Yes, I wrote my own. It calls nfdump -o raw and then parses the data in
perl. I'm planning, in my copious amounts of free time, to actually
update the script to read the nfcapd data format natively in perl.
Sam Tetherow
Sandhills Wireless
Scott Reed wrote:
Did you write your own scipt for the -x option? I was looking at the
example in "man nfcapd" that shows using nfprofile and even read "man
nfprofile" and don't really see what I want to do with it.
Scott Reed
Owner
NewWays
Wireless Networking
Network Design, Installation and Administration
www.nwwnet.net <http://www.nwwnet.net/>
*---------- Original Message -----------*
From: Sam Tetherow <[EMAIL PROTECTED]>
To: WISPA General List <[email protected]>
Sent: Mon, 18 Sep 2006 18:03:20 -0500
Subject: Re: [WISPA] Preferred Netflow collector/analyzer?
> nfcapd -w -D -l /var/lib/nfcapd/flow/edge1 -p 2055 -B 128000 -I
Edge1 -P
> /var/run/nfcapd/nfcapd.edge1.pid
>
> I also use the -x flag to run a script that parses the information out
> into files by IP/date for graphing purposes.
>
> I really don't know if it is all that optimal, I set it up when I
put in
> the DS3 Mikrotik box and it has just work so far so I haven't had to
> tweak things.
>
> Sam Tetherow
> Sandhills Wireless
>
> Scott Reed wrote:
> > Sam,
> > I download nfdump and I think it works. What do you use for startup
> > command for nfcapd?
> >
> > Scott Reed
> > Owner
> > NewWays
> > Wireless Networking
> > Network Design, Installation and Administration
> > www.nwwnet.net <http://www.nwwnet.net/> <http://www.nwwnet.net/>
> >
> >
> > *---------- Original Message -----------*
> > From: Sam Tetherow <[EMAIL PROTECTED]>
> > To: WISPA General List <[email protected]>
> > Sent: Mon, 18 Sep 2006 14:03:20 -0500
> > Subject: Re: [WISPA] Preferred Netflow collector/analyzer?
> >
> > > I use nfcapd (part of nfdump) to capture the data, and have been
> > using a
> > > few of my own scripts to process the data. Not doing anything
fancy
> > > right now, just extracting data by IP address so I can graph user
> > usage.
> > >
> > > Sam Tetherow
> > > Sandhills Wireless
> > >
> > > David E. Smith wrote:
> > > > As part of a wholly unrelated network tweak, I now have a
Mikrotik
> > box
> > > > in a perfect place to snoop on my whole network, and seeing that
> > > > RouterOS 2.9 supports Cisco NetFlow, the gears started turning...
> > > >
> > > > I'd like recommendations on Netflow collectors and analyzers. I
> > played
> > > > briefly with nTop, the package Mikrotik sorta-recommends, but
it was
> > > > just too unstable for my taste. (The nTop daemon died about four
> > times
> > > > over the weekend.)
> > > >
> > > > There's plenty of commercial Netflow tools out there, some of
> > which run
> > > > for many thousands of dollars. Of course, I don't have THAT
kind of
> > > > money, but there are a few less expensive packages as well. What
> > works,
> > > > and what doesn't?
> > > >
> > > > David Smith
> > > > MVN.net
> > > >
> > >
> > > --
> > > WISPA Wireless List: [email protected]
> > >
> > > Subscribe/Unsubscribe:
> > > http://lists.wispa.org/mailman/listinfo/wireless
> > >
> > > Archives: http://lists.wispa.org/pipermail/wireless/
> > *------- End of Original Message -------*
> >
> >
<http://mail.shwisp.net/spam/dspam.cgi?template=history&user=tetherow&retrain=spam&signatureID=16,450f0a68101359119242804
<http://mail.shwisp.net/spam/dspam.cgi?template=history&user=tetherow&retrain=spam&signatureID=16,450f0a68101359119242804>>
>
> --
> WISPA Wireless List: [email protected]
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
*------- End of Original Message -------*
!DSPAM:16,450f4a6142281117628507!
<http://mail.shwisp.net/spam/dspam.cgi?template=history&user=tetherow&retrain=spam&signatureID=16,450f4a6142281117628507>
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
