farrokhi/nfdump
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

beautify README.md

Browse Source
This commit is contained in:
phaag 2015-10-03 14:18:49 +02:00
parent dd8f568303
commit 247a5e3381
1 changed files with 97 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
README.md
View File

@ -259,120 +259,124 @@ nfcapd supports a large range of netflow v9 tags. Version 1.6 nfdump
supports the following fields. This list can be found in netflow_v9.h
// Flowset record types
#define NF9_IN_BYTES 1
#define NF9_IN_PACKETS 2
#define NF9_FLOWS_AGGR 3
#define NF9_IN_PROTOCOL 4
#define NF9_SRC_TOS 5
#define NF9_TCP_FLAGS 6
#define NF9_L4_SRC_PORT 7
#define NF9_IPV4_SRC_ADDR 8
#define NF9_SRC_MASK 9
#define NF9_INPUT_SNMP 10
#define NF9_L4_DST_PORT 11
#define NF9_IPV4_DST_ADDR 12
#define NF9_DST_MASK 13
#define NF9_OUTPUT_SNMP 14
#define NF9_V4_NEXT_HOP 15
#define NF9_SRC_AS 16
#define NF9_DST_AS 17
#define NF9_BGP_V4_NEXT_HOP 18
#define NF9_LAST_SWITCHED 21
#define NF9_FIRST_SWITCHED 22
#define NF9_OUT_BYTES 23
#define NF9_OUT_PKTS 24
* NF9_IN_BYTES 1
* IN_PACKETS 2
* NF9_FLOWS_AGGR 3
* NF9_IN_PROTOCOL 4
* NF9_SRC_TOS 5
* NF9_TCP_FLAGS 6
* NF9_L4_SRC_PORT 7
* NF9_IPV4_SRC_ADDR 8
* NF9_SRC_MASK 9
* NF9_INPUT_SNMP 10
* NF9_L4_DST_PORT 11
* NF9_IPV4_DST_ADDR 12
* NF9_DST_MASK 13
* NF9_OUTPUT_SNMP 14
* NF9_V4_NEXT_HOP 15
* NF9_SRC_AS 16
* NF9_DST_AS 17
* NF9_BGP_V4_NEXT_HOP 18
#define NF9_IPV6_SRC_ADDR 27
#define NF9_IPV6_DST_ADDR 28
#define NF9_IPV6_SRC_MASK 29
#define NF9_IPV6_DST_MASK 30
* NF9_LAST_SWITCHED 21
* NF9_FIRST_SWITCHED 22
* NF9_OUT_BYTES 23
* NF9_OUT_PKTS 24
#define NF9_IPV6_FLOW_LABEL 31
#define NF9_ICMP_TYPE 32
* NF9_IPV6_SRC_ADDR 27
* NF9_IPV6_DST_ADDR 28
* NF9_IPV6_SRC_MASK 29
* NF9_IPV6_DST_MASK 30
#define NF9_SAMPLING_INTERVAL 34
#define NF9_SAMPLING_ALGORITHM 35
* NF9_IPV6_FLOW_LABEL 31
* NF9_ICMP_TYPE 32
#define NF9_ENGINE_TYPE 38
#define NF9_ENGINE_ID 39
* NF9_SAMPLING_INTERVAL 34
* NF9_SAMPLING_ALGORITHM 35
#define NF9_FLOW_SAMPLER_ID 48
#define FLOW_SAMPLER_MODE 49
#define NF9_FLOW_SAMPLER_RANDOM_INTERVAL 50
* NF9_ENGINE_TYPE 38
* NF9_ENGINE_ID 39
// #define NF9_MIN_TTL 52
// #define NF9_MAX_TTL 53
// #define NF9_IPV4_IDENT 54
* NF9_FLOW_SAMPLER_ID 48
* FLOW_SAMPLER_MODE 49
* NF9_FLOW_SAMPLER_RANDOM_INTERVAL 50
#define NF9_DST_TOS 55
#define NF9_IN_SRC_MAC 56
#define NF9_OUT_DST_MAC 57
#define NF9_SRC_VLAN 58
#define NF9_DST_VLAN 59
* NF9_MIN_TTL 52
* NF9_MAX_TTL 53
* NF9_IPV4_IDENT 54
#define NF9_DIRECTION 61
#define NF9_V6_NEXT_HOP 62
#define NF9_BPG_V6_NEXT_HOP 63
* NF9_DST_TOS 55
* NF9_IN_SRC_MAC 56
* NF9_OUT_DST_MAC 57
* NF9_SRC_VLAN 58
* NF9_DST_VLAN 59
* NF9_DIRECTION 61
* NF9_V6_NEXT_HOP 62
* NF9_BPG_V6_NEXT_HOP 63
// #define NF9_V6_OPTION_HEADERS 64
#define NF9_MPLS_LABEL_1 70
#define NF9_MPLS_LABEL_2 71
#define NF9_MPLS_LABEL_3 72
#define NF9_MPLS_LABEL_4 73
#define NF9_MPLS_LABEL_5 74
#define NF9_MPLS_LABEL_6 75
#define NF9_MPLS_LABEL_7 76
#define NF9_MPLS_LABEL_8 77
#define NF9_MPLS_LABEL_9 78
#define NF9_MPLS_LABEL_10 79
#define NF9_IN_DST_MAC 80
#define NF9_OUT_SRC_MAC 81
* NF9_MPLS_LABEL_1 70
* NF9_MPLS_LABEL_2 71
* NF9_MPLS_LABEL_3 72
* NF9_MPLS_LABEL_4 73
* NF9_MPLS_LABEL_5 74
* NF9_MPLS_LABEL_6 75
* NF9_MPLS_LABEL_7 76
* NF9_MPLS_LABEL_8 77
* NF9_MPLS_LABEL_9 78
* NF9_MPLS_LABEL_10 79
* NF9_IN_DST_MAC 80
* NF9_OUT_SRC_MAC 81
#define NF9_FORWARDING_STATUS 89
* NF9_FORWARDING_STATUS 89
#define NF9_BGP_ADJ_NEXT_AS 128
#define NF9_BGP_ADJ_PREV_AS 129
* NF9_BGP_ADJ_NEXT_AS 128
* NF9_BGP_ADJ_PREV_AS 129
// CISCO ASA NSEL extension - Network Security Event Logging
#define NF_F_FLOW_BYTES 85
#define NF_F_CONN_ID 148
#define NF_F_FLOW_CREATE_TIME_MSEC 152
#define NF_F_ICMP_TYPE 176
#define NF_F_ICMP_CODE 177
#define NF_F_ICMP_TYPE_IPV6 178
#define NF_F_ICMP_CODE_IPV6 179
#define NF_F_FWD_FLOW_DELTA_BYTES 231
#define NF_F_REV_FLOW_DELTA_BYTES 232
#define NF_F_FW_EVENT84 233
#define NF_F_EVENT_TIME_MSEC 323
#define NF_F_INGRESS_ACL_ID 33000
#define NF_F_EGRESS_ACL_ID 33001
#define NF_F_FW_EXT_EVENT 33002
#define NF_F_USERNAME 40000
#define NF_F_XLATE_SRC_ADDR_IPV4 40001
#define NF_F_XLATE_DST_ADDR_IPV4 40002
#define NF_F_XLATE_SRC_PORT 40003
#define NF_F_XLATE_DST_PORT 40004
#define NF_F_FW_EVENT 40005
* NF_F_FLOW_BYTES 85
* NF_F_CONN_ID 148
* NF_F_FLOW_CREATE_TIME_MSEC 152
* NF_F_ICMP_TYPE 176
* NF_F_ICMP_CODE 177
* NF_F_ICMP_TYPE_IPV6 178
* NF_F_ICMP_CODE_IPV6 179
* NF_F_FWD_FLOW_DELTA_BYTES 231
* NF_F_REV_FLOW_DELTA_BYTES 232
* NF_F_FW_EVENT84 233
* NF_F_EVENT_TIME_MSEC 323
* NF_F_INGRESS_ACL_ID 33000
* NF_F_EGRESS_ACL_ID 33001
* NF_F_FW_EXT_EVENT 33002
* NF_F_USERNAME 40000
* NF_F_XLATE_SRC_ADDR_IPV4 40001
* NF_F_XLATE_DST_ADDR_IPV4 40002
* NF_F_XLATE_SRC_PORT 40003
* NF_F_XLATE_DST_PORT 40004
* NF_F_FW_EVENT 40005
// Cisco ASR 1000 series NEL extension - Nat Event Logging
#define NF_N_NAT_EVENT 230
#define NF_N_INGRESS_VRFID 234
#define NF_N_NAT_INSIDE_GLOBAL_IPV4 225
#define NF_N_NAT_OUTSIDE_GLOBAL_IPV4 226
#define NF_N_POST_NAPT_SRC_PORT 227
#define NF_N_POST_NAPT_DST_PORT 228
* NF_N_NAT_EVENT 230
* NF_N_INGRESS_VRFID 234
* NF_N_NAT_INSIDE_GLOBAL_IPV4 225
* NF_N_NAT_OUTSIDE_GLOBAL_IPV4 226
* NF_N_POST_NAPT_SRC_PORT 227
* NF_N_POST_NAPT_DST_PORT 228
// nprobe latency extensions
#define NF9_NPROBE_CLIENT_NW_DELAY_SEC 57554
#define NF9_NPROBE_CLIENT_NW_DELAY_USEC 57555
#define NF9_NPROBE_SERVER_NW_DELAY_SEC 57556
#define NF9_NPROBE_SERVER_NW_DELAY_USEC 57557
#define NF9_NPROBE_APPL_LATENCY_SEC 57558
#define NF9_NPROBE_APPL_LATENCY_USEC 57559
* NF9_NPROBE_CLIENT_NW_DELAY_SEC 57554
* NF9_NPROBE_CLIENT_NW_DELAY_USEC 57555
* NF9_NPROBE_SERVER_NW_DELAY_SEC 57556
* NF9_NPROBE_SERVER_NW_DELAY_USEC 57557
* NF9_NPROBE_APPL_LATENCY_SEC 57558
* NF9_NPROBE_APPL_LATENCY_USEC 57559
32 and 64 bit counters are supported for any counters. However, internally
nfdump stores packets and bytes counters always as 64bit counters.