-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jens,
- --On August 4, 2007 21:20:17 +0200 Jens Schulze <[EMAIL PROTECTED]> wrote: | Dear netflow users, | | is there anyone out there with experience regarding nfdump and v9 | flows from cisco routers? My boss recently found the Netflow v9 RFC | (found at http://tools.ietf.org/html/rfc3954), saw that it supports | VLAN information, and now wants to incorporate this information in our | traffic watch and accounting tool (which uses v5 at the moment). | Checking netflow_v9.c and netflow_v9.h with my limited knowledge of C | programming, it seems that the fields 58 and 59 aren't implemented | right now. So there arise two questions: | - How much work is it to implement this two fields? | - Are there any undocumented "Predefined element tags" to get access | on the implemented v9 data fields, beside the ones listed on the | documentation webpage? nfdump supported roughly any of those fields which CISCO supported in their IOS recently. New CISCO IOS releases are not capable in having more flexible v9 exports. As of nfdump, the v9 decoder will get extended during the next development cycle, starting next week. It should support almost all v9 fields currently possible. There is no quick way around this at the moment, as the current decoder ignores any unknown fields. Let me know, if you are willing to beta test extended v9. I'll let you know when it's ready to be tested. - Peter | | Thanks fopr any information, | Jens | | | ------------------------------------------------------------------------- | This SF.net email is sponsored by: Splunk Inc. | Still grepping through log files to find problems? Stop. | Now Search log events and configuration files using AJAX and a browser. | Download your FREE copy of Splunk now >> http://get.splunk.com/ | _______________________________________________ | Nfdump-discuss mailing list | [email protected] | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iQCVAwUBRrbX1P5AbZRALNr/AQIsMwP8DuAph/5JqnbDkEQ9NABA1qBaE6mNSO/+ 0M21lI8v24DBXTGXQgONWU8NaE9T7Rkpy4ctwyxxUGeVC8Dsu8GjKHEFOFI26ikf 0nGGIOgsViNH14vxGVzFgYT1nTtkyUr80a9AJ1vrVzc/NLSbp7zBFIRa08fimdD2 p4VaF8vrQjM= =lcYR -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
