Home

Peter Haag

nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax. It supports netflow versions v1, v5, v7, v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA (NSEL) and CISCO NAT (NEL) devices, which export event logging records as v9 flows.
nfdump is fully IPv6 compatible.

 

Project Members:


  • Riccardo
    Riccardo
    2013-07-25

    hello nfdump, thanks so much...

     
    Attachments
  • What steps do I have to do to make the basic installation of nfdump?
    What are the hardware requirements for the collector?

     
  • Star1609
    Star1609
    2013-10-25

    Hi i can't write a ticket in a bug report. I have a problem with packets/bits counting by nfcapd. I'm using cisco catalist 7600 (720 sup) ios 12.2(33)SRD4 , and nfcapd/nfsen software for collecting data. I m using such config on cisco:
    ip flow-export destination x.x.x.x 9995
    ip flow-export version 5
    mls netflow usage notify 90 120
    mls nde sender version 5
    mls sampling time-based 4096
    mls netflow usage notify 90 120

    The problem is that traffic which is shown by nfdump while opening one file (5min) is 520 T and average speed 13.5 T per second , while real speed on interface is 40 gigabit per second (4x10g) and real data collected between 1-2 T . How can i fix it ?
    i don't use sample on collector

     
    Last edit: Star1609 2013-10-25