Hi, When analyzing flow data we sometimes need realtime data and we have a script that runs on demand against the nfcapd.current files to provide this and dump it to a webpage. I've read that reading this file is not supported but we've never come across any issues when doing so and it has proved very useful to respond to real time events.
We recently updated nfdump to 1.6.13 from 1.6.9 and noticed that there was a change to how the file was created to now include a pid at the end of the filename. This creates an issue as we can no longer work out how to get nfdump to find the nfcapd.current files from multiple directories for the different routers that we pull data from. from my understanding: -r allows single files -M allows multiple directories with the same filename (what we used to do) -R allows a sequence of files, but all must exist in all directories -R -M can read all files in a directory, but it also does subdirectories Is there a way around this? For now, I've edited collector.c to strip off the pid from the end of the filename but I'd rather not have to fiddle with the code for future updates as it's liable to cause issues somewhere (or be forgotten). Any ideas on how to access multiple single files? Specifying -r multiple times just seems to use the last instance. Cheers, john ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
