Hi, Apologies if this is the wrong list, I am not aware of any others. I’m hoping for some help with some problems.
I am running nfsen version is 1.3.6p1. I have an issue whereby I cannot create a profile where I can see historical data - for example let’s say I want to see all historical HTTP traffic as well as ongoing HTTP traffic, I would assume based on the many tutorials and papers I have read that I can just create a new shadow profile based on the live profile with the start date set to when I want it to start(let’s say for the purposes of this example 2013-12-01 00:00 which happens to be 1 day after I first started having all traffic going to the live profile and it working) and then apply my filter(eg. proto tcp and dst port 80). Creating the profile is fine and it works for any new flows received however all graphs only show data from the point of creating the profile - why is this? Why don’t they show historical data? Interestingly, if I were to go to the Details tab of a profile with no historical data, I can select a timeslot from prior to the profile being created and it will show under Statistics for that timeslot that there are 0 flows a second, 0 packets, etc(shown as 0/s) - whereas if I were to create a Real Profile and try go back to a timeslot before it was created, it shows X under statistics for that date(as opposed to 0/s). This tells me that for a real profile it can see NO data from before the creation date whereas with the shadow profile it can see data but for some reason thinks that there was no flows. Does anyone know how I can get historical data? Suppose I was to discover someone attacking a server using a particular exploit on a particular port, it would be essential for me to be able to look back through graphs quickly and see if that had been tried on any other servers. If I can only view new data then I would only pick up on new attacks which I know about. Lastly, another issue I have had is that whilst I was playing around desperately trying to create a profile that will show historical data, I have done something to break old graphs for the live profile. I think what may have broken it was running this command without really knowing what I was doing: /usr/local/bin/nfsen -r live all After running that command(in the vain hope it might update my shadow profile graphs with historical data) I noticed that my live profile is now missing graph data from ~3 or 4 weeks ago up until the point when I ran that command. To be clear, I can see graph data prior to 4 weeks before I ran the command and I can see graph data from when I ran the command unit now - I am simply missing the 3-4 weeks in the middle only. The graph simply shows no data at all during that timeframe, however under the details tab I can see from the statistics and nfdump commands that the actual flow data IS still there, just not reflected in the graph. It’s worth noting that all shadow profiles created before I ran that command have not been affected, so all shadow profiles based off live still show complete graphs from the point when they were created. Can anyone help with my two issues? Thanks, Mark ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
