Hi Peter, I've written a custom flow_record_to_csv function which output exactly what I need. It was pretty easy as the source code is well documented.
Regards, Vincent Peter Haag <[email protected]> a écrit : > Hi Vincent, > nfdump has a fixed CSV format. However, this should be pretty easy > to adapt. You will also find a perl stub, which reads > the format for further processing. This should make it possible to > use it right away. > > Regards > > - Peter > > > On 9/13/11 9:46, Vincent Magnin wrote: >> Dear list, >> Dear Peter, >> >> Is it possible to use nfdump to display flows in a custom CSV format? >> >> This feature exists with flow-tools: >> >>> flow-cat /var/flow-tools/data/2011-09-12 |flow-export -f2 -m >>> doctets,srcaddr,dstaddr,srcport,dstport,prot >>> #:doctets,srcaddr,dstaddr,srcport,dstport,prot >>> 46,aaa.aaa.aaa.aaa,bbb.bbb.bbb.bb,80,19263,6 >>> 99,aaa.aaa.a.aa,bbb.bb.bbb.b,5759,53,17 >>> 149,aa.aa.a.aaa,bbb.bbb.bbb.bbb,3750,6257,17 >>> ... >> >> >> ie.: >> >>> ./bin/nfdump -R /var/nfdump/data/2011-09-12 -o >>> "csv:%ibyt,%sa,%da,%sp,%dp,%pr" >>> ibyt,sa,da,sp,dp,pr >>> 46,aaa.aaa.aaa.aaa,bbb.bbb.bbb.bb,80,19263,TCP >>> 99,aaa.aaa.a.aa,bbb.bb.bbb.b,5759,53,UDP >>> 149,aa.aa.a.aaa,bbb.bbb.bbb.bbb,3750,6257,UDP >>> ... >> >> This kind of output will be fine for our scripts, but, the actual >> "user defined output format" (ie. -o "fmt:%ibyt,%sa,%da,%sp,%dp,%pr") >> is hard to read by scripts. >> >> Regards, >> >> Vincent ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
