Thanks Peter.
> The resulting file of your command is not compressed. Use -z in order to
> compress the output.
> To compress the existing file, run ./nfdump -j netflow_dump.20120606
> This should considerably shrink the size.
> Maybe I should make compression the default, as compatibility to those
> uncompressed days is long back ....
Did as you suggested, and the file reduced to ~1.7Gb, which is a huge
improvement, but I am unable to run nfdump on that file (unable as in it has
now been running for nearly 24hours, with load average of 4.7), this was with a:
nfdump -R netflow_dump.20120606 -a| more
but, if I run something like:
nfdump -R netflow_dump.20120606 'dst net 10.1.1.0/24' -s srcip/bytes -s
dstip/bytes -s port/bytes -s record/bytes -n 20| more
completes in ~20 seconds?
Very new to nfdump, so the above may be expected behaviour?
Cheers.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
