Hello again, Since I last posted I have been given access to the NetFlow archive from Maurizio in the format created by NFdump, correctly named and in 5 minute sections rather than the 15 minute ones from Flowtools. Sadly when using ft2nfdump. it does not create 5 minute chunks, merely recreates the 15 minute long files in a format which NFdump can read.
Now using the new data I am able to add the old data to NFsen no problems, the RRD database is correctly created and graphs displayed. If I add multiple sources as I start NFsen for the first time, I can have multiple sources on one instance of NFsen, but if I try to add a new source later on it does not draw onto the graphs. I think this is due to the version of NFsen that the Holt-Winters modifications are built on and I can work around this, so everything seems okay for me now. Thanks for your help, Sara On 6 Dec 2006, at 14:59, Maurizio Molina wrote: > Peter Haag wrote: > >> Does this happen also with an unmodified ( e.g. no HW patched ) >> nfsen? >> I assume, the rebuild the the RRDs was not done correctly. > > Hi Peter, > can the 5 vs. 15 minutes issue Sara mentions be the cause of troubles? > I'm asking because the data she mentions are actually coming from us, > and I've given them in flow-tools format (files split in 15 minutes). > Then, as she mentions, she used ft2ndump to transform them in nfdump > format, but I don't know if this can produce files nicely split in 5 > mins as nfsen expects... > Thanks, > Maurizio > >> >> - Peter >> >> -------- Original Message -------- >> From: Sara Bury <[EMAIL PROTECTED]> >> To: [email protected] >> Subject: [Nfsen-discuss] Problems importing old data into nfsen >> Date: Mon Dec 04 2006 18:35:27 GMT+0100 (CET) >> >>> Hello all, >> >>> I'm having some trouble importing old data into nfsen and I wondered >>> if you might be able to give me any suggestions as to where I'm >>> going >>> wrong. >> >>> I'm having to use the version of nfsen which was modified by Gabor >>> Kiss to use the Holt Winters prediction information from rrdtool, so >>> I am unable to upgrade easily. I have been given a lot of data in >>> flowtools archive format, which I have been using ft2ndump to >>> convert >>> into nfdump format and I have altered the file names such that they >>> match the default output needed for nfsen. >> >>> First of all I was trying to add each lot of data as a new source in >>> my running version of nfsen, but I understand that with the version >>> Gabor used there are some issues with adding new sources. >>> To get around that I have been creating a new instance of nfsen, >>> importing the old data and rebuilding the profile to add the data >>> before starting nfsen up. I have found that when I ask for the >>> status >>> of my profile, it has picked up the correct start and end dates for >>> the flows, and it appears to load properly, but when I come to look >>> at the graphs all I can see is one small spike for one particular >>> moment in time during the two week timeframe the data covers. When >>> using the details tab to check what is going on, the statistics show >>> as much as 441.2 flows /s, and using the netflow processing >>> section I >>> can see all the flows for that time period as viewed using 'nfdump - >>> r', but the graphs show no data at all. >> >>> After having read some mailing list posts, I am wondering if the >>> problem is that the archived data I have is in 15 minute chunks >>> rather than 5, and that this is causing nfsen issues in creating an >>> updated rrd-database to allow data from before its initial creation >>> date, would that make any sense? Or can anyone see anything else >>> glaringly wrong with what I've been doing? >> >>> Any advice anyone could give would be *greatly* appreciated. >> >>> Sara >> >>> -------------------------------------------------------------------- >>> ----- >>> Take Surveys. Earn Cash. Influence the Future of IT >>> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >>> opinions on IT & business topics through brief surveys - and earn >>> cash >>> http://www.techsay.com/default.php? >>> page=join.php&p=sourceforge&CID=DEVDEV >>> _______________________________________________ >>> Nfsen-discuss mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >> >> >> -- >> _______ SWITCH - The Swiss Education and Research Network ______ >> Peter Haag, Security Engineer, Member of SWITCH CERT >> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 >> SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland >> E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/security > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Nfsen-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > > > ---------------------------------------------------------------------- > --- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to > share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php? > page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Nfsen-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
