So it seems that this was quite an easy issue to fix: ! flow monitor-map fmm record ipv4 exporter fem !
That snippet will export srcas/dstas. Now then. I'm having an issue with sample rate. I have my sample-map set to 1 out of 1000: ! sampler-map sm random 1 out-of 1000 ! However my flows seem to be coming in unsampled: [root@monitor01 etc]# /usr/local/bin/nfdump -R /opt/nfsen/profiles-data/live/bfr01-front/2013/01/02/nfcapd.201301022010 -c 1 -o raw Flow Record: Flags = 0x06 Unsampled export sysid = 1 size = 92 first = 1357175370 [2013-01-02 20:09:30] last = 1357175389 [2013-01-02 20:09:49] msec_first = 558 msec_last = 930 src addr = 142.176.76.154 dst addr = 209.222.50.106 src port = 3860 dst port = 49960 fwd status = 64 tcp flags = 0x00 ...... proto = 17 (src)tos = 0 (in)packets = 6 (in)bytes = 8592 input = 17 output = 15 src as = 855 dst as = 14387 src mask = 23 142.176.76.0/23 dst mask = 20 209.222.48.0/20 dst tos = 0 direction = 0 bgp next hop = 72.15.50.104 ip router = 10.219.49.2 engine type = 0 engine ID = 0 received at = 1357175405769 [2013-01-02 20:10:05.769] Summary: total flows: 1, total bytes: 8592, total packets: 6, avg bps: 3548, avg pps: 0, avg bpp: 1432 Time window: 2013-01-02 19:51:47 - 2013-01-02 20:14:40 Total flows processed: 11396, Blocks skipped: 0, Bytes read: 1048556 Sys: 0.004s flows/second: 2280112.0 Wall: 0.004s flows/second: 2405234.3 [root@monitor01 etc]# I guess that means Cisco XR isn't exporting sample rate in one of the normal templates (from nfcapd(1): "tags #34, #35 or #48, #49, #50"). Do I use -s 1000? nfcapd is being called from nfsen and I can't find an option in nfsen.conf to set -s. Is there a way or do I have to not call nfcapd from nfsen and rather run the commands nfsen would otherwise run, manually? On 2012-12-27, at 10:44 AM, Jason Lixfeld <jason-nfsen-disc...@lixfeld.ca> wrote: > > On 2012-12-27, at 10:32 AM, Jason Lixfeld <jason-nfsen-disc...@lixfeld.ca> > wrote: > >> I suppose for the latter I can custom compile per the man page, but I don't >> know what to do about the -s bits. > > I may have to eat crow - I think I can only custom compile entire format > lines, not format tags themselves. Back to square one, perhaps? > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. ON SALE this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122712 > _______________________________________________ > Nfsen-discuss mailing list > Nfsen-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712 _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
