Re: [Nfsen-discuss] Re: Problems using old nfdump data -- patch
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Re: Problems using old nfdump data -- patch
|
From: Peter H. <ha...@sw...> - 2006-04-10 08:11:12
|
-----BEGIN PGP SIGNED MESSAGE-----
- --On April 7, 2006 15:39:48 -0700 Jason Chambers <jch...@uc...> wrote:
| I saw this discussion before I signed up to the list, otherwise I would have replied earlier.
|
| I did have the same problem with importing prior flow sources and developed a small patch to fix it. As I understand it,
| the problem is the start time for the RRD files needs to be adjusted to the date your flow data begins.
When importing existing data, the nfcapd.* files need just to be
copied into the appropriate source directory. Thereafter a rebuild
of the profile - as stated in the README file - rebuilds the RRD DB
correctly. The only point is, that nfcapd.* files need to be created
in nfsen compatible 5 min slots e.g. nfcapd.2006...05/10/15 etc.,
otherwise they are not picked up while rebuilding. I need to stress that
in the README file more clearly.
- Peter
|
| Example and patch below.
|
| --
| Jason
|
|
| ######## --example after install.pl is patched--#########
| (...)
| Profile live: spool directories:
| Creating: darknet
| Are you importing exisiting flow data? Y or N: y
| Enter the number of days prior to now your flow records start: 4
| Adjusting RRD start time by 4 days -- 345600 seconds, epoch time: 1144096937
| Create profile info for profile 'live'
|
| Setup done.
|
| * You may want to subscribe to the nfsen-discuss mailing list:
| * http://lists.sourceforge.net/lists/listinfo/nfsen-discuss
| * Please send bug reports back to me: pet...@sw...
|
|
|
| ###### --patch--######
|
| kyushu:~/Downloads/nfsen-1.2.4> patch -u < patch--install
| patching file install.pl
| kyushu:~/Downloads/nfsen-1.2.4>
|
| kyushu:~/Downloads/nfsen-1.2.4> cat patch--install
| --- install.pl 2006-04-07 14:00:21.000000000 -0700
| +++ install-new.pl 2006-04-07 13:45:42.000000000 -0700
| @@ -446,7 +446,30 @@
| RenameFiles();
| +
| my $now = time();
| +
| + print "Are you importing exisiting flow data? Y or N: ";
| + my $var = <STDIN>;
| + chomp($var);
| + if ( $var =~ /^(Y|y)$/) {
| + print "Enter the number of days prior to now your flow records start: ";
| + my $days = <STDIN>;
| + chomp($days);
| + $days =~ /\d+/;
| +
| + if ( $days > 0 && $days < 1825 ) {
| + my $temp_time = ($days*24*60*60); # Days * 24 hrs * 60 minutes * 60 seconds
| + $now -= $temp_time;
| + print "Adjusting RRD start time by $days days -- $temp_time seconds, epoch time: $now \n";
| + }
| + else {
| + print "The number of days is 0, greater than 5 years, or not valid.... using the current time\n";
| + $now = time();
| + }
| + }
| +
| +
| my $tstart = $now - ( $now % 300 );
| NfSenRRD::SetupRRD("$NfConf::PROFILESTATDIR/live", $tstart - 300, 0);
| if ( $Log::ERROR ) {
|
|
|
|
|
|
| -------------------------------------------------------
| This SF.Net email is sponsored by xPML, a groundbreaking scripting language
| that extends applications into web and mobile media. Attend the live webcast
| and join the prime developer group breaking into this new coding territory!
| http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
| _______________________________________________
| Nfsen-discuss mailing list
| Nfs...@li...
| https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
|
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland
E-mail: pet...@sw... Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iQCVAwUBRDoTDP5AbZRALNr/AQHK9wP+P2vBqVS0Bl0SpB9JcNIx43g02BEwXgXw
eBYorVatbBFDEFtbQp4vfdRe57+LhdLtmNiQXeDOhJx/x/oNNCzLqDXLqsj9y6Km
XALBftjhJ4VFAsS5krk5FcUtExnhH+LJUW7k5NN2QsZEkgQ5ff01Qr3xBkPaQ04P
gk8FRgi4tJA=
=lpVY
-----END PGP SIGNATURE-----
|
