[Nfdump-discuss] Multiple interfaces from multiple routers
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
[Nfdump-discuss] Multiple interfaces from multiple routers
|
From: Deaton, J. <je...@on...> - 2006-02-08 22:50:10
|
I'm very new to nfdump (and nfsen) but like a lot of what I see. I've read the archives of the mailing list and have kinda already answered my question. I'm asking anyway in case I'm missing something. I have 3 routers that among other things, provide transit connectivity via 4 interfaces. If I want to aggregate all internet traffic for analysis purposes the only way I can come up with to do this is to nfdump filter the traffic in or out the appropriate interfaces on each of the 3 separate sources. Then, with these 3 new sets of files, I can run appropriate -M and -m options to aggregate only the internet related connections for analysis. Is there another way? If there was an argument to filter based on the source I could do it all in one step but that doesn't appear to be available. For instance, even though we only do one router/nfcapd, if the file structure had a field stating the source, I could do something like: (exporter router1 and (in if <ifnum> or out if <ifnum>)) or (exporter router2 and (in if <ifnum> or out if <ifnum>)) or (exporter router3 and (in if <ifnum> or out if <ifnum>)) |
