Re: [Nfdump-discuss] Router interfaces
netflow collecting and processing tools
Brought to you by:
phaag
From: Peter H. <pet...@sw...> - 2007-07-16 15:34:49
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry folks for coming in late. I was out of the office last week. As of interface in/out: nfcapd collects the standard v9 elements NF9_INPUT_SNMP and NF9_OUTPUT_SNMP which corresponds to %in and %out in the output formats. They are also set in the corresponding fields when using -o raw: Flow Record: Flags = 0x00000001 size = 76 mark = 0 snipp ... prot = 17 tos = 0 input = 4 output = 23 snipp .. There is only one limitation so far: interface numbers need to be a 2Byte integer. 4 Bytes are not yet supported. That's the only think I can think of so far. This is due to the fact, that NF9_INPUT_SNMP and NF9_OUTPUT_SNMP are 2 bytes by default and snapshot-20070312 does not support other values, than the default so far. This also means, that next stable nfdump will have the same behaviour, but the next development cycle will extend other v9 elements anyway. - Peter - - --On July 13, 2007 14:30:48 +0200 Ralf Kleineisel <ral...@df...> wrote: | Yann Berthier wrote: | | > you can check with nfcapd -E what's collected | | The input/output fields are zero in the -E output. | | ------------------------------------------------------------------------- | This SF.net email is sponsored by DB2 Express | Download DB2 Express C - the FREE version of DB2 express and take | control of your XML. No limits. Just data. Click to get it now. | http://sourceforge.net/powerbar/db2/ | _______________________________________________ | Nfdump-discuss mailing list | Nfd...@li... | https://lists.sourceforge.net/lists/listinfo/nfdump-discuss - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland E-mail: pet...@sw... Web: http://www.switch.ch/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iQCVAwUBRpuQT/5AbZRALNr/AQI1+wQAiMy1TGjIv2w8j51JAXslomo6ZKOTfkKt 8QCxEdQodDmnnhtVgfhAPCw7bBl/pvwTonqxJ7UrTmsVA+A/2IpIJPPlxb6bLCjc RM0jQt8qts/Mps+bVvIt15wgOq2oibr30evPICEGM1qwE6+blC3bTvr5GcJeB7bM V2d2wHUw51M= =1+Cg -----END PGP SIGNATURE----- |