About a year ago, Tomas Podermanski had a post about his perl library that
provides some of this functionality with a great example script that you
might review (nf_asn_geo_update):
http://sourceforge.net/p/nfdump/mailman/message/30847760/
http://search.cpan.org/~tpoder/Net-NfDump-0.05/lib/Net/NfDump.pm
It's not quite what you asked but you could have it populate the fields at
file rotation. We used this for some time while dealing with errant data
that was being populated by the manufacturer we work with. The country code
population was rather unique and provided for some interesting (and quick)
analysis.
On Mon, May 19, 2014 at 4:02 AM, Tim Kleefass <t...@haitabu.net> wrote:
> Hi there,
>
> Is there an easy way to update the source/destination AS numbers in
> nfdump data? Has anybody done this already?
>
> Background:
> We have Cisco ASR 9000 with Trident linecards (1st generation; XFP
> based). This generation of linecards does not support the export of
> source and destination (and BGP next-hop) in IPv6 flows.
>
> So I like to add the source and destination AS numbers based on an BGP
> feed with the router. Right now I am thinking of setting up exabgp on
> the NetFlow collector host. The exabgp would have a (multi-hop) BGP
> session to the exporter and can update locally on the collector host the
> nfdump data. But I'm totally unsure how to exactly accomplish the later.
>
> Any guidance is appreciated.
>
> Thanks,
> Tim
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos.
> Get unparalleled scalability from the best Selenium testing platform
> available
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Nfdump-discuss mailing list
> Nfdump-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
