Re: [Nfdump-discuss] Collect and Report Ingress VRF ID?
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfdump-discuss] Collect and Report Ingress VRF ID?
|
From: Peter H. <ph...@us...> - 2014-07-31 11:33:47
|
Hi Matt, nfdump does support ingress/egress vrfid filtering: 'ingress vrf <id>' 'egress vrf <id>' The tokens are %vrf, %ivrf, %evrf - see also man page nfdump. Make sure nfcapd starts with at least -T31 ( or -Tall ) to collect this data, otherwise, it's ignored. Cheers - Peter On 16.07.14 22:55, Matthew A. Wiebelhaus wrote: >>From what I can tell it is not possible to collect the ingress VRF ID > field from Cisco ASR1000 and other Cisco routers that utilize flexible > NetFlow (version 9). If possible I would like to extend nfdump to collect > and report this field. I have done some work with implementing the extra > output tag which I am calling simply calling "%vrf" for now, and have got > it to the point where nfdump will simply print "0" for all flows. I was > hoping somebody could point me in the right direction as to which source > files I need to be focusing on to implement the rest of this. Attached is > a screenshot of a wireshark capture which shows this field in the template > I am exporting. Any help or suggestions would be appreciated. > > > > Thanks, > > Matt Wiebelhaus > Network Systems Design > Email: maw...@up... > > > ** > > This email and any attachments may contain information that is confidential and/or privileged for the sole use of the intended recipient. Any use, review, disclosure, copying, distribution or reliance by others, and any forwarding of this email or its contents, without the express permission of the sender is strictly prohibited by law. If you are not the intended recipient, please contact the sender immediately, delete the e-mail and destroy all copies. > ** > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > > > > _______________________________________________ > Nfdump-discuss mailing list > Nfd...@li... > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > -- Be nice to your netflow data. Use NfSen and nfdump :) |
