I assume the difference is in your filter: 'dst net 10.1.1.0/24'
flows, which do not pass the filter are discarded. Both commands build an
internal flow cache.
The first one of all existing flows, where as the second command only those for
'dst net 10.1.1.0/24'
This may result in a huge
Thanks Peter
I assume the difference is in your filter: 'dst net 10.1.1.0/24'
flows, which do not pass the filter are discarded. Both commands build an
internal flow cache.
The first one of all existing flows, where as the second command only those
for 'dst net 10.1.1.0/24'
This may
Hi John,
The resulting file of your command is not compressed. Use -z in order to
compress the output.
To compress the existing file, run ./nfdump -j netflow_dump.20120606
This should considerably shrink the size.
Maybe I should make compression the default, as compatibility to those
Hi Guys,
Is it normal for the converted file (flow-tools - nfdump) to be a lot larger
that the original flow-tools file(s)
i.e.
Orginal flow-tools files (24hours):
/netflow/oar/krc3.v5/2012/2012-06/2012-06-06# du -mh939M.
Converted via:
flow-cat ft-v05.2012-06-06.* | ft2nfdump | nfdump
