-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Chelo,
- -------- Original Message --------
From: Chelo Malagon <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re:[Nfsen-discuss] AS-AS traffic matric - backend plugin
Date: Fri Oct 27 2006 13:13:21 GMT+0200 (CEST)
> Hello Peter,
> Which version of nfdump are you using? In nfdump 1.5 the srcas and dstas
> aggregated fields are unknown :-(
That's correct. You need at least a snapshot > 200606xx. If you want to use
this feature, upgrade to the latest available snapshot 20060809.
- Peter
>
> Cheers,
> Chelo
>
> Peter Haag wrote:
>
>> Hi Maurizio,
>>
>> An AS-AS matrix can be created more easily as follows:
>>
>> ./nfdump -M <source_list> -R nfcapd.$tart_tslot:nfcapd.$end_tslot
>> -s record/bytes -A srcas,dstas -n 0 -o "fmt:%sas %das %byt"
>>
>> This generates you a list of all AS to AS relations, with a custom
>> output format. You may of course add any additional field in the
>> custom output format, you may need for your purpose. This output can
>> be easily parsed and used for further processing.
>>
>> Therefore a single run gives all required information, no need for
>> filtering either, and therefore no need for parallel filters, which
>> btw. is the way nfprofile handles multiple channels :)
>>
>> Hope this helps
>>
>> - Peter
>>
>> -------- Original Message --------
>> From: Maurizio Molina <[EMAIL PROTECTED]>
>> To: nfsen-discuss ML <[email protected]>
>> Subject: [Nfsen-discuss] AS-AS traffic matric - backend plugin
>> Date: Tue Oct 24 2006 18:05:16 GMT+0200 (CEST)
>>
>>> Hi,
>>> I'm writing a backend plugin to obtain a daily AS-AS traffic matric in
>>> my network, with 38 ASs and 21 sources.
>>> The only way I found so far is to get the information with nfdump (1.5)
>>> running
>>> #nfdump -M <source_list> -R nfcapd.$tart_tslot:nfcapd.$end_tslot -n 50
>>> -s srcas/bytes -o long "src as $src_as and dst as $dst_as"
>>> as many times as all the possible AS-AS pairs (38X38), and then parse
>>> the output.
>>> Note that I use -n 50 but I could vell have used -n 1 (because of the
>>> filtering, I always get that there is only one contributing src_as).
>>> The problem is that given the number of flows (roughly: 300 k flows per
>>> source and per hour, with each AS connected to one, or two, or three
>>> sources at most), the processing time is high.
>>> I probably won't be able to run the processing every day over all the
>>> past 24 hours, but I'll be forced to focus on a limited time slice.
>>> Questions:
>>> 1) is there another easy way to do?
>>> 2) if not, how difficult would it be (and what module should be
>>> modified) to let nfdump have prallel filters? The processing bottleneck
>>> is clearly the disk access bandwidth (the cpu stays at about 4-5%).
>>> Regards,
>>> Maurizio
>>
>>
>>> -------------------------------------------------------------------------
>>> Using Tomcat but need to do more? Need to support web services, security?
>>> Get stuff done quickly with pre-integrated technology to make your
>> job easier
>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>> Geronimo
>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>>> _______________________________________________
>>> Nfsen-discuss mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>
>> --
>> _______ SWITCH - The Swiss Education and Research Network ______
>> Peter Haag, Security Engineer, Member of SWITCH CERT
>> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
>> SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
>> E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/security
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Nfsen-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Nfsen-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
iQCVAwUBRUWvEP5AbZRALNr/AQLV2gP+K52KaH9ZonS8nGrLUEVGa0ZqNG7yWaoN
sJZp51GlI7DIKcQSJG28wTEoaCMtKzsqbPiM5ogXkK1MyY/KH0iF28eYncvLp+5o
NlxQtHRJi3NdLoBiUbemeNjHnO3gIBcjFoUe90LRADq04C7S6KaqCQt53h7LkhqX
32JqSPbs9Fw=
=1wMu
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
