__
| Nfdump-discuss mailing list
| [EMAIL PROTECTED]
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83
uss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138
>
>Hi Peter,
>
> On Wed, 17 Jan 2007, at 09:11, Peter Haag wrote:
>
>> - --On January 16, 2007 17:39:57 + Maurizio Molina
>> <[EMAIL PROTECTED]> wrote:
>>
>> | Hi,
>> | the last nfdump snapshot (20070110) seems to have problems with
ss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-BEGIN PGP SIGNATURE--
&p=sourceforge&CID=DEVDEV
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haa
share your
| opinions on IT & business topics through brief surveys-and earn cash
| http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https:/
info/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web
d, as not needed.
- Peter
|
| Most likely there is a vastly superior 3rd option but I'm not sure what it is.
| Any guidance would be much appreciated.
|
| Paul.
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fin
w.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education
EMAIL PROTECTED]
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Bo
Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-BEGIN PGP SIG
| Quis custodiet ipsos custodes?
|
|
|
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail:
ic using tcpdump, which
includes v9 template and data packets, I'll have a look into that.
- Peter
|
| -Original Message-----
| From: Peter Haag [mailto:[EMAIL PROTECTED]
| Sent: Monday, April 30, 2007 8:50 AM
| To: Stephen W. Bradley; nfdump-discuss@lists.sourceforge.net
| Subject
urceforge.net/powerbar/db2/
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerp
ling list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC
ss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.s
//lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Sw
rge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zuric
w.
| http://sourceforge.net/powerbar/db2/
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Pet
info/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: h
-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D
both
streams to
different ports and therefore different nfcapd processes.
It's on the todo list to make nfcapd multi stream aware.
- - --On July 18, 2007 13:56:36 +0100 Ras <[EMAIL PROTECTED]> wrote:
| On 18/07/07, Peter Haag <[EMAIL PROTECTED]> wrote:
| > This looks totally st
netflow sources, and therefore
contains flows with different sampling rates. For not delaying 1.3 any longer
I decided to move it into next upgrade of NfSen, but I will address this feature
next.
Regards
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch
wnload your FREE copy of Splunk now >> http://get.splunk.com/
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education a
Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95
http://get.splunk.com/
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --On August 9, 2007 13:33:58 +0200 Xavier Fustero <[EMAIL PROTECTED]> wrote:
| Hi Peter,
|
|
| On dj, 2007-08-09 at 10:41 +0200, Peter Haag wrote:
| > -BEGIN PGP SIGNED MESSAGE-
| > Hash: SHA1
| >
| >
| >
| > - -
ceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Swi
rceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-
> http://get.splunk.com/
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer,
al/lib/librrd_th.la
| /usr/local/lib/librrd_th.a
|
| Any ideas why this isn't working?
|
| Thanks,
|
| --
| Eric Cables
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA
e.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-
iling list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWIT
s, not web links.
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http
cuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstras
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Ralf,
- --On October 11, 2007 2:33:37 PM +0200 Ralf Kleineisel <[EMAIL PROTECTED]>
wrote:
| Peter Haag wrote:
|
| > As for displaying I only partly agree: So far I find it very handy to have
ICMP
| > type/code directly displayed in
w >> http://get.splunk.com/
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag
compression ratio is about 50% in average but very fast, it
is very well suited for nfdump.
Existing files can be compressed using ../nfdump -j The file
format is completely transparent.
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security
| This SF.net email is sponsored by: Splunk Inc.
| Still grepping through log files to find problems? Stop.
| Now Search log events and configuration files using AJAX and a browser.
| Download your FREE copy of Splunk now >> http://get.splunk.com/
|
he Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Find appended the patch for nfdump-1.5.6 correcting the daylight saving bug.
It's required if you work with data created during daylight saving time.
- Peter
- --On November 6, 2007 11:36:04 +0100 Peter Haag <[EMAIL PROTECTED]
iss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-BEGIN PGP SIGNA
iscuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web
.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mai
- The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-BEGIN PG
eforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-m
ITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-BEG
far, as lot
of the work as done in my free time.
If you are willing to test an early adopter release, most likely including
lots of bug - feel free to ping me in a few weeks.
- Peter
|
| rgds.
|
| On Wed, Mar 5, 2008 at 8:00 PM, Peter Haag <[EMAIL PROTECTED]> wrote:
|
| > -BEGI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --On March 28, 2008 16:27:15 +0100 Vegard Vesterheim <[EMAIL PROTECTED]>
wrote:
| On Wed, 05 Mar 2008 08:46:25 +0100 Vegard Vesterheim <[EMAIL PROTECTED]>
wrote:
|
| > On Tue, 04 Mar 2008 13:08:52 +0100 Peter Haag <[EMAIL
/java.sun.com/javaone
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer,
__
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 6
urceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bjoern Weiland wrote:
| Nino Ciurleo wrote:
|> try with:
|> nfdump -r /and/dir/nfcapd.200407110845 -c 100 "proto tcp and ( src ip
|> 172.16.17.18 or dst ip 172.16.17.19 )"
|
| That did it, thanks guys, simplest thing, actually. It works with single
|
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Daan,
Daan van der Sanden wrote:
| Hi,
|
| In both netflow_v5_v7.c and netflow_v9.c is an error in handling an overflow
| of the SysUptime counter. However I can't test this it at the moment, because
| I don't have any packet in which there is an o
nywhere in the world
| http://moblin-contest.org/redirect.php?banner_id=100&url=/
| ___
| Nfdump-discuss mailing list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Educatio
list
| Nfdump-discuss@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC
snapshot has lot's of more v9
extensions - so stay tuned! It will be
ready soon.
- Peter
|
| best regards
| Pavel
|
| * Peter Haag ([EMAIL PROTECTED]) wrote:
|> Hi Pavel,
|>
|> Yes - this is a known issue. NfSen switched already to the 1000 scaling
|> factors - nfdump up
s record ) does not yet show the additional
tags.
** THIS RELEASE IS NOT INTENDED FOR PRODUCTION **
This release works with NfSen 1.3, however, the interface is not yet able to
profit from the new options.
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Pe
ITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web: http://www.switch.ch/
-BEGIN
Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: [EMAIL PROTECTED] Web:
=2
> dOctets = 80
>
> Thanks,
> Tony
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2,
when.tm_yday = 0;
+ when.tm_isdst = -1;
if ( strlen(timestring) != 12 ) {
LogError( "Wrong time format '%s'\n", timestring);
I'm sorry for the trouble.
- Peter
- --
_______ SWITCH - The Swiss Education and Research Networ
Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> ___
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Sw
runs cleanly on all
64bit CPUs.
A new nfdump snapshot with support for flexibel netflow (FNF) and
sampling support should be uploaded by the end of next week.
Regards
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Memb
---
>
> --
> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
> production scanning environment may not be a perfect world - but thanks to
> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
s.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerla
>
> ___
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter
e.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: pe
mp-1.5.8
and can be used together with NfSen. However, not all new feature can
be used as NfSen does not yet support them.
Feedback is appreciated
Happy playing!
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Luis,
Nice to hear from you!
Yes - there is a reason for these changes. I will contact you off list, as this
is not really something to bother all users here on the list.
- Peter
Luis Servin wrote:
> Hi Peter,
>
> I have been looking
requires, which is the most influencing factor for
speed. Memory can not be replaced except
by memory! having enough memory an I.O capacity is the credo.
Hope this helps
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH
6 to x86_64
without troubles.
Gruss
- Peter
>
>
> Thanks -- Till
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jan Pazdera wrote:
> Hi all,
>
snipp ..
>>
>>
> I would like to add my experience with filtering of huge data amounts. A
> year ago, we used 32b nfsen/nfdump on dual core cpu and 4 GB RAM with
> RAID5 to collect data with 75k flows per second on 10G
read: 325280619
Sys: 47.950s flows/second: 112848.9 Wall: 48.285s flows/second: 112066.9
IP list
Total flows processed: 5411216, Blocks skipped: 0, Bytes read: 325280619
Sys: 1.840s flows/second: 2940696.1 Wall: 1.857s flows/second: 2913259.3
- Peter
>
> On Tue, J
Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi John,
John Kougoulos wrote:
> Hello,
>
> sorry for this noise, 1.5.8 seems to work ok. however this is valid for
> 1.6b, in case anyone is interested. The gdb output is from 1.6b snapshot
>
> Regards,
> John
After running configure, edit config
-
>
> ___
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Pete
> Eddie
>
>
>
>
>
> 寄件人﹕ Peter Haag
> 收件人 Chor Keung Li
> 副本(CC) nfdump-discuss@lists.sourceforge.net
> 傳送日期﹕ 2009 年 8月 4 日 星期二 下午 1:28:12
> 主題: Re: [Nfdump-discuss] Re: How can display IP prefix
>
> -BEGIN PG
gt;
> Thanks again!!
>
> Eddie
>
>
>
> 寄件人﹕ Peter Haag
> 收件人 Chor Keung Li
> 副本(CC) nfdump-discuss@lists.sourceforge.net
> 傳送日期﹕ 2009 年 8月 4 日 星期二 下午 3:53:59
> 主題: Re: Re: [Nfdump-discuss] Re: How can display IP prefix
>
> -BEGIN PGP SIGNED
I will think about that.
- Peter
>
> Thank you so much for your reply!!
>
> Eddie
>
>
>
> ____
> 寄件人﹕ Peter Haag
> 收件人 Chor Keung Li
> 副本(CC) nfdump-discuss@lists.sourceforge.net
> 傳送日期﹕ 2009 年 8月 4 日 星期二 下午 7:54:32
>
uss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott Dier wrote:
> Peter Haag wrote:
>> Be careful with ASA. 1.6b does not yet support ASA. There are lots of
>> specials with that platform. You may download the
>> nfdump-1.5.7-nsel tree, which supports ASA. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Till Dörges wrote:
> On 31.07.2009 07:34, Peter Haag wrote:
>> John Kougoulos wrote:
>
>>> I have compiled nfdump in solaris 10/SPARC and everything works ok, but
>>> when I use nfdump -R in specific directories
ications to market and stay
> ahead of the curve. Join us from November 9-12, 2009. Register now!
> http://p.sf.net/sfu/devconf
> ___
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinf
( legacy 1.4 compatibility )
o Make use of log (syslog) functions for nfprofile.
o Move log functions to util.c
Thanks
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95
>
> ___
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Securi
: engine id 5, type 0, IP: x.x.x.x, Sampling Mode: 2, Sampling
Interval: 128
I still take feedback from 1.6b testers for any issues found in 1.6b.
Hope this helps.
- Peter
Szymon Trocha wrote:
> Peter Haag pisze:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
&
__
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31
_ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: peter.h...@switch.ch Web: http://www.switch.ch/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear all,
All those interested in testing sflow, please contact me off list.
- Peter
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new wit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Onur Bektas wrote:
> Hi Peter,
>
> On 11/17/2009 8:46 AM, Peter Haag wrote:
>
>
> Onur BEKTAS wrote:
>
>>>> Hi all,
>>>>
>>>> Does nfdump has support for flow tagging ? (like flow-tag i
lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: peter.
ferred sampling rate or would it be
> possible to modify nfcapd to handle the run-rate?
>
>
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alistair Cockeram wrote:
> On Fri, Dec 04, 2009 at 03:43:55PM +0100, Peter Haag wrote:
>> I'm not aware of any fields, which export the run length. nfdump simply
>> uses the sampling rate, which is announced the v5 header. In
t
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
- --
___ SWITCH - The Swiss Education and Research Network __
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D
78122253, Sequence Errors: 0, Bad Packets: 0
>
> The boxes get fed by Cisco Catalyst 6500 series, mostly running SXI* IOS
> and exporting dual-stack netflow v9.
>
> Any ideas? The system is really old and there might just have been a
> botched update in those 1000 days uptime t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Disregard the last patch! It does not apply.
Use the one appended on this mail.
Sorry
- Peter
Peter Haag wrote:
> Hi Bernhard,
> Thanks for the bug report. It's a not initialized variable. How careless!
> Find append
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bernhard Schmidt wrote:
> On Tue, Dec 15, 2009 at 08:26:26AM +0100, Peter Haag wrote:
>
>> Disregard the last patch! It does not apply.
>> Use the one appended on this mail.
>
> Thanks, I've installed it, so far no c
1 - 100 of 368 matches
Mail list logo
