-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hash: SHA1
Hi Devon, - - --On May 10, 2007 12:04:39 PM -0400 Devon True <[EMAIL PROTECTED]> wrote: | All: | | Using nfdump-snapshot-20070312 I am unable to read the .current files | using the -r option. I searched the mailing list and found a thread, | <http://thread.gmane.org/gmane.network.nfsen.general/262/focus=5>, that | mentions a patch on the 20070110 snapshot, but I was unable to find it | on SourceForge or in the tar.gz file. | | nfdump does read the .DATE files fine. | | Any ideas? This is the intended behaviour. The .current file is open by the collector and changes dynamically, it grows. Therefore you may get unexpected results, in the event of a concurrent access. If you know, what you do, do may patch nffile.c: After line 391 in function OpenNewFile add: file_header->version = VERSION; and recompile nfdump. However, bear in mind, that all open files are now accessible by any other nfdump process. - Peter | | nfdump -V | nfdump: Version: snapshot-20070312 $LastChangedDate: 2007-03-13 08:36:17 | +0100 (Tue, 13 Mar 2007) $ | $Id: nfdump.c 88 2007-03-06 08:49:26Z peter $ | | nfdump -r nfcapd.current.16539 | Date flow start Duration Proto Src IP Addr:Port | Dst IP Addr:Port Packets Bytes Flows | Open file nfcapd.current.16539: bad version: 0 | | nfdump -r nfcapd.200705101115 -c 10 | Date flow start Duration Proto Src IP Addr:Port | Dst IP Addr:Port Packets Bytes Flows | 2007-05-10 11:25:06.782 42.660 TCP x.x.x.x:110 -> | y.y.y.y:1546 15 5602 1 | 2007-05-10 11:25:51.417 1.908 TCP x.x.x.x:110 -> | y.y.y.y:63638 2 2840 1 | 2007-05-10 11:25:46.506 6.819 TCP x.x.x.x:110 -> | y.y.y.y:63638 7 1070 1 | 2007-05-10 11:24:59.734 0.000 TCP x.x.x.x:80 -> | y.y.y.y:50913 1 48 1 | 2007-05-10 11:25:52.514 0.000 TCP x.x.x.x:25 -> | y.y.y.y:44257 1 89 1 | 2007-05-10 11:25:53.721 0.000 TCP x.x.x.x:110 -> | y.y.y.y:10812 1 1420 1 | 2007-05-10 11:24:56.537 52.562 TCP x.x.x.x:110 -> | y.y.y.y:10812 2 2834 1 | 2007-05-10 11:25:49.172 0.000 TCP x.x.x.x:110 -> y.y.y.y:3450 | 1 40 1 | 2007-05-10 11:25:14.468 23.266 TCP x.x.x.x:110 -> y.y.y.y:1178 | 4 5680 1 | 2007-05-10 11:25:14.468 27.373 TCP x.x.x.x:110 -> y.y.y.y:1178 | 11 5402 1 | Summary: total flows: 10, total bytes: 25025, total packets: 45, avg | bps: 3500, avg pps: 0, avg bpp: 556 | Time window: 2007-05-10 11:24:53 - 2007-05-10 11:27:53 | Total flows processed: 16149, skipped: 0, Bytes read: 839760 | Sys: 0.012s flows/second: 1345750.0 Wall: 0.010s flows/second: 1566799.3 | | -- | Devon | | ------------------------------------------------------------------------- | This SF.net email is sponsored by DB2 Express | Download DB2 Express C - the FREE version of DB2 express and take | control of your XML. No limits. Just data. Click to get it now. | http://sourceforge.net/powerbar/db2/ | _______________________________________________ | Nfdump-discuss mailing list | [email protected] | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iQCVAwUBRkNUGv5AbZRALNr/AQJPpgP/UCeMM7hNZIly+lzYOtvh0ItnnhHhpl6A 9Ctcm/Xoj+jienbRayfHhUeMBICs13vZfElufBDN/baVxZVs8hhrzr7LFADfLVC7 KPDuQ3bSQWZ5UM6tumMo3pkjIKnjiuD4ExuEQLwb+75eRFOnazYsECjweuS40TRj N87lSkrpTPk= =wRlU -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
