Hello,
I'm evaluating nfdump and nfsen -- many thanks to all
those that put in the work, these utilities look
amazing.
However, I have a problem for which I'm not sure there
is a good answer.
I'm monitoring a T1 line over which large files are
transferred.
I'm finding that the large transfer is included in
only one sample period (when the flow ends), therefore
I'm getting inaccurate results.
Here is an example:
Date flow start Duration Proto Src IP
Addr:Port Dst IP Addr:Port Packets Bytes
Flows
2007-08-07 05:41:11.184 1345.976 TCP
aaa.aaa.aaa.aaa:aaaaa -> bbb.bbb.bbb.bbb:bbbbb
149483 200.3 M 1
Note that the duration of this flow is 1345 seconds.
The sample size is the default 5 minutes (300
seconds).
Over the 1345 second duration, that comes out to
around 1.1 Mbps, which is accurate.
However, this entire flow shows up only in one 5
minute sample period, such that the nfsen graph shows
a spike of better than 5 Mbps for that sample (which
of course is impossible for a T1 line).
-----------------------------
The only solution I can think of is to change my
sample period to something much larger than 5 minutes.
I see an option to change the interval on nfcapd, but
I'd rather not do this.
Are there any other options?
Thanks,
Mark Embrich
____________________________________________________________________________________
Choose the right car based on your needs. Check out Yahoo! Autos new Car
Finder tool.
http://autos.yahoo.com/carfinder/
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
