Hi,
I'm migrating from flow-tools to nfcap/nfdump and I have a few scripts I'm
trying to port over to use nfdump.
This is the flow-tools equivalent:
/var/netflow/bin/flow-cat ft-v05.2012-10-08* | /var/netflow/bin/flow-filter
-Sip_list -P25 -f/var/netflow/bin/flow.acl| /var/netflow/bin/flow-stat -f24 -S2
In flow.acl I have:
ip access-list standard ip_list permit 192.168.0.0 0.0.31.255
ip access-list standard ip_list permit 10.0.192.0 0.0.31.255
ip access-list standard ip_list deny any
So it only processes data about flows sourced from 192.168.0.0/19 and
10.0.192.0/19 on destination port 25 and is sorted by octets.
Then it outputs it like this:
# Source Prefix flows octets packets
#
192.168.0.0/28 657 852267 719
10.0.192.0/28 349 445912 386
I've tried converting this to nfdump like this:
nfdump -R /var/netflow/nc/nfcapd.20121008* -s srcnet 'src net 192.168.0.0/19 or
src net 10.0.192.0/19 and dst port 25'
but I don't think nfdump supports using * in file name and it doesn't appear
that you can use 'srcnet' as a statistic.
Can anyone provide me with a bit of guidance on this?
Thanks,
-Drew
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
