On 10/30/2012 1:25 PM, Tristan Rhodes wrote:
> The first step is to decide how to best export this data from our
> netflow data. My initial idea was to run a nfdump command with a
> cronjob every 5 minutes. The problem is, how do I dynamically generate
> the proper date-based filename?
>
> "nfdump -M
> /usr/local/nfsen/profiles-data/live/Core1:Core2:Core3:Core4:Core5 -T
> -r 2012/10/11/nfcapd.201210111105 -n 10 -s ip/flows"
>
> I also tried using the "nfcapd.current" file for this purpose, but I
> get this error:
>
> "nfdump -M /usr/local/nfsen/profiles-data/live/Core1:Core2 -T -r
> nfcapd.current -n 10 -s ip/flows"
> Open file /usr/local/nfsen/profiles-data/live/Core1/nfcapd.current:
> bad version: 0
> Open file /usr/local/nfsen/profiles-data/live/Core2/nfcapd.current:
> bad version: 0
>
>
Pretty sure you can't use nfcapd.current for analysis as it is where new
flows are collected. You would want to back that down to the previous 5
minute interval. From a cron job, you could do something like this:
*/5 * * * * nfdump -M
/usr/local/nfsen/profiles-data/live/Core1:Core2:Core3:Core4:Core5 -T -r
$(perl -MPOSIX -e 'print strftime("%Y/%m/%d/nfcapd.%Y%m%d%M%S",
localtime(time - 300))') -n 10 -s ip/flows
You may be able to make that shorter, or wrap it in a script, but it
should do the trick.
Regards,
Mark
--
Mark D. Nagel, CCIE #3177 <mna...@willingminds.com>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 714-646-8277
** For faster support response time, please
** email supp...@willingminds.com or call 714-495-4000
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
