24 May 2012 07:39
Re: Another question on flow-tools -> nfsen/nfdump migration.
Hi John, On 5/24/12 0:46, John Elliot wrote: > > Hi Guys, > > > We often receive requests from EC's to provide traffic analysis when there usuage is "abnormal" > > > Typically, with flow-tools it is analysis of a days flow data (24hours), and we provide: > > > Total Octets > > > Top port usage > > > Top src/dst IP > > > With flow-tools, we create a specific acl to only provide analysis on an EC's IP(could be a /32 or larger subnet) > > > Is the following the correct way to provide similar reports in nfdmp? (i.e. No acl, all inclusions/exclusions are added > in command line?) Yes - that's correct. > > > nfdump -R /data/nfsen/profiles-data/live/ASR1006/2012/05/21/ 'dst net 10.1.1.0/24' -s dstip/bytes -s port/bytes -s > record/bytes -n 20| more Correct! - you don't evene need '| more' :) - Peter > > > Thanks in advance. > > > This body part will be downloaded on demand. > > > > This body part will be downloaded on demand. -- -- -- Be nice to your netflow data ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
RSS Feed