Add %ff record flags to custom output format
This commit is contained in:
Peter Haag
parent
bca76b91b3
commit
0db0d7ffd6
@ -96,6 +96,8 @@ static void AddToken(int index);
|
||||
|
||||
static void AddString(char *string);
|
||||
|
||||
static void String_FlowFlags(master_record_t *r, char *string);
|
||||
|
||||
static void String_FirstSeen(master_record_t *r, char *string);
|
||||
|
||||
static void String_LastSeen(master_record_t *r, char *string);
|
||||
@ -269,6 +271,7 @@ static struct format_token_list_s {
|
||||
char *header; // header line description
|
||||
string_function_t string_function; // function generation output string
|
||||
} format_token_list[] = {
|
||||
{ "%ff", 0, "Flow Flags", String_FlowFlags }, // flow flags in hex
|
||||
{ "%tfs", 0, "Date first seen ", String_FirstSeen }, // Start Time - first seen
|
||||
{ "%ts", 0, "Date first seen ", String_FirstSeen }, // Start Time - first seen
|
||||
{ "%te", 0, "Date last seen ", String_LastSeen }, // End Time - last seen
|
||||
@ -1809,6 +1812,11 @@ static inline void ICMP_Port_decode(master_record_t *r, char *string) {
|
||||
} // End of ICMP_Port_decode
|
||||
|
||||
/* functions, which create the individual strings for the output line */
|
||||
static void String_FlowFlags(master_record_t *r, char *string) {
|
||||
snprintf(string, MAX_STRING_LENGTH-1, "0x%.2x", r->flags);
|
||||
string[MAX_STRING_LENGTH-1] = '\0';
|
||||
}
|
||||
|
||||
static void String_FirstSeen(master_record_t *r, char *string) {
|
||||
time_t tt;
|
||||
struct tm * ts;
|
||||
|
||||
30
man/nfdump.1
30
man/nfdump.1
@ -573,7 +573,7 @@ are aggregated this results in the average bps during this periode of time.
|
||||
\fBBpp:\fR The calculated bytes per packet: number of bytes / number of packets. If flows
|
||||
are aggregated this results in the average bpp during this periode of time.
|
||||
.P
|
||||
\fBFlows:\fR Number of flows. If flows are listed only, this number is alwasy 1. If flows
|
||||
\fBFlows:\fR Number of flows. If flows are listed only, this number is always 1. If flows
|
||||
are aggregated, this shows the number of aggregated flows to one record.
|
||||
.RE
|
||||
.PD
|
||||
@ -597,6 +597,8 @@ and format specifier as described below
|
||||
.RS 3
|
||||
\fB%<format>\fR Inserts the predefined \fBformat\fR at this position. e.g. \fB%line\fR
|
||||
.br
|
||||
\fB%ff\fR flow record flags in hex.
|
||||
.br
|
||||
\fB%ts\fR Start Time \- first seen
|
||||
.br
|
||||
\fB%te\fR End Time \- last seen
|
||||
@ -785,6 +787,30 @@ Nprobe formats
|
||||
.RE
|
||||
.PD
|
||||
.P
|
||||
|
||||
The "flow flags" format (%ff) prints the internal record flags as a single hexadecimal number,
|
||||
consisting of any of these flag values or-ed together:
|
||||
.P
|
||||
.RS 3
|
||||
.br
|
||||
1 Record contains IPv6 addresses
|
||||
.br
|
||||
2 Packet counters are 64-bit
|
||||
.br
|
||||
4 Byte counters are 64-bit
|
||||
.br
|
||||
8 IP next hop is an IPv6 address
|
||||
.br
|
||||
16 BGP next hop is an IPv6 address
|
||||
.br
|
||||
32 Exporting router is an IPv6 address
|
||||
.br
|
||||
64 Record is an EVENT record
|
||||
.br
|
||||
128 Record is sampled
|
||||
.RE
|
||||
.P
|
||||
|
||||
Example: the standard output format \fBlong\fR can be created as
|
||||
.RS 3
|
||||
\fB\-o "fmt:%ts %td %pr %sap \-> %dap %flg %tos %pkt %byt %fl"\fR
|
||||
@ -810,7 +836,7 @@ Record line: 2004-07-11 10:30:00,2004-07-11 10:30:10,10.010,...
|
||||
.PD
|
||||
.P
|
||||
All records are in ASCII readable form. Numbers are not scaled, so each line
|
||||
can easly be parsed.
|
||||
can easily be parsed.
|
||||
.P
|
||||
Indices used in nfdump 1.6:
|
||||
.P
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user