I want to first state that I enjoy the great flexibility and ease that nfdump and nfsen provide -- it's proving to be a very valuable tool in a number of areas. Coming from flow-tools, I like some of the immediate answers that can be found without having to write complex filters and report specifications.
However, I do find that I occasionally miss some of the functionality of the reports and hope that someone on the list might have suggestions on how I might achieve the same ends by different means. For instance, within flow-tools, I could "tag" flow data that matches filter definitions and then in turn report aggregated statistics based on those tags. Say, all traffic from a handful of source addresses and subnets and particular src ports get one tag…another different sets of source addresses and source ports get different tag. I could then see the ratio of traffic from the 2 tags as well as the completely non-tagged traffic and make various decisions based on that. My current thinking to get similar results is by doing some levels of aggregation and filtering within nfdump but do the bulk of the reporting in a completely unrelated tool that may have scaling issues. Anyone dealt with something similar and have any recommendations? Thanks, -James ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
