[c-nsp] nfdump-1.6 available
Peter Haag
peter.haag at switch.ch
Tue Jan 5 03:55:08 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
I'm happy to announce, that nfdump-1.6 is available for downloading
@ Sourceforge. Several new features have been added ( see list below )
nfdump-1.6 is mostly compatible with nfdump-1.5.x.
nfdump-1.6 works with current NfSen 1.3.2, however, the new features are not
accessible using the interface.
*** Please note: *** PortTracker from NfSen 1.3.2 does *NOT* work with nfdump-1.6.
An updated version for NfSen/PortTracker will be released later.
- Peter
NEW in 1.6 since 1.5.8 ( latest on top )
- ----------------------
o Add router IP extension.
o Add router ID extension (engine type/ID)
o Add srcmask and dstmask aggregation
o Aggregated ( -a, -A, -b, -B ) or sorted flows ( -m ) can be written back
to binary files ( -w )
Note: This results in a behaviour change for -w in combination
with aggregation
o Extend -N ( do not scale numbers ) to all text output not just summary
o Remove header lines of -s stat, when using -q ( quiet )
Note: This results in a behaviour change for -N
o Remove legacy v1.4 file compatibility
o Remove -S option from nfdump ( legacy 1.4 compatibility )
o Make use of log (syslog) functions for nfprofile.
o Move log functions to util.c
o Update sflow collector.
o Add parse_csv.pl script as an example to parse csv output
o Add csv output format ( -o cvs ) as replacement for -o pipe - keep -o pipe for now.
o Flow-tools converter updated - supports all common elements.
o Sflow collector updated. Supports more common elements.
o Add sampling to nfdump. Sampling is automatically recognised
in undocumented v5 header fields and in v9 option templates.
see nfcapd(1)
o Add @include option for filter to include more filter files.
o Add bidirectional aggregation ( -b, -B ) - experimental feature
o Add flexible aggregation comparable to Flexible Netflow (FNF)
over all available v9 tags
o All new tags can be selected in -o fmt:... see nfdump(1)
o topN stat for all new tags is implemented
o Integrate developer code to read from pcap files into stable branch
o Update filter syntax for new tags
o Add flexible storage option for nfcapd. To save disk space, the
data extensions to be stored in the data file are user selectable.
o Added more v9 tags for netflow v9.
The detailed tags are listed in nfcapd(1) Beside of MAC addresses
and VLAN labels, also MPLS labels and many more v9 tags are now
supported. AS numbers and interface numbers are now 32bit clean.
Adding new tags also extended the binary file format with
data block type 2, which is extension based. File format
for version <= 1.5.* ( Data block format type 1 ) is read
transparently. ( --enable-compat15 ) Data block type 2 are skipped
by nfdump 1.5.8.
o Added option for multiple netflow stream to same port.
-n <Ident,IP,base_directory>
Example: -n router1,192.168.100.1,/var/nfdump/router1
So multiple -n options may be given at the command line
Old style syntax still works for compatibility, ( -I .. -l ... )
but then only one source is supported.
o Move to automake for building nfdump
o Make nfdump fully 64bit compliant. ( 32/64bit data alignments and access )
Compiles and runs cleanly on 32/64bit systems
o Switch scaling factor ( k, M, G ) from 1024 to 1000.
- --
_______ SWITCH - The Swiss Education and Research Network ______
Peter Haag, Security Engineer, Member of SWITCH CERT
PGP fingerprint: D9 31 D5 83 03 95 68 BA FB 84 CA 94 AB FC 5D D7
SWITCH, Werdstrasse 2, P.O. Box, CH-8021 Zurich, Switzerland
E-mail: peter.haag at switch.ch Web: http://www.switch.ch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBS0L+a/5AbZRALNr/AQLe+wP8DWmHQ5KtEUDiDDDp/MsQo2FJYEawQD+c
eotuBTSi8Pz8XoLysWBFxYYtey1WdiaAGdbJZylltJa0To1iT92nejqOXaVJtl3u
Uo6tMIEV6R7hDPNqJ/hK5xfkVqVPBT72hGUOsvwxKJ6mosq3Ef7VkFDLzWmF9NOz
rkW9Rz0sF4k=
=jTuj
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list