I want to filter the netflow records by engine_id, I have tried
nfdump -r <FILE> engine_id 10
and
nfdump -r <FILE> -s engine_id 10
But, it is not working.
What do I do wrong?
Here you find the manual for nfdump.
Asked
Active
Viewed 84 times
2
Rui F Ribeiro
- 56,709
- 26
- 150
- 232
Veerendra K
- 520
- 2
- 9
- 25
1 Answers
1
I don't know we can filter with engine id in netflow records. I found this LINK. My goal is to differentiate the input OVS port in different servers. From that article, we can differentiate the input OVS ports with combination of "add_to_interface=true”, “engine_id=10”.
In that Article
"There is another use case for Engine ID. As I already explained that OVS uses OpenFlow port number as an In/Out interface number in NetFlow flow record. Because OpenFlow port number is a per bridge unique number, there is a chance for these numbers to collide across bridges. To get around this problem, you can set “add_to_interface” to true."
“When this parameter is set to true, the 7 most significant bits of In/Out interface number is replaced with the 7 least significant bits of Engine ID. This will help interface number collision happen less likely.”
Veerendra K
- 520
- 2
- 9
- 25
engine-idinstead ofengine_id. Try that, and also quote your filter on the command line, which means that the shell passes it to nfdump as a single parameters, instead of one per word. So trynfdump -r "/path/to/file.ext" "engine-id 10"– Gert van den Berg Oct 26 '15 at 11:18nfdump -r "nfcapd.201510262034" "engine-id 10", but im getting output like thisDate first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows Summary: total flows: 0, total bytes: 0, total packets: 0, avg bps: 0, avg pps: 0, avg bpp: 0 Time window: 2015-10-26 20:34:49 - 2015-10-26 20:35:51 Total flows processed: 124, Blocks skipped: 0, Bytes read: 6744 Sys: 0.000s flows/second: 124124.1 Wall: 0.000s flows/second: 2530612.2. Not getting the records(That file has data) – Veerendra K Oct 26 '15 at 11:40