Hi, Greetings!
Thanks for a great tool. In recent versions of nfcapd, I read about the "-n" option through which multiple-netflow source streams can be captured by a single instance of nfcapd. However, I have been running my tests/analysis of netflow from 3 different netflow routers pointing to a single instance of nfcapd without the "-n" option. For example:- Currently, I am running nfcapd like this: nfcapd -b 164.99.87.47 -T +13 -w -B 102400000 -l /flow_base_dir/router1 -p 9999 and using the following nfdump command/options, I am post processing the results: nfdump -r /flow_base_dir/router1/nfcapd.201210081340 -o "fmt:%ra %ts %td %pr %sap -> %dap %flg %tos %pkt %byt %fl" -s router and get: Top 10 Router IP ordered by flows: Date first seen Duration Proto Router IP Flows(%) Packets(%) Bytes(%) pps bps bpp 2012-07-03 22:24:44.368 8321360.751 any 164.99.87.223 3500(42.2) 186070(42.7) 5.2 M(42.0) 0 5 28 2012-07-04 07:45:50.457 8289479.403 any 164.99.87.220 2720(32.8) 145925(33.5) 4.2 M(33.6) 0 4 28 2012-07-05 09:15:01.152 8190071.749 any 164.99.87.222 2070(25.0) 104218(23.9) 3.1 M(24.5) 0 2 29 (grouped by router) So, was wondering whether using "-n" option in the nfcapd would get me a different report than this? And/or whether the way that I am collecting netflow data from the three routers is correct? Thanks in advance, V. Varadhan. ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
