Re: [Nfsen-discuss] Re: Problems using old nfdump data -- patch
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Re: Problems using old nfdump data -- patch
|
From: Esben B. <es...@cs...> - 2006-04-10 15:24:04
|
Peter Haag wrote: >-----BEGIN PGP SIGNED MESSAGE----- > > > >- --On April 7, 2006 15:39:48 -0700 Jason Chambers <jch...@uc...> wrote: > >| I saw this discussion before I signed up to the list, otherwise I would have replied earlier. >| >| I did have the same problem with importing prior flow sources and developed a small patch to fix it. As I understand it, >| the problem is the start time for the RRD files needs to be adjusted to the date your flow data begins. > >When importing existing data, the nfcapd.* files need just to be >copied into the appropriate source directory. Thereafter a rebuild >of the profile - as stated in the README file - rebuilds the RRD DB >correctly. The only point is, that nfcapd.* files need to be created >in nfsen compatible 5 min slots e.g. nfcapd.2006...05/10/15 etc., >otherwise they are not picked up while rebuilding. I need to stress that >in the README file more clearly. > > > That solution seems to work (So does the patch but id like to avoid that). You should probably mention the naming format in the first place, because as far as i can tell there is no such thing anywhere in the README (though i might have missed it, and it was deffinately not where i would expect such information to be). > - Peter >| >| Example and patch below. >| >| -- >| Jason >| >| >| ######## --example after install.pl is patched--######### >| (...) >| Profile live: spool directories: >| Creating: darknet >| Are you importing exisiting flow data? Y or N: y >| Enter the number of days prior to now your flow records start: 4 >| Adjusting RRD start time by 4 days -- 345600 seconds, epoch time: 1144096937 >| Create profile info for profile 'live' >| >| Setup done. >| >| * You may want to subscribe to the nfsen-discuss mailing list: >| * http://lists.sourceforge.net/lists/listinfo/nfsen-discuss >| * Please send bug reports back to me: pet...@sw... >| >| >| >| ###### --patch--###### >| >| kyushu:~/Downloads/nfsen-1.2.4> patch -u < patch--install >| patching file install.pl >| kyushu:~/Downloads/nfsen-1.2.4> >| >| kyushu:~/Downloads/nfsen-1.2.4> cat patch--install >| --- install.pl 2006-04-07 14:00:21.000000000 -0700 >| +++ install-new.pl 2006-04-07 13:45:42.000000000 -0700 >| @@ -446,7 +446,30 @@ >| RenameFiles(); >| + >| my $now = time(); >| + >| + print "Are you importing exisiting flow data? Y or N: "; >| + my $var = <STDIN>; >| + chomp($var); >| + if ( $var =~ /^(Y|y)$/) { >| + print "Enter the number of days prior to now your flow records start: "; >| + my $days = <STDIN>; >| + chomp($days); >| + $days =~ /\d+/; >| + >| + if ( $days > 0 && $days < 1825 ) { >| + my $temp_time = ($days*24*60*60); # Days * 24 hrs * 60 minutes * 60 seconds >| + $now -= $temp_time; >| + print "Adjusting RRD start time by $days days -- $temp_time seconds, epoch time: $now \n"; >| + } >| + else { >| + print "The number of days is 0, greater than 5 years, or not valid.... using the current time\n"; >| + $now = time(); >| + } >| + } >| + >| + >| my $tstart = $now - ( $now % 300 ); >| NfSenRRD::SetupRRD("$NfConf::PROFILESTATDIR/live", $tstart - 300, 0); >| if ( $Log::ERROR ) { >| >| >| >| >| >| >| ------------------------------------------------------- >| This SF.Net email is sponsored by xPML, a groundbreaking scripting language >| that extends applications into web and mobile media. Attend the live webcast >| and join the prime developer group breaking into this new coding territory! >| http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >| _______________________________________________ >| Nfsen-discuss mailing list >| Nfs...@li... >| https://lists.sourceforge.net/lists/listinfo/nfsen-discuss >| > > > >- -- >_______ SWITCH - The Swiss Education and Research Network ______ >Peter Haag, Security Engineer, Member of SWITCH CERT >PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 >SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland >E-mail: pet...@sw... Web: http://www.switch.ch/ >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (Darwin) > >iQCVAwUBRDoTDP5AbZRALNr/AQHK9wP+P2vBqVS0Bl0SpB9JcNIx43g02BEwXgXw >eBYorVatbBFDEFtbQp4vfdRe57+LhdLtmNiQXeDOhJx/x/oNNCzLqDXLqsj9y6Km >XALBftjhJ4VFAsS5krk5FcUtExnhH+LJUW7k5NN2QsZEkgQ5ff01Qr3xBkPaQ04P >gk8FRgi4tJA= >=lpVY >-----END PGP SIGNATURE----- > > > >------------------------------------------------------- >This SF.Net email is sponsored by xPML, a groundbreaking scripting language >that extends applications into web and mobile media. Attend the live webcast >and join the prime developer group breaking into this new coding territory! >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 >_______________________________________________ >Nfsen-discuss mailing list >Nfs...@li... >https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > > |
