Re: [Nfdump-discuss] nfdump-1.5.8-NSEL for CISCO ASA - testers wanted!
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] nfdump-1.5.8-NSEL for CISCO ASA - testers wanted!
|
From: Peter H. <ph...@us...> - 2011-02-11 17:56:15
|
Finally nfdump-1.5.8-NSEL is released and available at Sourceforge. Many thanks to all testers, for giving valuable feedback - Peter On 18/12/10 1:45 PM, Peter Haag wrote: > Dear all, > Due to the high demand to support NSEL event flows for CISCO ASA devices, and due to some bugs in nfdump-1.5.7-nsel, I > decided to create and updated version nfdump-1.5.8-NSEL. > > In order to release this version on Sourceforge, I would like to get some feedback first from testers, willing to use > and test nfdump-1.5.8-NSEL thoroughly. If you want to help to test, feel free to ping me off list, and I will send you a > tar ball. As I have no CISCO ASA equipment for testing, I only can do limited testing with flow tracks sent by > supporting users. Many thanks to all of them. > > Notes on nfdump-1.5.8-NSEL: > Why nfdump-1.5.8-NSEL and no integration into nfdump-1.6.x ? > The original NSEL code was contributed by CISCO and applied to nfdump-1.5.7. Therefore, it was a lot easier for me to > port this code to nfdump-1.5.8 and fix the bugs related to nfdump-1.5.7-nsel. > Once the code turns out to be stable and running, I will port it to nfdump-1.6. > > Limitation: Due to a major code cleanup and in respect to future upwards compatibility with nfdump-1.6.x, the binary > data format changed from nfdump-1.5.7-nsel to nfdump-1.5.8-NSEL. Therefore the bad news is, that flows collected with > nfdump-1.5.7-nsel can no longer be processed be nfdump-1.5.8-NSEL - sorry! > > The good news: nfdump-1.5.8-NSEL is fully nfdump-1.5.8 up and downwards compatible. Both versions can read either data > likewise, with the limitation of course, that nfdump-1.5.8 skips NSEL specifics but displays other data correctly. This > also allows, that upcoming nfdump-1.6.x with NSEL support will be able to read and upgrade data from nfdump-1.5.8-NSEL > transparently. It's fully 64bit compatible and should compile and run on any standard *NIX. > > NSEL event flows use a different time formats, than standard v9 flows. nfdump-1.5.8-NSEL maps the time directly into > flow start/end time records likewise. For statistics reason, at least one packet is accounted for each event flow. > Furthermore nfdump-1.5.8-NSEL has been upgraded to support NSEL specific output formats and tags. The default display > format is -o nsel. All other formats like raw, line, long and extended are still available. If you want to see a full > NSEL record use -o raw. See also the nfdump(1) man page for further details on NSEL specific output formats. > > nfdump-1.5.8-NSEL is fully NfSen compatible. --enable-nfprofile builds the required profiler and the nseld binary for > the NSELtracker. NSELTracker is an NfSen plugin contributed by CISCO. See the coresponding NSELTracker subdirectory for > further information. > > Cheers > > - Peter > > -- Be nice to your netflow data. Use NfSen and nfdump :) |