Nitzan- Can you share an example of how you are using aggregation by custom fields? I'd like to include ifl and ra in the aggregation key but according to docs and the CLI '-A' doesn't accept anything other IP/port. On a whim I tried adding 'proto' and saw that it worked so perhaps this is limited to tcpdump filter syntax?
For now I've resorted to doing aggregation [much more slowly] in PERL, which is still a win for my application. -Michael On 7/29/2012 2:08 PM, Nitzan Tzelniker wrote: > /Hi Peter/ > / > / > /Is it possible to add orderby (like -O) to aggregation (-A ) like you > have for topN (-s) ./ > /Its great I can aggregate by custom fields but to understand > the result I must send it to DB or a script to sort it./ > /In flow tools for example you have a report for top src-ip/dst-ip pairs > and other multiple field aggregations and you can sort it like you did > for one field aggregation./ > / > / > /Thanks/ > / > / > /Nitzan/ > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Nfdump-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
