-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Sara,
- -------- Original Message -------- From: Sara Bury <[EMAIL PROTECTED]> To: [email protected] Subject: Re:[Nfsen-discuss] Problems importing old data into nfsen Date: Mon Dec 11 2006 12:53:36 GMT+0100 (CET) > Hello again, > > Since I last posted I have been given access to the NetFlow archive > from Maurizio in the format created by NFdump, correctly named and in > 5 minute sections rather than the 15 minute ones from Flowtools. > Sadly when using ft2nfdump. it does not create 5 minute chunks, > merely recreates the 15 minute long files in a format which NFdump > can read. As the name implies, ft2nfdump simply converts the file formats from flow tools to nfdump. There is no further processing, such as splitting into more files. > > Now using the new data I am able to add the old data to NFsen no > problems, the RRD database is correctly created and graphs displayed. > If I add multiple sources as I start NFsen for the first time, I can > have multiple sources on one instance of NFsen, but if I try to add a > new source later on it does not draw onto the graphs. I think this is > due to the version of NFsen that the Holt-Winters modifications are > built on and I can work around this, so everything seems okay for me > now. Adding/deleting netflow sources is only supported in nfsen-snapshots and not in stable 1.2.4. If yoou use the HW patched version, Gabor maybe could help you here. Regards - Peter > > Thanks for your help, > > Sara > > On 6 Dec 2006, at 14:59, Maurizio Molina wrote: > >> Peter Haag wrote: >> >>> Does this happen also with an unmodified ( e.g. no HW patched ) >>> nfsen? >>> I assume, the rebuild the the RRDs was not done correctly. >> Hi Peter, >> can the 5 vs. 15 minutes issue Sara mentions be the cause of troubles? >> I'm asking because the data she mentions are actually coming from us, >> and I've given them in flow-tools format (files split in 15 minutes). >> Then, as she mentions, she used ft2ndump to transform them in nfdump >> format, but I don't know if this can produce files nicely split in 5 >> mins as nfsen expects... >> Thanks, >> Maurizio >> >>> - Peter >>> >>> -------- Original Message -------- >>> From: Sara Bury <[EMAIL PROTECTED]> >>> To: [email protected] >>> Subject: [Nfsen-discuss] Problems importing old data into nfsen >>> Date: Mon Dec 04 2006 18:35:27 GMT+0100 (CET) >>> >>>> Hello all, >>>> I'm having some trouble importing old data into nfsen and I wondered >>>> if you might be able to give me any suggestions as to where I'm >>>> going >>>> wrong. >>>> I'm having to use the version of nfsen which was modified by Gabor >>>> Kiss to use the Holt Winters prediction information from rrdtool, so >>>> I am unable to upgrade easily. I have been given a lot of data in >>>> flowtools archive format, which I have been using ft2ndump to >>>> convert >>>> into nfdump format and I have altered the file names such that they >>>> match the default output needed for nfsen. >>>> First of all I was trying to add each lot of data as a new source in >>>> my running version of nfsen, but I understand that with the version >>>> Gabor used there are some issues with adding new sources. >>>> To get around that I have been creating a new instance of nfsen, >>>> importing the old data and rebuilding the profile to add the data >>>> before starting nfsen up. I have found that when I ask for the >>>> status >>>> of my profile, it has picked up the correct start and end dates for >>>> the flows, and it appears to load properly, but when I come to look >>>> at the graphs all I can see is one small spike for one particular >>>> moment in time during the two week timeframe the data covers. When >>>> using the details tab to check what is going on, the statistics show >>>> as much as 441.2 flows /s, and using the netflow processing >>>> section I >>>> can see all the flows for that time period as viewed using 'nfdump - >>>> r', but the graphs show no data at all. >>>> After having read some mailing list posts, I am wondering if the >>>> problem is that the archived data I have is in 15 minute chunks >>>> rather than 5, and that this is causing nfsen issues in creating an >>>> updated rrd-database to allow data from before its initial creation >>>> date, would that make any sense? Or can anyone see anything else >>>> glaringly wrong with what I've been doing? >>>> Any advice anyone could give would be *greatly* appreciated. >>>> Sara >>>> -------------------------------------------------------------------- >>>> ----- >>>> Take Surveys. Earn Cash. Influence the Future of IT >>>> Join SourceForge.net's Techsay panel and you'll get the chance to >>> share your >>>> opinions on IT & business topics through brief surveys - and earn >>>> cash >>>> http://www.techsay.com/default.php? >>>> page=join.php&p=sourceforge&CID=DEVDEV >>>> _______________________________________________ >>>> Nfsen-discuss mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >>> >>> -- >>> _______ SWITCH - The Swiss Education and Research Network ______ >>> Peter Haag, Security Engineer, Member of SWITCH CERT >>> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 >>> SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland >>> E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/security >> >> ---------------------------------------------------------------------- >> --- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >> >> >> >> ---------------------------------------------------------------------- >> --- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to >> share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php? >> page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Nfsen-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/security -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iQCVAwUBRX/RN/5AbZRALNr/AQKZOgQAhJdtMgBdaUXcyd8fgQJA7Ka18jG1M3rv 4/H3RSgxR03yeUvhWiebSrd7e6Ss2EpAEYS6+0WuH94/Y2yg4P07MsHj71sU/uK6 zmzZH6xVjtwj96qDM7Y0ixJaIOxojMbzBthlKbfj1B0Gm9YvmyylhaIBWV1diisC CNLnFj1xeBE= =rwwZ -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
