Hello Peter. Whether these features are available for netflow V5?
It would be nice if the NFDUMP took into account of exporter ID (router ip-address or something else) 20.08.2012 20:06, Peter Haag пишет: > Dear all, > As I'm currently implementing some nfdump features, I could > implement flow tags, an issue which I was asked every now > and then. > > Please comment on the following ideas, if you are interested > in this feature: > > Question: What do you prefer: > 1. Each flow may be assigned a unique tag/label. The number of > tags is limited to 16 or 32 bits. Least storage requirement. > 2. Each flow may be assigned multiple tags/labels. The number of > total tags is limited to 32 or 64. More storage, more flexible. > Using as 32bit value could take either version. > > How many labels and what flexibility would you want? Which > version would you prefer? > > o tags are numerical ids with an optional string labels. These > string labels are stored along the flows in the nfdump file. > o The nfdump filter language is extended, such that each valid > nfdump filter expression can assign or filter a tag: > set tag <nr>[(label)] if <expr> for example: > # numerical assignment: > set tag 10 if dst port 80 > # numerical and string assignment: > set tag 20(http) if dst port 80 > o matching tags in the filter language: > tag <nr> > tag <label> > o printing tags in output with %tag > o instead of a new tag file, tag assignment can be specified in > a standard nfdump filter file such as: > > # tags to be assigned: > set tag 10(http) if ( src port 80 ) or > > # comment your tags/labels > set tag 11(https) if ( dst port 443) or > ... > > which can be given to nfdump as an argument -f <filter> > > Would the tagging system as described above match the > requirements for those planing to use tags? > > Feedback is welcomed. > > - Peter > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
