in 1.6.6 .you may add %eng which identifies engine type/id. You'll need
to enable extension 14 see nfcapd(1). In combination, you may identify
what you are looking for?
- Peter
On 9/13/12 17:04, James A. T. Rice wrote:
> Hi Folks,
>
> When tracing back spoofed traffic on the network, the custom output field
> %in is useful to show the input interface index, however if using data
> from multiple netflow sources, it doesn't show which netflow source this
> index is related to, so a field to show that would be useful.
>
> Or am I missing something?
>
> Cheers
> James
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
--
Be nice to your netflow data
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
