Hi all. In nfsen, I have $SUBDIRLAYOUT = 1;, and so I have a directory structure that consists of <profile>/<source>/<year>/<month>/<day>/nfcapd.<timestamp>
I would like to get some netflow statistics that spans multiple days, so first of all I try this using the nfsen web interface, by selecting a time window and then running the Stat TopN function over it. The time window selected is 2007-04-21-15-05 to 2007-04-24-15-10 but what I see is that the result of the "process" only makes it to roughly 00:00 on 2007-04-21, no further: nfdump -R /opt/netflow/nfsen/profiles/./live/myrouter/2007/04/21/nfcapd.200704211505:nfcapd.200704241510 -n 10 -s dstport/packets Top 10 Dst Port ordered by packets: Date first seen Duration Proto Dst Port Flows Packets Bytes pps bps bpp 2007-04-21 15:04:48.819 32103.274 any 25 37326 39102 4.1 M 1 1067 109 2007-04-21 15:04:59.815 32081.786 any 53 3895 3977 284750 0 71 71 2007-04-21 17:20:26.063 23566.947 any 3102 17 224 304763 0 103 1360 2007-04-21 15:08:43.187 31285.996 any 113 150 153 6969 0 1 45 2007-04-21 15:36:10.204 27374.256 any 2378 13 149 209089 0 61 1403 2007-04-21 15:31:14.003 30067.599 any 2321 14 145 198457 0 52 1368 2007-04-21 15:19:01.806 26485.057 any 2444 10 143 197758 0 59 1382 2007-04-21 15:29:25.617 25955.168 any 1574 19 123 167863 0 51 1364 2007-04-21 15:17:21.832 30593.236 any 80 113 123 11232 0 2 91 2007-04-21 15:41:44.725 10058.798 any 49427 6 104 140648 0 111 1352 Summary: total flows: 131499, total bytes: 96.2 M, total packets: 152557, avg bps: 25100, avg pps: 4, avg bpp: 660 Time window: 2007-04-21 15:03:58 - 2007-04-21 23:59:57 Total flows processed: 2461470, skipped: 0, Bytes read: 127999008 Sys: 0.480s flows/second: 5127218.6 Wall: 8.955s flows/second: 274866.4 I want more than just that limited time window, so I try this using nfdump directly, and I think I need to use a -M / -R combination according to the man page: $ nfdump -M /opt/netflow/nfsen/profiles/./live/myrouter/2007/04/21:22:23:24 -R nfcapd.200704211505:nfcapd.200704241510 -n 10 -s dstport/packets Top 10 Dst Port ordered by packets: Date first seen Duration Proto Dst Port Flows Packets Bytes pps bps bpp 2007-04-21 15:04:00.499 259843.564 any 53 5.9 M 7.2 M 648.8 M 29 20946 89 2007-04-21 15:04:32.775 259810.220 any 123 4.4 M 4.6 M 345.8 M 18 11166 75 2007-04-21 15:04:08.707 259848.148 any 80 1.2 M 1.8 M 159.6 M 7 5152 86 2007-04-21 15:04:25.447 259819.592 any 22 238196 1.1 M 266.9 M 4 8617 240 2007-04-21 15:04:32.007 259810.712 any 2048 670209 706080 31.9 M 2 1030 47 2007-04-21 15:04:44.947 259808.244 any 25 427251 476236 107.1 M 1 3458 235 2007-04-21 15:04:22.339 259820.848 any 32768 343978 418339 40.9 M 1 1322 102 2007-04-21 15:04:44.311 259798.812 any 2816 206620 228431 14.3 M 0 462 65 2007-04-21 15:04:24.715 259807.524 any 873 8918 191816 11.6 M 0 374 63 2007-04-21 15:07:00.917 259201.426 any 5432 2746 186060 9.6 M 0 309 53 Summary: total flows: 22286340, total bytes: 9.9 G, total packets: 31.1 M, avg bps: 326373, avg pps: 125, avg bpp: 325 Time window: 2007-04-21 15:03:58 - 2007-04-24 15:14:58 Total flows processed: 22286340, skipped: 0, Bytes read: 1158912336 Sys: 5.536s flows/second: 4025618.6 Wall: 46.991s flows/second: 474265.1 The latter try works, so my guess is that nfsen is buggy in it's call to nfdump for when the directory layout is not flat. I am running version snapshot-20070208. Paul Vlaar -- [EMAIL PROTECTED] - ISC Operations - PGP 0x294EC062 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
