Re: [Nfsen-discuss] Can I aggregate all files captured on one day into one?
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Can I aggregate all files captured on one day into one?
|
From: Peter H. <ha...@sw...> - 2006-08-02 11:06:09
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Adrian, I don't know, if I understood your question correctly. Anyway some thoughts: If you create any file from several input files for archiving purpose, and store that file outside of NfSen data space, you can take any filename of your choice. If you change files, ( with a cron job or somehow else ), not yet expired within the NfSen data space, the naming must conform, to the way nfcapd produces the files, otherwise you can no longer access the files for processing. In theory there may be holes ( missing files ) between files, however, changing files in general is a bad idea. Your changes will not be reflected in the graphs, as the data for the graphs is evaluated once only, right after creating the file. Does that help? - Peter - -------- Original Message -------- From: Adrian Popa <adr...@ro...> To: nfs...@li... Subject: [Nfsen-discuss] Can I aggregate all files captured on one day into one? Date: Wed Aug 02 2006 10:13:18 GMT+0200 (CEST) > Hello, > > Because of limited space on the server I'm using for nfdump and nfsen I > can only keep about 33 hours of flow data. I would like to create a > script that runs automatically once a day (using a cron job) to > aggregate data from the files specified in a period of time. This can be > done with a "find" that searches for a certain pattern or files created > between time1 and time2. > > I know nfdump can create binary files containing the flows that resulted > from applying a filter, and I have the syntax for that, but my question > is this: > > If I aggregate 100 files that hold 5 minutes of flows each into a single > file that holds the information of the 100 most bandwidth consuming > flows in the specified time period, how should this file be called? I > want to delete the first 100 files. I want the aggregated file to be > used by nfsen, to display usage graphics for that period of time, > although I don't expect to get much information out of it if I run > searches on that time period. > > Will nfsen complain if it has to process a file that has flow > information for more than 5 minutes of flows? Or will it work without > special intervention? > > Thank you for your help, > Adrian Popa > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Nfsen-discuss mailing list > Nfs...@li... > https://lists.sourceforge.net/lists/listinfo/nfsen-discuss > - -- _______ SWITCH - The Swiss Education and Research Network ______ Peter Haag, Security Engineer, Member of SWITCH CERT PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7 SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland E-mail: pet...@sw... Web: http://www.switch.ch/security -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iQCVAwUBRNCHFv5AbZRALNr/AQKhdAP+OAuCXPj0By2QYdWmd3bTZiiaaJjbJ+mO b6ulq6dcCT+TbuNn6DaZ90Y/sA4OMNJ3hHOzJb25m2WXEw0eQIF0+HxDQ6mmdXcp smj0gqDhc3ALUBZNMmGsh57mme2MPah+ypg+sNNpUEZ/nnEYlo9RuFOoLXOnQHEV 7aRoaabjR70= =a5ew -----END PGP SIGNATURE----- |
