NFDUMP - Netflow processing tools Wiki

netflow collecting and processing tools

Brought to you by: phaag

Home

Authors:

nfdump is a set of tools to collect and process netflow data. It's fast and has a powerful filter pcap like syntax. It supports netflow versions v1, v5, v7, v9 and IPFIX as well as a limited set of sflow. It includes support for CISCO ASA (NSEL) and CISCO NAT (NEL) devices, which export event logging records as v9 flows.
nfdump is fully IPv6 compatible.

Project Members:

Peter Haag (admin)

Discussion

Anonymous - 2013-07-25

hello nfdump, thanks so much...

app.zip

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

recinerodriguez - 2013-08-29

What steps do I have to do to make the basic installation of nfdump?
What are the hardware requirements for the collector?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Star1609 - 2013-10-25

Hi i can't write a ticket in a bug report. I have a problem with packets/bits counting by nfcapd. I'm using cisco catalist 7600 (720 sup) ios 12.2(33)SRD4 , and nfcapd/nfsen software for collecting data. I m using such config on cisco:
ip flow-export destination x.x.x.x 9995
ip flow-export version 5
mls netflow usage notify 90 120
mls nde sender version 5
mls sampling time-based 4096
mls netflow usage notify 90 120

The problem is that traffic which is shown by nfdump while opening one file (5min) is 520 T and average speed 13.5 T per second , while real speed on interface is 40 gigabit per second (4x10g) and real data collected between 1-2 T . How can i fix it ?
i don't use sample on collector

Last edit: Star1609 2013-10-25

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dmitri - 2014-12-10

I can't report a bug! When I'm trying to create binary with size more than 2 GiB, I got error. For example: nfdump -r filename -w binfile -f $filterhere. Error: File size limit exceeded. nfdump version 1.6.10p1. On newer version error too. Text file created without problem (5GiB)
Edited: possible os limitation (singned int used for offset).
Another problem: in last versions of nfdump, if no space on disk or problem, described above, nfdump program prints error message infinitely instead of print it one time and exit with return code.

Last edit: Dmitri 2015-01-14

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

roysbike - 2014-12-14

Help me. Please add the pipe output NEL. (SRC_nat , DST_nat in machine code)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Paul Escat - 2015-01-21

Good evening. Does someone know how can I filter by hostname or by fully qualified domain name? The problem is that the only information that nfdumpd gives when you use 'host www.hostname.com' or by dst ip 'FQDN' is: Resolving IP adress...but no statistics appear...

I would really appreciate any advice or example for resolving this.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.