Hi Amit,
As of now, there is no "real time" data link from the collector to
nfdump. There are plans to implement a data link to a monitor nfmon
which is a simplified nfdump version for processing the data.
However, as for the plans it will be most likely a buffered data link
which gets the same data as the file - which means flows are packet
in about 1MB chunks.
No - I have not yet a date for that, but could came in 1.6.4 or 1.6.5
- Peter
On 2/1/11 2:27, Amit Mhatre wrote:
> Hi,
> I am just reading up on the nfdump/nfcapd tools and they're quite awesome
> ...
>
> One question regarding the nfcapd - in one of my applications, we have a
> pretty heavy traffic flow and we'd like to have the netflow data in as much
> real-time as possible. With flow-tools, I could simply pipe the output of
> flow-receive into flow-print (to print the data into format my code might
> understand for further processing) - but I don't suppose I could do the same
> with nfcapd/nfdump? (since nfcapd must write the captured data into a binary
> file for nfdump to separately consume).
>
> The other option I was thinking was I use the -x option on nfcapd and have
> it invoke nfdump, so I can have nfdump running as soon as I have a new file
> available. In that context, how low can I go with the -t option? I am
> guessing 60 seconds is the lowest, since anything less than that still
> writes into a file that is generate for each minute.
>
> Could you please let me know what would be my best bet if I wanted to get as
> close to real-time processing (nfcapd -> nfdump -> myAnalyzer) using the
> NFDUMP tool?
>
> Thanks!
> - am
>
>
>
>
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
--
--
Be nice to your netflow data
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
