Closed novaksam closed 4 years ago
Just passing this along :) Not sure what naming convention you use, so I thought I'd leave that up to you.
cat netflow.yml | grep : | grep -v - | cut -d':' -f1 | sort > Netflow_IDs.txt
nprobe -H | grep NFv9 | cut -d ']' -f1 | cut -d' ' -f2 | sort > Nprobe_IDs.txt
diff -u Netflow_IDs.txt Nprobe_IDs.txt | grep -v - | grep + | cut -d'+' -f2 > Missing_IDs.txt
nprobe -H | grep NFv9 > Nprobe_Items.txt
for E in $(cat Missing_IDs.txt); do grep $E Nprobe_Items.txt ; done
rm Netflow_IDs.txt Nprobe_Items.txt Nprobe_IDs.txt Missing_IDs.txt
[NFv9 57550][IPFIX 35632.78][Len 1] %CLIENT_TCP_FLAGS Cumulative of all client TCP flags [NFv9 57551][IPFIX 35632.79][Len 1] %SERVER_TCP_FLAGS Cumulative of all server TCP flags [NFv9 57788][IPFIX 35632.316][Len 96 varlen] %SIP_UAC SIP user-agent client [NFv9 57789][IPFIX 35632.317][Len 96 varlen] %SIP_UAS SIP user-agent server [NFv9 57944][IPFIX 35632.472][Len 8] %SRC_TO_DST_SECOND_BYTES Bytes/sec (src->dst) [pro only] [NFv9 57945][IPFIX 35632.473][Len 8] %DST_TO_SRC_SECOND_BYTES Bytes/sec2 (dst->src) [pro only] [NFv9 57952][IPFIX 35632.480][Len 64 varlen] %DICOM_IMPL_UID DICOM Impl. UID [NFv9 57953][IPFIX 35632.481][Len 64 varlen] %DICOM_IMPL_VERSION DICOM Impl. Version [NFv9 57954][IPFIX 35632.482][Len 64 varlen] %DICOM_MODALITY DICOM Modality [NFv9 57955][IPFIX 35632.483][Len 64 varlen] %DICOM_MANUFACTURER DICOM Manufacturer [NFv9 57956][IPFIX 35632.484][Len 64 varlen] %DICOM_INST_NAME DICOM Institution Name [NFv9 57957][IPFIX 35632.485][Len 64 varlen] %DICOM_INST_ADDR DICOM Institution Address [NFv9 57958][IPFIX 35632.486][Len 64 varlen] %DICOM_STATION_NAME DICOM Station Name [NFv9 57959][IPFIX 35632.487][Len 64 varlen] %DICOM_DEVICE_SERIAL DICOM Device Serial [NFv9 57960][IPFIX 35632.488][Len 64 varlen] %DICOM_SW_VERSION DICOM Software Version [NFv9 57961][IPFIX 35632.489][Len 32 varlen] %JA3C_HASH JA3 client hash [NFv9 57962][IPFIX 35632.490][Len 32 varlen] %JA3S_HASH JA3 server hash [NFv9 57963][IPFIX 35632.491][Len 48 varlen] %SRC_HOST_NAME Symbolic src host name [NFv9 57964][IPFIX 35632.492][Len 48 varlen] %DST_HOST_NAME Symbolic dst host name [NFv9 57965][IPFIX 35632.493][Len 2] %SSL_CIPHER SSL Connection Cipher [NFv9 57966][IPFIX 35632.494][Len 1] %SSL_UNSAFE_CIPHER SSL Safe(0)/unsafe(1) cipher [NFv9 57967][IPFIX 35632.495][Len 2] %SSL_VERSION SSL Version [NFv9 58500][IPFIX 35632.1028][Len 16] %PROTOCOL_MAP IP protocol name [NFv9 58503][IPFIX 35632.1031][Len 16] %L4_SRC_PORT_MAP Layer 4 source port symbolic name [NFv9 58507][IPFIX 35632.1035][Len 16] %L4_DST_PORT_MAP Layer 4 destination port symbolic name [NFv9 58508][IPFIX 35632.1036][Len 2] %L4_SRV_PORT Layer 4 server port [NFv9 58509][IPFIX 35632.1037][Len 16] %L4_SRV_PORT_MAP Layer 4 server port symbolic name
Thanks for providing this information. These additional fields have been committed to master and will be in the next release.
master
Just passing this along :) Not sure what naming convention you use, so I thought I'd leave that up to you.
cat netflow.yml | grep : | grep -v - | cut -d':' -f1 | sort > Netflow_IDs.txt
nprobe -H | grep NFv9 | cut -d ']' -f1 | cut -d' ' -f2 | sort > Nprobe_IDs.txt
diff -u Netflow_IDs.txt Nprobe_IDs.txt | grep -v - | grep + | cut -d'+' -f2 > Missing_IDs.txt
nprobe -H | grep NFv9 > Nprobe_Items.txt
for E in $(cat Missing_IDs.txt); do grep $E Nprobe_Items.txt ; done
rm Netflow_IDs.txt Nprobe_Items.txt Nprobe_IDs.txt Missing_IDs.txt