-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I decided to strip down the feature list for next stable nfdump
release 1.6 and put the stripped parts into upcoming sub releases.
This allows to get sooner a next stable version of nfdump.
I have now released a next snapshot nfdump-1.6b-snapshot=20090619
for testing. There shouldn't be many changes until 1.6 stable.
However, I would like users to test the new snapshot and please send
me feedback about potential bugs you found.
Feel also free to send me feature request and other ideas, which can go
into next releases.
The two existing 1.5.x branches on Sourceforge for packeteer and
CISCO NSEL will get merged into 1.6.1.
If you need to read flow files from nfdump-1.5.x do not forget to
run configure with --enable-compat15
What changed and whats new: ( to be read from bottom to top )
o Flow-tools converter updated - supports more common elements.
o Sflow collector updated. Supports more common elements.
o Add sampling to nfdump. Sampling is automatically recognised
in undocumented v5 header fields and in v9 option templates.
see nfcapd.1(1)
o Add @include option for filter to include more filter files.
o Add flexible aggregation comparable to Flexible Netflow (FNF)
over all available v9 tags
o All new tags can be selected in -o fmt:... see nfdump(1)
o topN stat for all new tags is implemented
o Integrate developer code to read from pcap files into stable branch
o Update filter syntax for new tags
o Add flexible storage option for nfcapd. To save disk space, the
data extensions to be stored in the data file are user selectable.
o Added more v9 tags for netflow v9.
The detailed tags are listed in nfcapd(1) Beside of MAC addresses
and VLAN labels, also MPLS labels and many more v9 tags are now
supported. AS numbers and interface numbers are now 32bit clean.
Adding new tags also extended the binary file format with
data block type 2, which is extension based. File format
for version <= 1.5.* ( Data block format type 1 ) is read
transparently. ( --enable-compat15 ) Data block type 2 are skipped
by nfdump 1.5.7.
o Added option for multiple netflow stream to same port.
-n <Ident,IP,base_directory>
Example: -n router1,192.168.100.1,/var/nfdump/router1
So multiple -n options may be given at the command line
Old style syntax still works for compatibility, ( -I .. -l ... )
but then only one source is supported.
o Move to automake for building nfdump
o Make nfdump fully 64bit compliant. ( 32/64bit data alignments and access )
Compiles and runs cleanly on 32/64bit systems
o Switch scaling factor ( k, M, G ) from 1024 to 1000.
Ths snapshot can be used as a drop in replacement for nfdump-1.5.8
and can be used together with NfSen. However, not all new feature can
be used as NfSen does not yet support them.
Feedback is appreciated
Happy playing!
- Peter
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [email protected] Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBSjuJLP5AbZRALNr/AQLBvQP+PgPFKJUDGubQ+Y016J1jy/f1jsV0lWpy
FuMHm7LsfemDudlWR8oCbypbz+FErNbYtiOrdlqlncOV+vaBVt04lGdqwSjRE9HI
nVg6SF9/RA1rii/b9Azb6JPtjfpqQGyuXHcK6EhjxF3pc+s9hS128PtcQrT7C1Js
kwvJ3E7tl/U=
=a6ZJ
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
