----- Original Message ----- From: "Peter Haag" <[email protected]> To: "Phil Carter" <[email protected]> Cc: <[email protected]> Sent: Thursday, March 11, 2010 1:39 AM Subject: Re: [Nfsen-discuss] nfsen ingress egress
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Phil, > > Phil Carter wrote: >> Hi nfsen-discuss, >> I'm a long time user of nfsen, PortTracker, etc. Guys, thanks so much for >> producing such a quality tool! >> > > Thank you! Nice to hear! > >> I'm monitoring a single Cisco router with multiple interfaces going to >> different Internet providers. Nfsen collects all of the data and puts >> everything on one graph - both ingress and egress traffic. If I only >> wanted >> to view egress traffic (especially with PortTracker), it would be pretty >> difficult for me to just look at the graph and figure it out. Is there a >> way >> to break out the different traffic (such as inbound, outbound, and >> combined) into nfsen? > > As Sven pointed out, create a profile,, using separate channels. Filter > each > channel according to the interface for example 'in i x' or 'out if y' with > x and y as the appropriate interface numbers, which are identical numbers > given in SNMP queries. > > For PortTracker its a bit trickier: PortTracker just processes a single > channel, which is 'any' for the live profile. If you feel comfortable with > Perl, you may modify ProtTracker.pm in the plugins directory. You can add > any nfdump style filter to nftrack to limit the flows being processed. > In PortTracker.pm you will find the function 'sub run' which gets executed > periodically for each slice. Search for the line > > my $command = "$nftrack -M $netflow_sources...."; > > and add the filter at the end of the command: > > my $command = "$nftrack -M $netflow_sources.... 'out if 12345'"; > > Reload NfSen after you modified the plugin: ./nfsen reload > and keep an eye on the log file > > This should do the trick. > > - Peter >> >> Thanks, >> PC >> >> >> >> ------------------------------------------------------------------------------ >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Nfsen-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > - -- > _______ SWITCH - The Swiss Education and Research Network ______ > Peter Haag, Security Engineer, Member of SWITCH CERT > PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 > SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland > E-mail: [email protected] Web: http://www.switch.ch/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (Darwin) > > iQCVAwUBS5iQPf5AbZRALNr/AQJxCAP9E+HysQHgz30qyM6ClhRyofOjjFHjHSsB > R8yyqil0TRdw5Tt2S7hgadBo+MA1bBXm5B07tjiexnH4Bd0e+BD1NoUvcrf1KXX3 > opm8hN/Saad/aQvZuOtfgREseKTF3LU1xMB69E+wslFSVZ1BAzGcEmRnPa7zrtp7 > k7USFh4eRS8= > =h9oU > -----END PGP SIGNATURE----- > Very cool Peter and Sven! Thanks for your help. I had to enable netflow V9 on my router to make it work properly. Here is my test from today: http://imgur.com/qN3wf Now I'll start hacking the PortTracker plugin. I'll probably make a new PortTrackerIn and PortTrackerOut plugin just to keep everything in order. Thanks again for the help, and for making an incedibly great, useful tool. -PC ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
