Hi,
does nfdump support the dumping of netflow records which contain the
input and output interfaces of the router? The docs are not clear on
this. man nfcapd says:
As of version 1.5 nfdump supports the following fields:
NF9_LAST_SWITCHED
NF9_FIRST_SWITCHED
NF9_IN_BYTES
NF9_IN_PACKETS
NF9_FLOWS
NF9_IN_PROTOCOL
NF9_SRC_TOS
NF9_TCP_FLAGS
NF9_IPV4_SRC_ADDR
NF9_IPV6_SRC_ADDR
NF9_IPV4_DST_ADDR
NF9_IPV6_DST_ADDR
NF9_L4_SRC_PORT
NF9_L4_DST_PORT
NF9_INPUT_SNMP
NF9_OUTPUT_SNMP
NF9_SRC_AS
NF9_DST_AS
On the other hand man nfdump says:
The output format fmt:<format> allows you to define your own output
format. A format description format consists of a single line
containing arbitrary strings and format specifier as described below
[...]
%in Input Interface num
%out Output Interface num
When I use "fmt:%in;%out" the fields are always 0, though they should be
set. I can see them when I dump the netflow with flowd.
This is a really vital feature, I hope it is supported.
Regards
Ralf
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
