Ok So I think I have the syntax correct, but I'm not getting anything... I'm
running this command:
nfcapd -w -D -l /var/local/flows -p 9996 -B 128000 -R 10.5.1.15/9995
Correct me if I'm wrong here... but this command should:
Align the time
Run as a Daemon
Deposit flows in /var/local/flows
Listen on port 9996
Utilize a large buffer length
And RE-Direct flows received on port 9996 out to 10.5.1.15 on port 9995
I'm not seeing any traffic on the server where our Netflow analyzer is.
Nfdump -r /var/local/nfdump/flows/nfcapd.20091218033 -n 10
Gives me nothing but headers with no data...
-----Original Message-----
From: Peter Haag [mailto:[email protected]]
Sent: Friday, December 18, 2009 1:58 AM
To: Isherwood, Jeffrey - AES
Cc: '[email protected]'
Subject: Re: [Nfdump-discuss] Using NFDUMP as an aggregator...
o To capture multiple sources on the same port, use nfdump-1.6rc3 (latest 1.6
pre-release).
o Samplicator replicates a UDP stream. It has no idea about the format of the
data. You can even
configure samplicator to retain the original sender IP address. Therefor the
content of the
data is not touched.
>
> Will the server running nfcapd keep a copy of the Netflow data or does it
> forward and forget? I think (personal opinion) that if would be preferable
> if it held onto the data, if for simply no other reason than for verification
> and redundancy.
Nfcapd replicates the incoming UDP stream it receives to another host in
addition to collecting and processing the data.
This means switching on/off packet forwarding does not affect any other data
processinf tasks.
- Peter
This e-mail and any files transmitted with it may be proprietary and are
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify the sender.
Please note that any views or opinions presented in this e-mail are solely
those of the author and do not necessarily represent those of ITT Corporation.
The recipient should check this e-mail and any attachments for the presence of
viruses. ITT accepts no liability for any damage caused by any virus
transmitted by this e-mail.
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
