Re: [Nfdump-discuss] Compatibility of --enable-nsel

Wed, 24 Sep 2014 03:11:28 -0700 

Hi Brian,

On 22/09/14 11:04, Brian Candler wrote:
> I was wondering, is there any reason *not* to pass --enable-nsel in 
> latest nfdump, except for size of binary?

For the collector (nfcapd) it makes next to no difference. For nfdump it does,
in that it uses more memory while processing flows, even if non nsel flows are
processed, as some internal structs are pimped up with additional infos, which
remain 0. Furthermore, when enabling nsel, the default output format is extended
to print by default nsel records - however, this can be overwritten of course

> 
> In particular:
> 
> * Can nfdump --enable-nsel read files previously written by regular nfdump?

Sure! works as expected - except the output format as mentioned above.

> * Can regular nfdump read files written by nfdump --enable-nsel?

Sure! :) except it does not interpret and display nsel records - it skips those.

> * Can nfdump --enable-nsel still correctly decode Netflow V9 from normal 
> routers?

Yes - it does. the collector does its magic in order to decide what it is by
searching for the event type in v9. If found it enables the nsell extensions.

> 
> Thanks,

Basically all should up- resp. downwards, and sidewise ( with/without nsel )
as good as possible by displaying for what it was compiled and for what the
version is able to decode. Unknows are skipped.

        - Peter
> 
> Brian.
> 
> 
> ------------------------------------------------------------------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
> 

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to