here is what I currently have:
>>
>> nfdump -M "/data/nfsen/profiles-data/live/rta:rtb/*/*/*/" \
>> -R nfcapd.${FROM}:nfcapd.${TO} \
>> -s record/bytes -A srcip -n ${TOPN} -o "fmt:%sa %byt" 'in if 46 or in if 10'
>>
>> Problem is, that these two interface ids are also used on the other router
>> ...
>>
>> Regards
>>
>> Matthias
>>
>> --
>> Matthias Cramer / mc322-ripe Senior Network & Security Engineer
>> iway AG Phone +41 43 500 1111
>> Badenerstrasse 569 Fax +41 44 271 3535
>> CH-8048 Zürich http://www.iway.ch/
>> GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats.
>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
>> Nfsen-discuss mailing list
>> Nfsen-discuss@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
--
Matthias Cramer / mc322-ripe Senior Network & Security Engineer
iway AG Phone +41 43 500 1111
Badenerstrasse 569 Fax +41 44 271 3535
CH-8048 Zürich http://www.iway.ch/
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
