How to create a Query

PFSit · Post by **PFSit** » Thu Oct 15, 2015 10:21 am

Hi Support

I run the following command in the console (via ssh):

nfdump -M /usr/local/nagiosna/var/DEVICE/flows -R . -t '2015/10/12.15:00:00-2015/10/12.17:00:00' -n '10' -s 'record/bytes' -o extended -A srcip,dstip '((not dst net My.Local.Subnet.ID/Subnet.Mask) and (not dst net My.Public.Subnet.ID/Subnet.Mask))'

Output looks like this:

Aggregated flows 27107
Top 10 flows ordered by bytes:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows
2015-10-12 15:23:25.218 3599.908 0 Local.IP.Address:0 -> Public.IP.Address:0 ...... 0 0 729.7 M 0 1.6 M 0 56
2015-10-12 15:00:01.659 7195.037 0 Local.IP.Address:0 -> Public.IP.Address:0 ...... 0 0 138.5 M 0 153995 0 11582
.....
.....
etc.
Great, but when I try the web GUI:

wtf-NagiosNA-01.JPG

Output looks different - vice versa.

How I enter my example to the web GUI to get the same result?

thx.
Michal

jdalrymple · Post by **jdalrymple** » Thu Oct 15, 2015 1:53 pm

In Aggregate By put "srcip,dstip"
In the query window put "(not dst net My.Local.Subnet.ID/Subnet.Mask) and (not dst net My.Public.Subnet.ID/Subnet.Mask)"
The -s is handled by the gui - after you run the query just click on the column header

PFSit · Post by **PFSit** » Fri Oct 16, 2015 4:06 am

the same result as in the picture above.

jdalrymple · Post by **jdalrymple** » Fri Oct 16, 2015 5:51 am

It works perfectly on my system, see attachment.

Can you PM us a screenshot without the numbers blanked out, or alternatively open a support ticket and we'll do a remote session?

Nagios Support Forum

How to create a Query

How to create a Query

Re: How to create a Query

Re: How to create a Query

Re: How to create a Query