alan at three6five
Apr 19, 2012, 2:36 AM
Views: 157
Permalink
|
|
nprobe help with AS and City
|
|
Hi Guys
I was wondering if someone could help.
I have installed nprobe v6.9.3_032312_pro, with fastbit 1.3.0 on ubunutu Linux 11.04
My question is around the collection of AS and city or country src and dst data.
I have started nprobe with the --as-list --city-list pointing to the corresponding Geo dat files.
I have also addd the -T option with these options "%SRC_IP_COUNTRY %SRC_IP_CITY %DST_IP_COUNTRY %DST_IP_CITY %SRC_AS_PATH_1 %SRC_AS %DST_AS"
The problem is that I never see that data in my fastbit database
--snip--
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 APPL_LATENCY_SEC
-rw-rw-r-- 1 iris iris 496393 2012-04-19 11:15 DIRECTION
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 DST_AS
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 EXPORTER_IPV4_ADDRESS
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 FIRST_SWITCHED
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IN_BYTES
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IN_PKTS
-rw-rw-r-- 1 iris iris 992786 2012-04-19 11:15 INPUT_SNMP
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IPV4_DST_ADDR
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 IPV4_SRC_ADDR
-rw-rw-r-- 1 iris iris 992786 2012-04-19 11:15 L4_DST_PORT
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_DST_PORT_MAP_3
-rw-rw-r-- 1 iris iris 992786 2012-04-19 11:15 L4_SRC_PORT
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L4_SRC_PORT_MAP_3
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 L7_PROTO_NAME_3
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 LAST_SWITCHED
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 MPLS_LABEL_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 OUT_BYTES
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 OUT_PKTS
-rw-rw-r-- 1 iris iris 992786 2012-04-19 11:15 OUTPUT_SNMP
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PACKET_VARIANCE
-rw-rw-rw- 1 iris iris 4260 2012-04-19 11:15 -part.txt
-rw-rw-r-- 1 iris iris 496393 2012-04-19 11:15 PROTOCOL
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_0
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_1
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_2
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 PROTOCOL_MAP_3
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 SAMPLING_INTERVAL
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 SERVER_NW_DELAY_SEC
-rw-rw-r-- 1 iris iris 1985572 2012-04-19 11:15 SRC_AS
-rw-rw-r-- 1 iris iris 496393 2012-04-19 11:15 TCP_FLAGS
--snip--
Also while typing this mail I did notice that the byte count on the above looks incorrect (same size files)? or am I missing something there.
I also noticed that when I run a fbquery against this data I get an usual result.
--snip--
~/nprobe_6.9.3_032312_pro/fastbit/fbquery -d . -c "sum(IN_BYTES),SRC_AS,DST_AS" -L 10
_0,SRC_AS
672665372,0
2840,0
64,0
3764413,0
17668,0
56,0
160,0
2952,0
24052,0
1420,0
--snip--
So the header is _0,SRC_AS should it now be "sum1,SRC_AS,DST_AS"? and I'm missing a column, it happens whenever I call a sum().
Thats for any suggests in this regard.
regards
--
Alan Kemp
email: alan [at] three6five
mobile: +27 83 257 5970
three6five
|
nprobe help with AS and City