Commit Graph

5 Commits

Author SHA1 Message Date
sthen
0a2c55eb28 update NfDump to 1.6.3p1 2011-03-24 23:03:23 +00:00
sthen
bfee2d9b00 Build nftrack (from nfsen contribs directory), allowing tracking of
TCP/UDP ports. To be used in conjunction with the PortTracker plugin for
NfSen (not yet packaged).

It's included in the nfprofile subpackage as it's normally used in
conjunction with nfprofile and, like nfprofile, depends on the RRD
libraries.
2010-06-04 11:28:42 +00:00
sthen
e461e47b8a Install an _nfcapd user; nfsen will want it 2010-04-30 11:50:20 +00:00
sthen
66d2eec0e7 update to 1.5.8 (daylight-saving and 64-bit bug fixes). 2009-05-15 06:56:05 +00:00
sthen
087470f328 import nfdump and nfprofile (the latter as a subpackage since not
everyone needs that, and it pulls in heavier dependencies)

-- -- --
The nfdump tools collect and process netflow data (v5, v7 and v9)
on the command line. They are part of the NfSen project.

nfcapd - netflow capture daemon.  Reads the netflow data from the
network and stores the data into files. Automatically rotate files
every n minutes (typically every 5 minutes). nfcapd reads netflow v5,
v7 and v9 flows transparently. You need one nfcapd process for each
netflow stream.

nfdump - netflow dump.  Reads the netflow data from the files stored
by nfcapd. Its syntax is similar to tcpdump. If you like tcpdump
you will like nfdump. Displays netflow data and can create lots of
top N statistics of flows IP addresses, ports etc in whichever
order you like.

nfreplay - netflow replay.  Reads the netflow data from the files
stored by nfcapd and sends it over the network to another host.

A web front-end, NfSen, is available at http://nfsen.sourceforge.net/
-- -- --
nfprofile is a netflow profiler, which works with the nfdump tools.
It reads the netflow data from the files stored by nfcapd, filters
the netflow data according to the specified filter sets (profiles)
and stores the filtered data into files for later use.
-- -- --

thanks to eric@ for testing/feedback on an earlier version, and to
upstream for rolling a new release including the patches as a result.

"that should be in ports for sure" henning@
2008-05-21 22:28:35 +00:00