Hi Dmitry, Pls test with the laste Github version. If it is still an issue, let me know.
- Peter On 31.12.15 09:52, Dmitry Petuhov wrote: > Found strange behaviour on flow aggregation with binary output: > # nfdump -V > nfdump: Version: NSEL-NEL1.6.13 > # nfdump -r nfcapd.201512311115 -a -w nfcapd.201512311115.a > # nfdump -r nfcapd.201512311115.a -o long | head > Date first seen Duration Proto Src IP Addr:Port > Dst IP Addr:Port Flags Tos Packets Bytes Flows > 2015-12-31 11:16:34.976 38.936 UDP 0.0.0.4:25813 -> > 70.140.177.12:49001 ...... 0 168.8 M 2 1572669509 > 2015-12-31 11:19:35.406 698.030 UDP 0.0.0.13:57288 -> > 10.2.11.6:10006 ...... 0 1.2 G 0 0 > 2015-12-31 11:18:08.535 30.090 UDP 0.0.0.1:47574 -> > 10.4.139.190:30017 ...... 0 1.9 G 0 0 > 2015-12-31 11:16:15.211 184.629 TCP 0.0.0.12:51654 -> > 10.33.169.110:443 ...... 0 1.6 G 0 0 > 2015-12-31 11:26:19.012 11.944 TCP 0.0.0.6:443 -> > 217.69.139.42:50176 .AP.SF 0 168.4 M 55 1572669507 > 2015-12-31 11:17:56.516 129.004 TCP 0.0.0.12:58815 -> > 10.33.174.230:39959 ...... 0 3.0 G 0 0 > > Aggregation with text output seems work fine: > # nfdump -r nfcapd.201512311115 -a -o long | head > Date first seen Duration Proto Src IP Addr:Port > Dst IP Addr:Port Flags Tos Packets Bytes Flows > 2015-12-31 11:16:34.976 38.936 UDP 70.140.177.12:25813 -> > 10.15.12.133:49001 ...... 0 2 973 2 > 2015-12-31 11:16:15.211 184.629 TCP 10.33.169.110:51654 -> > 95.83.191.12:443 ...... 0 0 0 2 > 2015-12-31 11:26:19.012 11.944 TCP 217.69.139.42:443 -> > 10.9.73.230:50176 .AP.SF 0 55 62365 1 > 2015-12-31 11:18:18.884 0.108 TCP 94.140.201.98:80 -> > 10.33.170.28:58715 .AP.SF 0 179 261739 1 > 2015-12-31 11:27:38.988 60.940 UDP 110.32.96.78:18946 -> > 10.34.135.66:62348 ...... 0 2 340 2 > 2015-12-31 11:28:36.548 11.448 TCP 217.20.156.21:443 -> > 10.4.89.29:21317 .AP.SF 0 19 15595 1 > 2015-12-31 11:31:15.952 1.040 TCP 64.233.164.132:443 -> > 10.2.241.198:50284 .AP.S. 0 106 124096 1 > 2015-12-31 11:15:46.181 401.232 UDP 85.95.188.69:20467 -> > 95.83.148.178:62470 ...... 0 9 432 3 > 2015-12-31 11:17:04.928 0.000 UDP 120.29.73.76:51413 -> > 10.162.24.138:49001 ...... 0 1 328 1 > > Maybe this is important: input files are written with nfcapd of > different version: > # nfcapd -V > nfcapd: Version: 1.6.11 $Date: 2013-11-16 09:04:43 +0100 (Sat, 16 Nov > 2013) $ > > And have netflow v5 and v9+NEL. > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Nfdump-discuss mailing list > Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss > -- Be nice to your netflow data. Use NfSen and nfdump :) ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss