Hi
According to the documentation you can do it for all the fields
The only missing part is sorting
for example you can do it this way
nfdump -M /netflow/live/XXX:YYY -T -r 2012/07/29/17/nfcapd.201207291710 -a
-A dstip,srcas,dstport -f /etc/netflow/all-int-in.flt -c 5
Date flow start Duration Dst IP Addr Src AS Dst Pt Packets
Bytes bps Bpp Flows
2012-07-29 17:11:32.392 72.820 55.66.180.88 20940 8509 300
447600 49173 1492 2
2012-07-29 17:11:13.561 0.000 66.66.46.11 15169 50500 100
4000 0 40 1
2012-07-29 17:13:29.000 0.000 77.77.117.22 47764 3017 100
4000 0 40 1
2012-07-29 17:12:12.920 0.000 88.99.89.66 6799 58484 100
5800 0 58 1
2012-07-29 17:10:29.744 0.000 11.22.103.22 16509 2725 100
5200 0 52 1
Summary: total flows: 2139306, total bytes: 891.1 G, total packets: 956.1
M, avg bps: 1.7 M, avg pps: 222, avg bpp: 932
Time window: 2012-06-10 00:08:11 - 2012-07-29 17:14:58
Total flows processed: 5918932, Blocks skipped: 0, Bytes read: 449844249
Sys: 6.128s flows/second: 965823.0 Wall: 6.130s flows/second: 965421.1
Nitzan
On Mon, Jul 30, 2012 at 6:41 PM, Michael Hare <[email protected]>wrote:
> Nitzan-
>
> Can you share an example of how you are using aggregation by custom
> fields? I'd like to include ifl and ra in the aggregation key but
> according to docs and the CLI '-A' doesn't accept anything other
> IP/port. On a whim I tried adding 'proto' and saw that it worked so
> perhaps this is limited to tcpdump filter syntax?
>
> For now I've resorted to doing aggregation [much more slowly] in PERL,
> which is still a win for my application.
>
> -Michael
>
> On 7/29/2012 2:08 PM, Nitzan Tzelniker wrote:
> > /Hi Peter/
> > /
> > /
> > /Is it possible to add orderby (like -O) to aggregation (-A ) like you
> > have for topN (-s) ./
> > /Its great I can aggregate by custom fields but to understand
> > the result I must send it to DB or a script to sort it./
> > /In flow tools for example you have a report for top src-ip/dst-ip pairs
> > and other multiple field aggregations and you can sort it like you did
> > for one field aggregation./
> > /
> > /
> > /Thanks/
> > /
> > /
> > /Nitzan/
> >
> >
> >
> ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >
> >
> >
> > _______________________________________________
> > Nfdump-discuss mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> >
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
