We would like to add a new filter primitive to nfdump. Assume we have
a mapping
ipaddr -> org_id
which identifies the organizational unit to which the ipaddr is
allocated. Now, we would like to be able to do filtering and
aggregation based on this value. Note that this is not the same as
filtering on AS number.
Our basic idea is that we do not need to alter the on-disk format, but
we could generate this information on-the-fly upon reading the netflow
data. Naturally this would slow down the process considerably, unless
we have a very efficient lookup.
This idea can be generalized to any mapping from ipaddr -> function(ipaddr).
Has anyone considered doing something similar?
Any ideas on how to go about implementing this?
--
Vegard Vesterheim : Phone: +47 73 55 79 12
UNINETT : Mobile:+47 48 11 98 98
N-7465 Trondheim, NORWAY : Email: [EMAIL PROTECTED]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
