Re: [Nfdump-discuss] custom CSV output format

Mon, 03 Oct 2011 03:39:46 -0700 

Hi Vincent,
nfdump has a fixed CSV format. However, this should be pretty easy to adapt. 
You will also find a perl stub, which reads
the format for further processing. This should make it possible to use it right 
away.

Regards

        - Peter


On 9/13/11 9:46, Vincent Magnin wrote:
> Dear list,
> Dear Peter,
> 
> Is it possible to use nfdump to display flows in a custom CSV format?
> 
> This feature exists with flow-tools:
> 
>> flow-cat /var/flow-tools/data/2011-09-12 |flow-export -f2 -m  
>> doctets,srcaddr,dstaddr,srcport,dstport,prot  
>> #:doctets,srcaddr,dstaddr,srcport,dstport,prot
>> 46,aaa.aaa.aaa.aaa,bbb.bbb.bbb.bb,80,19263,6
>> 99,aaa.aaa.a.aa,bbb.bb.bbb.b,5759,53,17
>> 149,aa.aa.a.aaa,bbb.bbb.bbb.bbb,3750,6257,17
>> ...
> 
> 
> ie.:
> 
>> ./bin/nfdump -R /var/nfdump/data/2011-09-12 -o  
>> "csv:%ibyt,%sa,%da,%sp,%dp,%pr"
>> ibyt,sa,da,sp,dp,pr
>> 46,aaa.aaa.aaa.aaa,bbb.bbb.bbb.bb,80,19263,TCP
>> 99,aaa.aaa.a.aa,bbb.bb.bbb.b,5759,53,UDP
>> 149,aa.aa.a.aaa,bbb.bbb.bbb.bbb,3750,6257,UDP
>> ...
> 
> This kind of output will be fine for our scripts, but, the actual  
> "user defined output format" (ie. -o "fmt:%ibyt,%sa,%da,%sp,%dp,%pr")  
> is hard to read by scripts.
> 
> Regards,
> 
> Vincent
> 
> 
> ------------------------------------------------------------------------------
> BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
> Learn about the latest advances in developing for the 
> BlackBerry® mobile platform with sessions, labs & more.
> See new tools and technologies. Register for BlackBerry® DevCon today!
> http://p.sf.net/sfu/rim-devcon-copy1 
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to