How to create a Query
Posted: Thu Oct 15, 2015 10:21 am
Hi Support
I run the following command in the console (via ssh):
nfdump -M /usr/local/nagiosna/var/DEVICE/flows -R . -t '2015/10/12.15:00:00-2015/10/12.17:00:00' -n '10' -s 'record/bytes' -o extended -A srcip,dstip '((not dst net My.Local.Subnet.ID/Subnet.Mask) and (not dst net My.Public.Subnet.ID/Subnet.Mask))'
Output looks like this:
Aggregated flows 27107
Top 10 flows ordered by bytes:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows
2015-10-12 15:23:25.218 3599.908 0 Local.IP.Address:0 -> Public.IP.Address:0 ...... 0 0 729.7 M 0 1.6 M 0 56
2015-10-12 15:00:01.659 7195.037 0 Local.IP.Address:0 -> Public.IP.Address:0 ...... 0 0 138.5 M 0 153995 0 11582
.....
.....
etc.
Great, but when I try the web GUI:
Output looks different - vice versa.
How I enter my example to the web GUI to get the same result?
thx.
Michal
I run the following command in the console (via ssh):
nfdump -M /usr/local/nagiosna/var/DEVICE/flows -R . -t '2015/10/12.15:00:00-2015/10/12.17:00:00' -n '10' -s 'record/bytes' -o extended -A srcip,dstip '((not dst net My.Local.Subnet.ID/Subnet.Mask) and (not dst net My.Public.Subnet.ID/Subnet.Mask))'
Output looks like this:
Aggregated flows 27107
Top 10 flows ordered by bytes:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Flags Tos Packets Bytes pps bps Bpp Flows
2015-10-12 15:23:25.218 3599.908 0 Local.IP.Address:0 -> Public.IP.Address:0 ...... 0 0 729.7 M 0 1.6 M 0 56
2015-10-12 15:00:01.659 7195.037 0 Local.IP.Address:0 -> Public.IP.Address:0 ...... 0 0 138.5 M 0 153995 0 11582
.....
.....
etc.
Great, but when I try the web GUI:
Output looks different - vice versa.
How I enter my example to the web GUI to get the same result?
thx.
Michal