This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
пакет_nfdump [2022/03/30 09:18] val |
пакет_nfdump [2023/02/14 08:54] (current) val |
||
---|---|---|---|
Line 6: | Line 6: | ||
<code> | <code> | ||
# apt install nfdump | # apt install nfdump | ||
+ | |||
+ | # man nfcapd | ||
# cat /etc/nfdump/default.conf | # cat /etc/nfdump/default.conf | ||
Line 12: | Line 14: | ||
options='-S 2 -l /var/cache/nfdump -p 2055' | options='-S 2 -l /var/cache/nfdump -p 2055' | ||
</code><code> | </code><code> | ||
+ | # service nfdump restart | ||
+ | |||
# ps auxwww | grep nfcapd | # ps auxwww | grep nfcapd | ||
Line 21: | Line 25: | ||
/OUTPUT FORMATS | /OUTPUT FORMATS | ||
- | # nfdump -o csv -q -R /var/cache/nfdump/2022/ | grep 192.168.X.128 | + | # nfdump -o csv -q -R /var/cache/nfdump/ | grep 192.168.X.101 |
- | # service nfdump restart | + | # nfdump -o csv -q -R /var/cache/nfdump/ 'proto tcp and src ip 192.168.X.101' |
- | # nfdump -o csv -q -R /var/cache/nfdump/2022/ 'proto tcp and src ip 192.168.X.128' | + | # nfdump -o csv -q -A dstip -R /var/cache/nfdump/2022/03/ 'dst net 192.168.X.0/24' | cut -d',' -f5,12,13 |
</code> | </code> |