with carriadge-return/newline (DOS-style).
O.K. dos2unix helped me after understanding and analyzing
with
nfdump -Z -f file-on-nfsen
Would be helpful to find messages about incorrect filters
in the logs ...
Just my 2c if someone runs into a similar issue.
Best regards, Jens Hektor
--
Dipl
Matti Saarinen schrieb:
I'm wondering what's wrong with my continuous / shadow profile
configuration (or perhaps my NfSen configuration). I created a
continuous/shadow profile of the profile file. To the shadow profile I
defined two channels both of which have different filtes. Everything
else
option value='0' alert_plugin_mail_flows_top10/option
Small fix available?
Best regards, Jens Hektor
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.07, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
) {
$selected = $alert['action_plugin'] == $plugin ?
'selected' : '';
print option value='$i' $selected . $plugin .
/option\n;
+// JH
+ $i++;
}
}
?
Jens Hektor schrieb:
we are using nfsen 1.3
Kevin Cruse schrieb:
I am trying to add 3 new sources and im getting the following errrors:
when i update nfsen.conf and run ./install.pl etc/nfsen.conf -
Does not look like an ordinary installed nfsen ...
Add source 'nyccmertr1'Error while setting up channel 'nyccmertr1': Can't
create
had to switch back to the previous 1.3b rrdtool package
and locked rrdtool from being upgraded by yum.
We network people are totally dependend from rrdtool ;-)
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.07, Wendlingweg 10, 52074
Alex Moura schrieb:
Can anyone confirm if the nfcapd paramenter -R can be used more than
once in nfsen.conf, like the example below?
[...]
'netflow', 'optarg' = '-R 172.16.0.10/9842 http://172.16.0.10/9842 -R
192.168.0.20/9842 http://192.168.0.20/9842' },
Without having looked into the
Peter Haag schrieb:
May be implemented in future versions. This was just a try, to see if it makes
sense and people use it. Obviously they do ..
Oh yeah, this was the 1st feature that gathered the most attraction in our NOC.
It would be nice, if the queries could be sent for
my networks to
... with different views is something I really need with nfsen.
Is there a way I can do that?
I typically use firefox on a standard linux distro.
Should I give another browser a try for that job?
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing
the browser cache
should be separate between the instances.
I'll try that the next time I have such ;-)
I'll report the results here.
Maybe someone is faster ...
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.07, Wendlingweg 10, 52074
Solved:
recompile of nfdump with a
./configure --enable-nfprofile
did the job. I guess I forgot the --enable-nfprofile profile
option in my previous recompilation.
Jens Hektor schrieb:
The point that the directories for the non-shadow profiles
are not created hints me
that
could not be changed by the users so that they have a
limited view on some data (and only a view) and one
admin that could do all the stuff we are used to
do with nfsen, eg. create a profile and look into other's
profiles.
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center
Am 09.09.2010 08:40, schrieb Peter Haag:
I should improve that in NfSen 2.0. - I put it on the list.
Is there a timeplan for nfsen 2.0?
Or estimations of a release date?
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.07
' : '';
print option value='$i' $selected . $plugin .
/option\n;
+ $i++;
}
}
?
/select
/td
===
--
Dipl.-Phys. Jens Hektor, Kommunikation und Sicherheit
RWTH Aachen University
Netflow data is in /var/NetFlow
you did
./configure --enable-nfprofile --no-create --no-recursion
for building nfdump (see config.log)?
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.07, Wendlingweg 10, 52074 Aachen (Germany
Am 07.03.2011 13:10, schrieb imap:
But I could run a HTTP server if required.
That's exactly what is required.
smime.p7s
Description: S/MIME Cryptographic Signature
--
What You Don't Know About Data Connectivity CAN
;
---
Best regards, Jens Hektor
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.rz.rwth-aachen.de
-discuss
--
Dipl.-Phys. Jens Hektor, Kommunikation und Sicherheit
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.rz.rwth-aachen.de - hek...@rz.rwth-aachen.de
smime.p7s
a log period with similar dates for all flows).
Anyone who could give me hint to analyze the problem further
before I open a case @cisco?
Best regards, Jens Hektor
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 0/20, Suesterfeldstr. 65
Hi,
after the hint on nfdump 1.6.4 and upgrading my Alerts
in nfsen 1.3.5 seem to be broken.
All last last are now 0 and the avg values are going down?
What did I miss?
Best regards, Jens Hektor
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing
in nfsen.conf:
# number of nfprofile processes to spawn during the profiling phase
$PROFILERS = 3;
very well hidden in the documentation ;-)
This at least also uses the available CPUs and shares the load.
Hope this helps,
I yes, it does!
Thank you very much, Jens
--
Dipl.-Phys. Jens Hektor
services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen
.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.rz.rwth-aachen.de - hek...@rz.rwth-aachen.de
smime.p7s
Description: S/MIME Kryptografische
src net 192.168.1.0/24
and (dst net 68.30.13.0/20)
and (dst net ...
src net 192.168.1.0/24 and
(
dst net 68.30.13.0/20 or
dst net ...
)
And so on ...
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10
only -- learn more at:
http://p.sf.net/sfu/learnmore_122612
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen
/jquery-min.js, referer:
http://graph-2.rz.rwth-aachen.de/nfsen/nfsen.php?bookmark=NXwwfC4vbGl2ZXwtfC18LXwtfC18LXwtfC18LXwtfC0%3D
then it works much better ;-)
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10, 52074
)
are now swapped in this two-byte field.
So my graphs have now some interesting types ...
Question: feature of my cat 6500 or bug in nfdump?
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone
: a nexus 7000 with nextflow version 5 does not
give any codes or types as far as I see.
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http
.
Glasbowl says:
a) check Unix permissions of data
b) check paths to data
c) maybe you rrd files are somewhat broken ...
--
Dipl.-Phys. Jens Hektor, Netzbetrieb
RWTH Aachen University, Center for Computing and Communication
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax
= $NfConf::MAIL_TO;
return 1;
}
1;
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth
Am 28.08.2014 um 11:59 schrieb Juan Quintanilla:
We are running nfsen 1.3.6 and nfdump 1.6.6
[...]
Is there anything I am missing?
Maybe an update of nfdump? There is 1.6.12
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany
me.
Best regards, Jens Hektor
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de
smime.p7s
Description: S/MIME
f wait states (slow disk)
or some other CPU-hogs (searches, Webserver, ...)
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de - hek...@itc.rwth-aac
Am 03.11.2015 um 08:52 schrieb Shane Hanson:
> So currently it is not installed, is that ok or should it be installed and
> then disabled?
Use "getenforce" to find out the state of SElinux
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendl
"Dst IP Addr" and "X-Src IP Addr".
But NAT64 is really about that, I think.
Hence in my eyes: a bug.
Am 01.09.2015 um 11:52 schrieb Jens Hektor:
> Am 01.09.2015 um 11:35 schrieb Adrian Popa:
>> Try running your collector with the "-T all" option to capt
On 14.03.2016 08:53, Karim A. wrote:
> everything is ok but i can't make PortTracker plugin works :/
> here is my configuration :
Did you run in nfdump (!) the configure script with "--enable-nftrack" ?
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen Univ
,
but in nfsen (the webinterface) the effect is as
described above.
What did I do wrong?
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de - hek...@itc.rwth
Ah, found it.
date.timezone in php.ini
Am 07.07.2016 um 09:11 schrieb Jens Hektor:
> After a machine crash and restoring most of my templates
> I have the problem, that the selected time frame (and
> displayed one with t_start and t_end) differs from
> the data below, which seems t
, but not 136.0.0.0/5
and also not 128.0.0.0/4.
Do I do something wrong or is it a feature (aka bug)?
Best regards, Jens Hektor
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http
G.
So my flownumbers go up to 160kflows/s
and the system is just fast enough.
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de - hek...@itc.r
ollowing
>>> requirements:
>>>
>>> netflow version 9 gathered from cisco device.
>>> 15~25Gbps total traffic.
>>> 1 month of live profile historic to analize.
>>> AS information from bgp protocol.
--
Dipl.-Phys. Jens Hektor, Networks
IT Center,
8:20 AM, Leandro wrote:
>>>>> Hi guys, I would like your advice about dimensioning my netflow server.
>>>>> I had great expierence usingĀ nfsen + nfcap + nfdump on small traffic
>>>>> network.
>>>>> I m evaluating to take it to a bigge
othing to do with the "nfsen server interface".
The netflow traffic at the nfsen server is ~100 Mbit/s
at 30kp/s. I have some more sources reporting to it via netflow
other than the internet router I mentioned previously.
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
realized in private emails with peter
I guess it's the first.
I will switch for some time to "pmacctd" for the conversion
from SPAN to flow and report back.
Am 06.07.2018 um 12:32 schrieb Jens Hektor:
> I have here somewhat "buggy" graphs in my nfsen setup.
>
> Summary
observed this? Or @Peter: any idea?
Best regards, Jens
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de
smime.p7s
Des
Am 06.07.2018 um 13:19 schrieb Jens Hektor:
> I withdraw the below.
>
> My assumption is wrong, i made another profile
> where the sources are separated and the graph is still buggy.
>
> So next guess is interaction between "yaf" and "nfcapd"
> or &quo
elect "custom ..."
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22666
http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de
smime.p7s
Desc
Am 07.12.18 um 10:28 schrieb Borja Marcos:
>> Replaced my
>>
>> /usr/share/perl5/XSLoader.pm (version 0.16)
>>
>> with a newer one from CPAN (version 0.24)
>>
>> That seems to have fixed it.
It seemed. But it didn't. :-/
> I solved it by compiling Perl without threads support.
>
> I guess
Am 06.12.18 um 09:24 schrieb i...@maximka.de:
> Maybe "use threads;" in your bin/nfsend could solve the issue.
Sorry: no.
>> On 05 December 2018 at 20:08 Jens Hektor wrote:
>>
>>
>> Am 13.06.18 um 22:28 schrieb Bernhard Schmidt:
>>> Jun 13 09:
Am 13.06.18 um 22:28 schrieb Bernhard Schmidt:
> Jun 13 09:40:32 flowbert nfsen[21058]: PANIC nfsend dies: Can't locate
> object method "tid" via package "threads" at
> /usr/share/perl/5.24/XSLoader.pm line 114.
After upgrade to Centos 7.6 today I have the same issue.
Any solution?
smime.p7s
Hi,
I am just wondering how to use the "custom output format"
if I want to display the "nel" format for instance.
Any tipp for me?
Best regards, Jens
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (German
to deal with CVE-2017-7175
Anyone still happy with "Enter custom output format:"
under the list flow options?
Or have I screwed up something?
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax
is.pm" somewhere at the top?
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22666
http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de
smime.p7s
Description: S/MIME Cryptographic
.
Anyone an idea what's going wrong?
Best regards, Jens Hektor
--
Dipl.-Phys. Jens Hektor, Security Operations
RWTH Aachen University, IT Center RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de
Am 10.03.21 um 22:28 schrieb Jens Hektor:
> Anyone an idea what's going wrong?
Alright, from the "Home" Section of a profile
the "new profile" leads to the opened one,
from the "Details" section you get the empty form.
Not quite what I would have e
Am 09.08.21 um 21:18 schrieb Jens Hektor:
> Particularly I try to look at top talkers of these files,
> especially in the "inet6" domain:
>
> -rw-r--r--. 1 apache apache 3,5G 9. Aug 08:00
> /usr/local/nfsen/profiles-data/live/ixia-poc/2021/08/09/nfcapd.202108090755
>
Ooops, they did it again. ;-)
Unfortunately the old files "scrolled"
away due to disk space management.
But I got new ones and saved me a 2.4GB copy of one.
Will proceed as you wrote and report back.
Best regards, Jens
Am 18.08.21 um 10:16 schrieb Peter Haag:
> You can do:
>
> # Checkout
Hi,
I have here nfcapd files bigger than two gigabytes.
Looks like nfdump is not able to process them.
Am I right? Did I do something wrong?
Best regards, Jens
___
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
Am 09.08.21 um 15:41 schrieb Brian Candler:
>> I have here nfcapd files bigger than two gigabytes.
>>
>> Looks like nfdump is not able to process them.
>> Am I right?
>
> It is plausible, given that 2 GB = 2^31, so you may be hitting some 32-bit
> limitation somewhere.
The funny thing is that
Am 09.08.21 um 16:06 schrieb Jens Hektor:
> Maybe it is not 2GB related, I am looking into the IPv6 flows ...
Having switched to the cli nfdump I now believe
that nfdump does not performan as one is used
when it comes to *heavy* IPv6 flows.
Particularly I try to look at top talk
Am 10.08.21 um 15:55 schrieb Brian Candler:
> On 10/08/2021 14:30, nfsen-discuss-requ...@lists.sourceforge.net wrote:
>> Particularly I try to look at top talkers of these files, especially in the
>> "inet6" domain:
>> -rw-r--r--. 1 apache apache 3,5GĀ 9. Aug 08:00
>>
in the AUTHORS file.
Thanks und Gruss
- Peter
On 09.08.21 21:18, Jens Hektor wrote:
Am 09.08.21 um 16:06 schrieb Jens Hektor:
Maybe it is not 2GB related, I am looking into the IPv6 flows ...
Having switched to the cli nfdump I now believe
that nfdump does not performan as one is used
62 matches
Mail list logo