-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --On February 26, 2007 10:39:47 +0000 Colin Whittaker <[EMAIL PROTECTED]>
wrote:
| Actually I have just noticed a problem.
| nfdump is only using the second source specified by -R
| I tried using -M in case that would be better but it did not work either,
again
| only the second source is processed.
|
| nfdump -M profiles/live/source1/2007/02/25/:source2/2007/02/25/ -R . -s
| record/bytes -n 50 -A srcas -o "fmt:%sas %byt" "in if 17 or in if 12 or in
if 2"
The correct command line would be:
nfdump -M profiles/live/source1:source2 -R . -s
record/bytes -n 50 -A srcas -o "fmt:%sas %byt" "in if 17 or in if 12 or in
if 2"
This gets all your files in all directories. The subdir hierarchy is traversed
automatically.
- Peter
|
| Is this expected behaviour?
|
| Colin
|
| Colin Whittaker wrote:
| > I have two sources of netflow data each with multiple interfaces
| > generating netflow data.
| > I want to use a filter to identify which interfaces contain interesting
| > traffic. In this case interface 17 and 12 for source1 and interface 2
| > for source2. At the minute the interface numbers are not overlapping and
| > so one filter rule works.
| > But as I increase the number of sources I expect this not to work any
| > more so I want to be able to identify the source in the filter if possible.
| >
| > currently running snapshot-20060809
| >
| > nfdump -R profiles/live/source1/2007/02/25/ -R
| > profiles/live/source2/2007/02/25/ -s record/bytes -n 50 -A srcas -o
| > "fmt:%sas %byt" "in if 17 or in if 12 or in if 2"
| >
| > Colin
|
|
| --
| Colin Whittaker +353 (0)86 836 4509
| http://www.magnet.ie [EMAIL PROTECTED]
|
| -------------------------------------------------------------------------
| Take Surveys. Earn Cash. Influence the Future of IT
| Join SourceForge.net's Techsay panel and you'll get the chance to share your
| opinions on IT & business topics through brief surveys-and earn cash
| http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
| _______________________________________________
| Nfdump-discuss mailing list
| [email protected]
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBReLZu/5AbZRALNr/AQIeiAQApHca9L8s1p+JYWKNmSwn+xTLw0BotE/S
uohGYGtsni6fODu2bDQGwOwE3YHAJret1aCmwoKWv91kOrGSyKdQw+u8GHl7cUd7
Ywt+DDy7T2euHE9PYtguXEJIb5bqjNqNi2R9knO6u/ZWb5AhYtDHA8ucnHK/x0aR
s3YtVWooztc=
=NP/j
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
