Alan - Actually, I am much more familiar with using the "date" command so I am
going to use your method. I also learned that the file name shows 5 minutes
before the time the file is created, so I am using the built in -d 5 "mins
ago". (Or should I use "10 mins ago" to make sure I am not stepping on nfcapd
toes while it is writing the file? If I use 10 mins, my real-time dashboard
would have slightly older data...)
Mark - Thank you very much for your solution!
It looks like I can get the results I want by creating a cronjob to run every 5
minutes (*/5 * * * *) and execute this command:
/usr/bin/nfdump -M /usr/local/nfsen/profiles-data/live/Core1:Core2:Core3:Core4
-T -r `date +%C%y/%m/%d/nfcapd.%C%y%m%d%H%M -d "5 mins ago"` -n 10 -s ip/flows
Now to parse this output, insert it into a new database, and imagine some
useful things to do with the data!
Thanks,
Tristan
--
Tristan Rhodes
Network Engineer
Weber State University
(801) 626-8549
>>> On 10/30/2012 at 5:30 PM, in message <509062f9.9080...@hawaii.edu>, Alan
>>> Whinery <whin...@hawaii.edu> wrote:
Oh, well shoot, I went looking for the message with the question and then I
answered somebody's better answer.
On 10/30/2012 10:53 AM, Mark D. Nagel wrote:
On 10/30/2012 1:25 PM, Tristan Rhodes wrote:
The first step is to decide how to best export this data from our netflow data.
My initial idea was to run a nfdump command with a cronjob every 5 minutes. The
problem is, how do I dynamically generate the proper date-based filename?
"nfdump -M /usr/local/nfsen/profiles-data/live/Core1:Core2:Core3:Core4:Core5 -T
-r 2012/10/11/nfcapd.201210111105 -n 10 -s ip/flows"
I also tried using the "nfcapd.current" file for this purpose, but I get this
error:
"nfdump -M /usr/local/nfsen/profiles-data/live/Core1:Core2 -T -r nfcapd.current
-n 10 -s ip/flows"
Open file /usr/local/nfsen/profiles-data/live/Core1/nfcapd.current: bad
version: 0
Open file /usr/local/nfsen/profiles-data/live/Core2/nfcapd.current: bad
version: 0
Pretty sure you can't use nfcapd.current for analysis as it is where new flows
are collected. You would want to back that down to the previous 5 minute
interval. From a cron job, you could do something like this:
*/5 * * * * nfdump -M
/usr/local/nfsen/profiles-data/live/Core1:Core2:Core3:Core4:Core5 -T -r $(perl
-MPOSIX -e 'print strftime("%Y/%m/%d/nfcapd.%Y%m%d%M%S", localtime(time -
300))') -n 10 -s ip/flows
You may be able to make that shorter, or wrap it in a script, but it should do
the trick.
Regards,
Mark
--
Mark D. Nagel, CCIE #3177 <mna...@willingminds.com> (
mailto:mna...@willingminds.com )Principal Consultant, Willing Minds LLC
(http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 714-646-8277
** For faster support response time, please
** email supp...@willingminds.com or call 714-495-4000
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Nfsen-discuss mailing
listNfsen-discuss@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/nfsen-discuss
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
