0

I am trying to figure out meaning in a nfdump output, but I cannot seem to find any sources for this. For now I am mostly trying to understand what some of the categories mean.

What I have is a basic output with the following fields: Date first seen Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte

In all entries of the output the "Event" is "INVALID", "Xevent" is "Ignore", "X-Src" and "X-Dst" are "0.0.0.0". So what exactly are these fields telling me? What do they mean?

Is there a list of possible fields and there meaning? Because me doing Google doesn't help much.

arnby
  • 1
  • 1
  • Haven't you just missed the first place to look at, [man nfdump](https://manpages.ubuntu.com/manpages/xenial/man1/nfdump.1.html)? – Nikita Kipriyanov Mar 13 '23 at 09:57
  • Well, yes and no. I did not take a good look, but it doesn’t help much when I do. It moves the question to NSEL/ASA stats which is just as obscure. Like event is NSEL/ASA event and xevent is NSEL/ASA extended event – arnby Mar 13 '23 at 15:16
  • No, because it would hint at Cisco ASA NetFlow Secure Event Logging. Which could imply that these fields are meaningful only for flows collected from ASA device. – Nikita Kipriyanov Mar 13 '23 at 16:01

0 Answers0