[c-nsp] nfdump snapshot 1.6b available

Peter Haag peter.haag at switch.ch
Wed Sep 30 07:12:14 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,
I just uploaded a next snapshot of my netflow tools nfdump to
sourceforge for testing. nfdump-snapshot-1.6b-20090930

The feature list for final 1.6 is now complete. Any feedback
from tester is welcomed to address bugs to be fixed for final 1.6.

Please not: The documentation is not yet fully updated.

Feel free to ping me also for future feature requests for later
releases.

Many Thanks

	- Peter

Changelog since last 1.6b snapshot:
o Add srcmask and dstmask aggregation
o Add cvs output mode. -o cvs
o Fix some bugs of previous beta
o Add bidirectional aggregation of flows ( -b, -B )
o Add possibility to save aggregated flows into file ( -w )
  Note: This results in a behaviour change for -w in combination
  with aggregation )
o Extend -N ( do not scale numbers ) to all text output not just summary
o Make extension handling more robust for some moody IOSes.
o Remove header lines of -s stat, when using -q ( quiet )
  Note: This results in a behaviour change for -N
o Remove -S option from nfdump ( legacy 1.4 compatibility )
o Make use of log (syslog) functions for nfprofile.
o Move log functions to util.c

Changlog since stable 1.5.8
o Flow-tools converter updated - supports more common elements.
o Sflow collector updated. Supports more common elements.
o Add sampling to nfdump. Sampling is automatically recognised
  in v5 undocumented header fields and in v9 option templates.
  see nfcapd.1(1)
o Add @include option for filter to include more filter files.
o Add flexible aggregation comparable to Flexible Netflow (FNF)
o All new tags can be selected in -o fmt:... see nfdump(1)
o topN stat for all new tags is implemented
o Integrate developer code to read from pcap files into stable
o Update filter syntax for new tags
o Added more v9 tags for netflow v9.
  next hop, mac addresses, mpls and vlan labels and more
  The detailed tags are listed in nfcapd(1)
  Adding new tags also extended the binary file format with
  data block format 2, which is extension based. File format
  for version <= 1.5.* ( Data block format 1 ) is read
  transparently. Data block 2 are skipped by nfdump 1.5.7.
  32bit but AS and interface numbers are supported.
o Add flexible storage option for nfcapd. To save disk space, the
  data extensions to be stored in the data file are user selectable.
o Added option for multiple netflow stream to same port.
  -n <Ident,IP,base_directory>
  Example: -n router1,192.168.100.1,/var/nfdump/router1
  So multiple -n options may be given at the command line
  Old style syntax still works for compatibility, ( -I .. -l ... )
  but then only one source is supported.
o Move to automake for building nfdump
o Switch scaling factor ( k, M, G ) from 1024 to 1000.
o Make nfdump fully 64bit compliant. ( 8bit data alignments and access )

- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag,  Security Engineer,  Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA  FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box,  CH-8021   Zurich, Switzerland
E-mail: peter.haag at switch.ch Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQCVAwUBSsM9C/5AbZRALNr/AQJOXgQAnP776mj4RVfI6xjov3stcqxTe+Csa4hs
dKGjXkcJiuXaIrWoO0h7stOtQ9qs+8TbO93MujuTlU0Wlje5Sss97i5HiRSkmgIm
4Aj8VJfUwRun9rJuCewoB52Mn63rWgmx3FfoGE4fhI9EbgyQl9JJws4KLivDDkTW
E7KWvEvAC1o=
=nmah
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list