Do we have a way to identofy the Netflow Version Automatically, when we read using nfdump?

[tarungoswami]

Is there a way I can read Netflow Version Automatically, when we read using nfdump? Its anyway available as part of detail sent by the router

[phaag]

Can you elaborate your needs here? When reading netflow with nfcapd it's automatically read, regardless the version. The version is not store in the nfdump file.

[tarungoswami]

Hello Peter,

Since I have multiple routers, some sending on v5, some on v9 and some on v10/IPFIX, I need to know on what versions the routers are sending the data. So can you include the version number as part of the nfdump data?

Thanks & Regards Tarun Kumar Goswami

From: Peter Haag notifications@github.com Sent: 31 August 2020 14:33 To: phaag/nfdump nfdump@noreply.github.com Cc: Tarun Goswami tarun.goswami@tcs.com; Author author@noreply.github.com Subject: Re: [phaag/nfdump] Do we have a way to identofy the Netflow Version Automatically, when we read using nfdump? (#242)

"External email. Open with Caution"

Can you elaborate your needs here? When reading netflow with nfcapd it's automatically read, regardless the version. The version is not store in the nfdump file.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/phaag/nfdump/issues/242#issuecomment-683658739, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AMDA4GBMOIVZACZX57756OLSDNRLFANCNFSM4QJBLBKQ. =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

[phaag]

Added in a766080

[tarungoswami]

Did not get you, can u pls elaborate, what do you mean when u say : “Added in a766080”

Thanks & Regards Tarun Kumar Goswami

From: Peter Haag notifications@github.com Sent: 31 August 2020 17:25 To: phaag/nfdump nfdump@noreply.github.com Cc: Tarun Goswami tarun.goswami@tcs.com; Author author@noreply.github.com Subject: Re: [phaag/nfdump] Do we have a way to identofy the Netflow Version Automatically, when we read using nfdump? (#242)

"External email. Open with Caution"

Added in a766080

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/phaag/nfdump/issues/242#issuecomment-683733003, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AMDA4GFRKX5FFANLTMRBSLDSDOFPZANCNFSM4QJBLBKQ. =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you

[phaag]

That's the patch number in the repo. The feature has beed added in the master repo

[tarungoswami]

Thanks for your quick turnaround. Can you please help me with how exactly will we get the netflow version via nfdump. I mean which command, options

[phaag]

You do not need anything. When collecting flow data it's added by default. Make sure to start the new collector. Check your flows with -o raw for example, you see the netflow version at the top. For other output formats and for filtering, see nfdump(1)