phaag
commented
7 months ago Well, if you create a profile, you have to create channels - each can have individual filters. Each filter is processed by nfdump, which means whatever you write into the filter box, it's processed by nfdump. So it is perfectly fine to put your filters into a NfSen channel filter.
Hi Peter!
Is there any way to extend syntax of profile/chanel filters? I.e. I can run this command on my collector:
/usr/bin/nfdump -R /opt/nfsen/profiles-data/live/fwTotal/2024/02/05 -6 'in src mac 70:70:8b:39:c6:80 and dst net 10.0.0.0/8'And even more! I get some data :) So, now I'd like to define a new profile containing four channels, but I cannot find a way to define nfsen filters analogous to nfdump ones: