As long as NfSen can find the renamed nfcapd files, then that will be OK.
However, So far I am unable to get optarg -x to move the nfcapd file from
nfcapd.YYYYmmddhhmm to nfcapd.hhmm. It seems to be a problem with the -x
variables; %d %f. Whenever you try to combine any -x variable such as %d or %f
with any string, they stop working.
None of the examples below work.
'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type' =>
'netflow', 'optarg' => '-t 5 -x "mv -f %d/%f %d/nfcapd.new"' },
The next two examples , are how i envision renaming the nfcapd files.
Stripping out YYYYmmdd from the filename and replacing it with hhmm:
'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type' =>
'netflow', 'optarg' => '-t 5 -x "perl -e \"my ($suf) = $ARGV[0] =~ m/(....)$/;
`mv %d/$ARGV[0] nfcapd.$suf`;\" %f"' },
'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type' =>
'netflow', 'optarg' => '-t 5 -x "suf=`expr substr %f 16 4`;mv -f %d/%f
%d/nfcapd.$suf"' },
The examples below actually work. But as soon as I combine the use of a -x
variable, such as %d. They no longer work, as seen above.
'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type' =>
'netflow', 'optarg' => '-t 5 -x "mv -f %d/%f /tmp/testflow"'
'cr-ul' => { 'port' => '10151', 'col' => '#00ff00', 'type' =>
'netflow', 'optarg' => '-t 5 -x "mv -f %d/%f
/var/data/nfsen/profiles-data/live/cr-ul/2010/04/01/nfcapd.new"' },
Any ideas?
Thanks,
--Chad
On Apr 1, 2010, at 1:41 AM, Peter Haag wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 3/30/10 15:11, ckotil wrote:
>> That's exactly what I am trying to do.
>> I did consider using the -x parameter after reading through the man page for
>> nfdump, but I wasn't exactly sure how to use it.
>> One problem I had with hacking up the source is that the nfsen frontend then
>> needed to be modified to look for filenames named `nfcapd.hhmm`; the
>> filenames with hour and minute.
>>
>> If -x is used with nfcapd, will nfsen still need to be modified or is there
>> a config bit we can set , instructing nfsen what filenames to look for?
>
> No - you can use the 'optarg' argument in the %sources definition. 'optarg'
> => '-x whatever ...'
>
> - Peter
>
>>
>> Thanks,
>>
>> --Chad
>>
>> On Mar 30, 2010, at 12:53 AM, Manish Kumar wrote:
>>
>>> Hi ckotil,
>>> If I get your problem, there is one way out. At the time of
>>> capturing itself you can rename your file like this.
>>>
>>> ./nfcapd -p port_no -t rotating_time -l location_of_files -I
>>> Binary_file_name -x 'mv file_location_dir/%f file_location_dir/%i'
>>>
>>> By this You will always have a single file in ur directory with the name of
>>> Binary_file_name, so that you don't have to use wild card while reading
>>> with nfdump -r, you can run the collector at the specified time only and
>>> stop it by controlling with a script.
>>>
>>> May be it work for you.
>>>
>>>
>>> On Mon, Mar 29, 2010 at 9:08 PM, ckotil <[email protected]> wrote:
>>> Hi,
>>> I would like to collect statistics on my netflow from multiple hosts ,
>>> spanning multiple days and a specific time. For example from host1 , host2,
>>> and host3, on 03/26/2010, 03/27/2010, and 03/28/2010 at 0800. The problem I
>>> am having is that nfdump seems unable to use a wildcard.
>>> Here is the command:
>>>
>>> [u...@netflow]$ nfdump -M
>>> /var/data/nfsen/profiles-data/live/cr-ul/2010/03/26:27:28 -R nfcapd.*0800
>>> 'inet6 and not dst ip fec0:0:0:ffff::1' -S
>>> WARNING: -S depricated! use -s record/packets/bytes instead. Option will
>>> get removed.
>>> stat() error
>>> '/var/data/nfsen/profiles-data/live/cr-ul/2010/03/26/nfcapd.*0800': File
>>> not found!
>>>
>>> I was able to wrap this command in a script, and by using the -R command I
>>> could make this work.
>>> Another solution I found was to hack the source code so that filenames were
>>> written to disk without year, month, and day; nfcapd.0800 for example. Then
>>> I could use the command above without a wildcard.
>>>
>>> Is there another way to do this without additional scripting or hacking up
>>> the source?
>>>
>>> Thanks,
>>>
>>> --Chad
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Download Intel® Parallel Studio Eval
>>> Try the new software tools for yourself. Speed compiling, find bugs
>>> proactively, and fine-tune applications for parallel performance.
>>> See why Intel Parallel Studio got high marks during beta.
>>> http://p.sf.net/sfu/intel-sw-dev
>>> _______________________________________________
>>> Nfsen-discuss mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>> Manish Kumar,
>>> Project Associate,
>>> Computer Networks & Internet Engineering Division,
>>> Centre for Development of Advanced Computing R&D,
>>> #68,Electronics City,
>>> Bangalore 560100,
>>> Karnataka, India
>>> Mobile:9886739073
>>> Ph: 080 28523300 Extn: 2511
>>> Email: [email protected]
>>> http://cens.cdac.in/
>>
>> Chad E. Kotil
>> GRNOC Systems Engineer
>> 812-855-5288
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>>
>>
>>
>> _______________________________________________
>> Nfsen-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
> - --
> _______ SWITCH - The Swiss Education and Research Network ______
> Peter Haag, Security Engineer, Member of SWITCH CERT
> PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
> SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
> E-mail: [email protected] Web: http://www.switch.ch/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iQCVAwUBS7QyE/5AbZRALNr/AQLYIwP/cRlbvMiHCbg90SI8tCDWPZX7AX3xmvOI
> /lBr5nKy0t+BcpPCP9LUyTAzAhla2MqFX6whLVayy81xQOMak4aqIk6nULOQqnfw
> b/dHqD5xKje0wUsnU3AIqhZLZFsFqF8kEl3uZI4hnmK11vZcyCBXuhsV/Q/bwd9y
> Gg+P3ACGHAs=
> =W0hs
> -----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
