Hi, I am exporting netflow data from OpenBSD 5.5 machine to another non-OpenBSD machine with nfsen installed, which is successfully receiving netflow data.
I have the following in pf.conf: set state-defaults pflow And the following in hostname.pflow0: flowsrc IP.ADD.RE.SS flowdst IP.ADD:RE.SS:PORT pflowproto 10 I would like to parse netflow data with nfdump, in a way that traffic is separated by interface and direction. The following command gives me interface numbers: nfdump -R <profiledir> -n 0 -s if/flows With the following output (modified in order to avoid line wraps): If Flows(%) Packets(%) Bytes(%) pps bps bpp 6 197277(49.9) 5.2 M(47.3) 2.8 G(48.0) 57 243030 532 4 195221(49.4) 5.2 M(47.3) 2.8 G(48.0) 57 242976 532 5 194677(49.2) 5.4 M(49.1) 2.9 G(50.0) 59 253025 534 7 192506(48.7) 5.4 M(49.0) 2.9 G(49.9) 59 252973 534 0 4217( 1.1) 14827( 0.1) 1.2 M( 0.0) 2 1428 81 11 3232( 0.8) 392170( 3.6) 118.0 M( 2.0) 4 10374 300 8 134( 0.0) 3817( 0.0) 1.2 M( 0.0) 0 818 320 Exporting machine has a bunch of interfaces: 3 physical: bnx0 bnx1 em0 2 tun (npppd and openvpn): tun0 tun1 2 carp: carp1 carp2 5 other: enc0 lo0 pflog0 pflow0 pfsync0 Is there a way to determine which interface is mapped to which if number in netflow? Thank you in advance, -- Marko Cupać
