Thanks Matej - it's fixed in upcoming 1.6.4.
- Peter
On 1/7/11 12:38 AM, Matej Gregr wrote:
> Hi Peter,
> if I uncompress a netflow file and try to verify it after that, I get
> a result where number of blocks and records are zeroed.
>
> Example:
>
> $ nfdump -v nfcapd.201106302000
> File : nfcapd.201106302000
> Version : 1 - compressed
> Blocks : 54
> Type 1 : 0
> Type 2 : 54
> Records : 822786
>
> $ nfdump -j nfcapd.201106302000
> Uncompress file ..
>
> $ nfdump -v nfcapd.201106302000
> File : nfcapd.201106302000
> Version : 1 - not compressed
> Blocks : 0
> Type 1 : 0
> Type 2 : 0
> Records : 0
>
> Affected version is 1.6.3p1. Version 1.6.1p1 works as expected.
>
> I have been digging into the source code and probably proper update of
> file header is missing in the CloseUpdateFile function.
>
> Patch solving the issue is attached. Hope you will find it useful.
>
> Regards,
>
> Matej
>
>
>
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security
> threats, fraudulent activity, and more. Splunk takes this data and makes
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
