Hello Peter, Which version of nfdump are you using? In nfdump 1.5 the srcas and dstas aggregated fields are unknown :-(
Cheers, Chelo Peter Haag wrote: > Hi Maurizio, > > An AS-AS matrix can be created more easily as follows: > > ./nfdump -M <source_list> -R nfcapd.$tart_tslot:nfcapd.$end_tslot > -s record/bytes -A srcas,dstas -n 0 -o "fmt:%sas %das %byt" > > This generates you a list of all AS to AS relations, with a custom > output format. You may of course add any additional field in the > custom output format, you may need for your purpose. This output can > be easily parsed and used for further processing. > > Therefore a single run gives all required information, no need for > filtering either, and therefore no need for parallel filters, which > btw. is the way nfprofile handles multiple channels :) > > Hope this helps > > - Peter > > -------- Original Message -------- > From: Maurizio Molina <[EMAIL PROTECTED]> > To: nfsen-discuss ML <[email protected]> > Subject: [Nfsen-discuss] AS-AS traffic matric - backend plugin > Date: Tue Oct 24 2006 18:05:16 GMT+0200 (CEST) > > >Hi, > >I'm writing a backend plugin to obtain a daily AS-AS traffic matric in > >my network, with 38 ASs and 21 sources. > >The only way I found so far is to get the information with nfdump (1.5) > >running > > >#nfdump -M <source_list> -R nfcapd.$tart_tslot:nfcapd.$end_tslot -n 50 > >-s srcas/bytes -o long "src as $src_as and dst as $dst_as" > > >as many times as all the possible AS-AS pairs (38X38), and then parse > >the output. > >Note that I use -n 50 but I could vell have used -n 1 (because of the > >filtering, I always get that there is only one contributing src_as). > >The problem is that given the number of flows (roughly: 300 k flows per > >source and per hour, with each AS connected to one, or two, or three > >sources at most), the processing time is high. > >I probably won't be able to run the processing every day over all the > >past 24 hours, but I'll be forced to focus on a limited time slice. > >Questions: > >1) is there another easy way to do? > >2) if not, how difficult would it be (and what module should be > >modified) to let nfdump have prallel filters? The processing bottleneck > >is clearly the disk access bandwidth (the cpu stays at about 4-5%). > > >Regards, > >Maurizio > > > > >------------------------------------------------------------------------- > >Using Tomcat but need to do more? Need to support web services, security? > >Get stuff done quickly with pre-integrated technology to make your > job easier > >Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > >_______________________________________________ > >Nfsen-discuss mailing list > >[email protected] > >https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > > -- > _______ SWITCH - The Swiss Education and Research Network ______ > Peter Haag, Security Engineer, Member of SWITCH CERT > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 > SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland > E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/security ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
