Anyone? http://spacehopper.org/openbsd/nfdump.tgz
On 2008/03/15 00:22, Stuart Henderson wrote: > I mentioned this on misc@ a little while ago, but updated it since > then. (eric@ reported a problem on unsigned-char arch's when he > tested it before, my fix went upstream and into the newer version). > > anyone like to comment/ok? > > does my handling of the license/copyright notice for sFlow look > alright? (see /usr/local/share/doc/nfdump/COPYRIGHT) > > > :: DESCR-main > > The nfdump tools collect and process netflow data (v5, v7 and v9) > on the command line. They are part of the NfSen project. > > nfcapd - netflow capture daemon. Reads the netflow data from the > network and stores the data into files. Automatically rotate files > every n minutes. ( typically ever 5 min ) nfcapd reads netflow v5, > v7 and v9 flows transparently. You need one nfcapd process for each > netflow stream. > > nfdump - netflow dump. Reads the netflow data from the files stored > by nfcapd. It's syntax is similar to tcpdump. If you like tcpdump > you will like nfdump. Displays netflow data and can create lots of > top N statistics of flows IP addresses, ports etc ordered by whatever > order you like. > > nfreplay - netflow replay. Reads the netflow data from the files > stored by nfcapd and sends it over the network to another host. > > :: DESCR-nfprofile > > nfprofile is a netflow profiler, which works with the nfdump tools. > It reads the netflow data from the files stored by nfcapd, filters > the netflow data according to the specified filter sets (profiles) > and stores the filtered data into files for later use. >
