Re: [Nfdump-discuss] Strange behaviour

Mon, 19 Nov 2007 01:33:31 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo Ralf,

- --On November 12, 2007 10:55:03 +0100 Ralf Kleineisel <[EMAIL PROTECTED]> 
wrote:

| Hi,
|
| I see a strange thing on one of our nfdump collectors:
|
| It is a NetFLow v5 stream being collected via nfcapd. The same router
| exports to a second machine which runs flow-tools.
|
| According to the flow-tools machine there are (in 24h) 72471006 flows,
| with 295 lost flows. Total octets is 153785371935.
|
| The nfdump box says it collected 72471301 flows and 153788096980 Bytes,
| which is pretty much the same. But it also says there were 87154
| sequence failures.
|
| What may be the reason for this big discrepancy?


I have no idea. I don't know in details, how flow-tools do handle sequence
failures, and how they get counted. According the numbers it seems to me
more reasonable to have 87k missing flows rather than only 295, with a total
of 74Mio flows.

    - Peter

|
|
| -------------------------------------------------------------------------
| This SF.net email is sponsored by: Splunk Inc.
| Still grepping through log files to find problems?  Stop.
| Now Search log events and configuration files using AJAX and a browser.
| Download your FREE copy of Splunk now >> http://get.splunk.com/
| _______________________________________________
| Nfdump-discuss mailing list
| [email protected]
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss



- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag,  Security Engineer,  Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA  FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box,  CH-8021   Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iQCVAwUBR0FYUf5AbZRALNr/AQKLtQP7BeN/EdoUz3VcoBrakJoUav+pztsnxs6t
+Lm47elyn0KAva5nuX6N9ubGdc6Cwhlq4L/JZBZNS4aI7Adt+tmpdKC8GIIZptiN
BOLKPxC0T+lesW0oDbZaNSAOVZj1XBg8BmGy/9jwSr06OgAtvc+n2xGRmFrUStjR
r6qGMaNO5N0=
=QFuZ
-----END PGP SIGNATURE-----


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to