topic Re: How to configure nfdump to convert Netflow data from binary to text or csv? in Getting Data In

How to configure nfdump to convert Netflow data from binary to text or csv?

tgow — Fri, 31 Dec 2010 03:12:20 GMT

I need to convert netflow data from binary to text or csv so that it can be splunked. I have downloaded nfdump and was looking for any information on how to configure it?

Also, is there a better free tool then nfdump

Thanks,

Todd

Re: How to configure nfdump to convert Netflow data from binary to text or csv?

Starlette — Thu, 13 Jan 2011 03:59:20 GMT

Did you get it up and let it capture flows and writing it to disk? On http://nfdump.sourceforge.net/ are the fundamentals. So after download, untar, ./configure , make , make install ( and some dependecies like gcc, flex and others its there)

to get the deamon up : nfcapd -w -D -l /flow_base_dir/router1 -p 23456

so a port per flow,,,you should then have the rolling binaries in the /flow_base_dir/router1

But then comes the part which I am doubting as well, cause with nfdump you can convert the binaries to stdout in ascii and to a file as,,,,binary

So it looks like you have to redirect nfdump "command for doing reversing dirs" >> file and splunk that but how to prevent dups here?

OR use scripted input,,,I am hoping that someone has been so far.

anyone?

Cheers

Re: How to configure nfdump to convert Netflow data from binary to text or csv?

araitz — Fri, 25 Feb 2011 02:11:53 GMT

Check out Splunk for NetFlow:

http://splunkbase.splunk.com/apps/All/4.x/App/app:Splunk+for+NetFlow