Trying to understand nfdump output

arnby

3/13/24, 7:57 AM

I am trying to figure out meaning in a nfdump output, but I cannot seem to find any sources for this. For now I am mostly trying to understand what some of the categories mean.

What I have is a basic output with the following fields: Date first seen Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte

In all entries of the output the "Event" is "INVALID", "Xevent" is "Ignore", "X-Src" and "X-Dst" are "0.0.0.0". So what exactly are these fields telling me? What do they mean?

Is there a list of possible fields and there meaning? Because me doing Google doesn't help much.

173

0 + 3

netflow

Nikita Kipriyanov

3/13/24, 9:57 AM

Haven't you just missed the first place to look at, [man nfdump](https://manpages.ubuntu.com/manpages/xenial/man1/nfdump.1.html)?

arnby

3/13/24, 3:16 PM

Well, yes and no. I did not take a good look, but it doesn’t help much when I do. It moves the question to NSEL/ASA stats which is just as obscure. Like event is NSEL/ASA event and xevent is NSEL/ASA extended event

Nikita Kipriyanov

3/13/24, 4:01 PM

No, because it would hint at Cisco ASA NetFlow Secure Event Logging. Which could imply that these fields are meaningful only for flows collected from ASA device.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Trying to understand nfdump output

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.