I'm running one NFCPAD to capture all traffic coming in on port 9997
Utilizing nfcapd with the -S allows us to set sub directory structure based
upon date/time
nfcapd -z -w -D -l /netflows -S8 -p9997
The -S8 indicates a format of %Y-%m-%d/%H (year-month-day/hour)
I have 12 or more devices feeding into my nfcapd server on the same inbound
port and would like to break the stored feeds out by IP Address in addition to
year-month-day/hour like this:
/netflows/10.10.10.15/%Y-%m-%d/%H
/netflows/10.10.11.15/%Y-%m-%d/%H
/netflows/10.10.12.15/%Y-%m-%d/%H
/netflows/10.10.13.15/%Y-%m-%d/%H
/netflows/10.10.14.15/%Y-%m-%d/%H
/netflows/10.10.15.15/%Y-%m-%d/%H
I realize that with the -I flag I can set base and subdirectories initially,
but I would like it to be dynamic and allow new subdirectories (based upon IP)
to be created when a new feed comes in. Is this possible or do I need to
create some special or custom solution?
This e-mail and any files transmitted with it may be proprietary and are
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this e-mail in error please notify the sender.
Please note that any views or opinions presented in this e-mail are solely
those of the author and do not necessarily represent those of ITT Corporation.
The recipient should check this e-mail and any attachments for the presence of
viruses. ITT accepts no liability for any damage caused by any virus
transmitted by this e-mail.
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
