I'm using netflow data to for billing based on international vs
domestic bandwidth. As such I'm using a filter file with about 5k
networks. For testing I've been processing about 536k flows from a
27M flow file brought in from a pcap file. This represents about 5
minutes of capture.
This takes a little less than 1 second with no filter file. Here are
my questions:
Why does it take about 27 seconds to process when using a filter file
with only one network?
Why does it take about 27 seconds to process when using a filter file
with 5k networks?
Are lists supported for network filtering? I read about lists for
IP's but I get a syntax error when saying "net in [ x.x.x.x.x
x.x.x.x]"
Should nfdump be using only 1 core? I thought it was multi threaded
but perhaps I'm mistaken.
Any assistance would be much appreciated.
Thanks,
Greg
------------------------------------------------------------------------------
uberSVN's rich system and user administration capabilities and model
configuration take the hassle out of deploying and managing Subversion and
the tools developers use with it. Learn more about uberSVN and get a free
download at: http://p.sf.net/sfu/wandisco-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
