Skip Menu |

This queue is for tickets about the Net-NfDump CPAN distribution.

Report information
The Basics
Id: 105472
Status: resolved
Priority: 0/
Queue: Net-NfDump
People
Owner: TPODER [...] cpan.org
Requestors: quentin.grandemange [...] univ-lorraine.fr
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 1.10

History Show all quoted text
  Wed Jun 24 10:10:46 2015 quentin.grandemange [...] univ-lorraine.fr - Ticket created
Subject: Problem with aggreg
Date: Wed, 24 Jun 2015 16:10:16 +0200 (CEST)
To: bug-Net-NfDump [...] rt.cpan.org
From: Quentin Grandemange <quentin.grandemange [...] univ-lorraine.fr>
Hello, First, congratulations for your great Net-NfDump Lib ! I notice some weird issue when I try to use your tool making aggregation. Here is my environment : * Perl v5.18.2 * Ubuntu 14.04 LTS * Linux 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:30:01 UTC 2014 i686 i686 i686 GNU/Linux * Net::NfDump 1.09 * NfDump 1.6.13 And now, the bug (I believe it’s one ...) I got my nfcapd.xxxx file fill with all the informations from nfdump. I try to insert some value into a Postgres DB. Those informations are: srcas, dstas, inif, outif, pkts, pps, bytes, bps. So, There is my code : #!/bin/perl use Net::NfDump qw ':all'; use DBI; $flow = new Net::NfDump( InputFiles => [ '/home/users/xxxx/test/postgres/nfcapd.201506221430' ], Fields => 'srcas,dstas,inif,outif,pkts,pps,bytes,bps', Aggreg => 1); $flow->query(); printf "first, srcas, dstas, inif, outif, pkts, pps, bytes, bps\n"; while (my ($srcas, $dstas, $inif, $outif, $pkts, $pps, $bytes, $bps)= $flow->fetchrow_array() ) { printf "%s,%u,%u,%u,%u,%u,%u,%u,%u\n", time, $srcas, $dstas, $inif, $outif, $pkts, $pps, $bytes, $bps; } $flow->finish(); When I run that code, the fields inif and outif are absolutly wrong (ex : inif = 1582301312, outif = 58515218000, instead of some values between 0 and 500). But, if I just aggreg on srcas,dstas and inif. The inif values seem correct. The pps and bps values are set to 0. This is a strange behavior. Does-it seem correct ? For record, the (head) output value of the previous function: (the first column is not the same as the first seen nfdump one) first, srcas, dstas, inif, outif, pkts, pps, bytes, bps 1435154484,24611,3462,23593088,2022703464,96762000,0,142139387000,0 1435154484,24611,3462,23462016,235405670,93589000,0,137672867000,0 1435154484,24611,3462,23658624,1893728617,89420000,0,131864812000,0 1435154484,24611,3462,23527552,3063939431,89700000,0,131818851000,0 1435154484,15169,6661,8388965,2496659584,59938000,0,80324300000,0 1435154484,24611,3320,23724160,2394423658,40931000,0,58515218000,0 1435154484,15169,0,8388965,1953497216,35878000,0,44496681000,0 1435154484,24611,4760,23920768,2561147245,22649000,0,33007719000,0 And the same record with nfdump : xxxxxxx:~/test/postgres$ nfdump -r nfcapd.201506221430 -A 'srcas,dstas,inif,outif' -N -O 'Bytes' | head Date first seen Duration Src AS Dst AS Input Output Packets Bytes bps Bpp Flows 2015-06-22 14:28:51.950 359.680 24611 3462 128 360 96762000 142139387000 3161463233 1468 14200 2015-06-22 14:28:52.900 357.950 24611 3462 128 358 93589000 137672867000 3076918385 1471 13944 2015-06-22 14:28:52.850 358.750 24611 3462 128 361 89420000 131864812000 2940539361 1474 14394 2015-06-22 14:28:51.900 360.090 24611 3462 128 359 89700000 131818851000 2928575656 1469 14363 2015-06-22 14:28:52.960 358.400 15169 6661 357 128 59938000 80324300000 1792953125 1340 23160 2015-06-22 14:28:51.900 359.480 24611 3320 128 362 40931000 58515218000 1302219161 1429 9379 2015-06-22 14:28:51.950 351.980 15169 0 357 128 35878000 44496681000 1011345667 1240 10268 2015-06-22 14:28:52.960 357.510 24611 4760 128 365 22649000 33007719000 738613610 1457 4662 2015-06-22 14:28:52.880 353.690 22822 6661 365 128 20399000 28104266000 635681325 1377 5188 Regards, -- Quentin Grandemange Doctorant en télécommunication, CRAN - Post Luxembourg Ingénieur ESSTIN
  Mon Jun 29 07:04:51 2015 TPODER [...] cpan.org - Taken
  Mon Jun 29 07:06:05 2015 TPODER [...] cpan.org - Status changed from 'new' to 'open'
  Wed Jul 01 07:28:51 2015 quentin.grandemange [...] univ-lorraine.fr - Correspondence added
Subject: Re: [rt.cpan.org #105472]
Date: Wed, 1 Jul 2015 13:28:27 +0200 (CEST)
To: bug-Net-NfDump [...] rt.cpan.org
From: Quentin Grandemange <quentin.grandemange [...] univ-lorraine.fr>
Hello, I tested the v1.10 of the pluging and the issue seems to be fixed ! Thank you for the quick fix ! Regards, PS : Can you remove the data/example I provided to illustrate the problem in the first message ? QG
  Thu Jul 02 04:45:29 2015 TPODER [...] cpan.org - Correspondence added
Hi, thanks for precise reporting the bug and testing in last version. I will try to remove the original examples of the code that you provided, however I am not sure whether the RT system will allow me to do it. Tomas On Wed Jul 01 07:28:51 2015, quentin.grandemange@univ-lorraine.fr wrote: Show quoted text
> Hello, > > I tested the v1.10 of the pluging and the issue seems to be fixed ! > > Thank you for the quick fix ! > > Regards, > > PS : Can you remove the data/example I provided to illustrate the > problem in the first message ? > > QG
  Thu Jul 02 04:45:29 2015 TPODER [...] cpan.org - Status changed from 'open' to 'resolved'
  Thu Jul 02 04:45:30 2015 TPODER [...] cpan.org - Fixed in 1.10 added