Hallo Christian,
Be careful what you are looking for:
> root@flow:/# /usr/local/bin/nfdump -M /flowdata/live/Core1/2016/04/10/ -R .
> "host abc.def.200.4" -A dstip | grep abc.def
Your filter "host abc.def.200.4" get any flows with that IP - regardless src or
dst.
The aggregation -A dstip aggregates flows only on dst IPs. In the output you
see abc.def.200.4 which are the flows with
dst ip abc.def.200.4
and other IPs which have abc.def.200.4 as src IP.
Use "dst host abc.def.200.4" if you only want to see destination flows.
Gruss
- Peter
On 11.04.16 14:42, christian.fil...@tu-dortmund.de wrote:
> Hello!
> I found an interesting thing.
> When i search for the contacted ips “outside”, the search-ip appears in the
> results!
> Why? I cannot explain. Did I forget something?
>
> root@flow:/# /usr/local/bin/nfdump -M /flowdata/live/Core1/2016/04/10/ -R .
> "host abc.def.200.4" -A dstip | grep abc.def
> 2016-04-09 23:45:02.824 87113.208 abc.def.200.4 15.3 M 703.3 M
> 64583 46 943
> root@flow:/#
> root@flow:/# /usr/local/bin/nfdump -M /flowdata/live/Core1/2016/04/10/ -R .
> "host abc.def.211.58" -A dstip | grep abc.def
> 2016-04-09 23:54:20.676 86720.054 abc.def.211.58 6.8 M 391.7 M
> 36136 57 28360
>
> Is this relevant for flow/bytes-results? Are the values added to the summary?
> Thanks and Greetings,
> Christian
>
>
>
>
>
>
>
>
>
> Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist
> ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der für diese
> E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und
> vernichten Sie diese Mail. Vielen Dank.
> Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen
> ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher Schriftform
> (mit eigenhändiger Unterschrift) oder durch Übermittlung eines solchen
> Schriftstücks per Telefax erfolgen.
>
> Important note: The information included in this e-mail is confidential. It
> is solely intended for the recipient. If you are not the intended recipient
> of this e-mail please contact the sender and delete this message. Thank you.
> Without prejudice of e-mail correspondence, our statements are only legally
> binding when they are made in the conventional written form (with personal
> signature) or when such documents are sent by fax.
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications Manager
> Applications Manager provides deep performance insights into multiple tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/
> gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
--
Be nice to your netflow data. Use NfSen and nfdump :)
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
