netflow - Nfdump nfcapd 文件 - 二进制到 csv 文件的转换

Question

给定在 nfdump nfcapd.2017中生成的 nfcapd 文件，该文件采用默认二进制格式

如何使用 nfdump 以 csv 格式创建此文件的版本？

我尝试使用nfdump -r nfcapd.2017 -w newfile -o csv但这似乎不起作用

score 1 · Accepted Answer

该-w选项用于以二进制 nfdump 格式（或实际上是 nfcapd 格式）写入。只需将其省略即可以 CSV 格式输出：

nfdump -r nfcapd.2017 -o csv
ts,te,td,sa,da,sp,dp,pr,flg,fwd,stos,ipkt,ibyt,opkt,obyt,in,out,sas,das,smk,dmk,dtos,dir,nh,nhb, svln,dvln,ismc,odmc,idmc,osmc,mpls1,mpls2,mpls3,mpls4,mpls5,mpls6,mpls7,mpls8,mpls9,mpls10,cl,sl,al,ra,eng,exid,tr
2018-01-16 16:33:14,2018-01-16 16:33:14,0.003,192.168.2.204,224.0.0.251,5353,5353,UDP,......,0,0,2,691 ,0,0,0,0,0,0,0,0,0,0,0.0.0.0,0.0.0.0,0,0,00:00:00:00:00:00,00:00:00 :00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,0-0-0,0-0-0,0-0-0,0 -0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0, 0.000, 0.000, 0.000,0.0.0.0 ,0/0,1,1970-01-01 01:00:00.000
2018-01-16 16:33:14,2018-01-16 16:33:14,0.000,192.168.2.204,192.168.2.70,55925,50767,UDP,......,0,0,1,546 ,0,0,0,0,0,0,0,0,0,0,0.0.0.0,0.0.0.0,0,0,00:00:00:00:00:00,00:00:00 :00:00:00,00:00:00:00:00:00,00:00:00:00:00:00,0-0-0,0-0-0,0-0-0,0 -0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0,0-0-0, 0.000, 0.000, 0.000,0.0.0.0 ,0/0,1,1970-01-01 01:00:00.000
...

并重定向输出以获取 CSV 文件：

nfdump -r nfcapd.2017 -o csv > nfcapd.2017.csv

netflow - Nfdump nfcapd 文件 - 二进制到 csv 文件的转换

1 回答 1

Related

Reference