Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aggregation using SEL/NEL #48

Closed
salsero opened this issue Jan 2, 2017 · 2 comments
Closed

Aggregation using SEL/NEL #48

salsero opened this issue Jan 2, 2017 · 2 comments

Comments

@salsero
Copy link

salsero commented Jan 2, 2017
edited
Loading

Hi,
i am using nfdump: Version: NSEL-NEL1.6.15 and I am having an hard time finding how to aggregate data using the SEL/NSEL parameters.

I am looking for a way to aggregate the flows using either :
xsrcip NSEL/ASA translated src IP address
xdstip NSEL/ASA translated dst IP address

nfdump -R nfcapd.201701020849 -A nsrcip -o "fmt:%ts %te %pr %sap %xsa %pkt %byt %fl"
Unknown aggregation specifier 'nsrcip'

nfdump -R nfcapd.201701020744 -o nsel -A srcip,xsrcip
Unknown aggregation specifier 'xsrcip'

Does anyone know the correct syntax for nfdump?
Thanks
@salsero
Copy link
Author

salsero commented Jan 3, 2017

For those interested, I think I found a way of doing it:

root@netflowcollector:/var/cache/nfdump# nfdump -R nfcapd.201701020744 -o "fmt:%ts %te %pr %sap %xsa %fl" -a 'src xip 100.64.2.110'
Date first seen Date last seen Proto Src IP Addr:Port X-late Src IP Flows
2017-01-02 08:52:05.655 2017-01-02 08:52:26.531 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 07:46:32.478 2017-01-02 07:46:50.012 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 07:45:17.130 2017-01-02 07:45:36.555 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 08:52:05.650 2017-01-02 08:52:23.281 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 07:46:32.481 2017-01-02 07:46:54.349 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 08:52:10.532 2017-01-02 08:52:27.349 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 08:52:10.525 2017-01-02 08:52:31.325 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 08:52:05.652 2017-01-02 08:52:19.901 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-03 03:41:24.503 2017-01-03 03:41:44.963 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 08:52:05.651 2017-01-02 08:52:27.611 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 08:52:10.529 2017-01-02 08:52:27.471 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 07:46:32.485 2017-01-02 07:46:54.884 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 08:52:10.533 2017-01-02 08:52:26.796 ICMP 100.64.4.10:0 100.64.2.110 2
2017-01-02 07:46:32.483 2017-01-02 07:46:48.088 ICMP 100.64.4.10:0 100.64.2.110 2
Summary: total flows: 28, total bytes: 0, total packets: 0, avg bps: 0, avg pps: 0, avg bpp: 0
Time window: 2017-01-02 07:45:17 - 2017-01-03 05:14:18
Total flows processed: 92, Blocks skipped: 0, Bytes read: 49448
Sys: 0.008s flows/second: 11500.0 Wall: 0.002s flows/second: 45186.6

@phaag
Copy link
Owner

phaag commented Dec 21, 2017

Added x-late ip aggregation, if compiled with NSEL support.

for example:
./nfdump -r nfcapd..xxx -a -A srcip,xsrcip

@phaag phaag closed this as completed Dec 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@salsero @phaag