Can I delete some fields from the flow record? #565
-
|
Hello! I want to split nfcapd files into several by protocol In one UDP, in the other TCP After that, simply delete the protocol information from the records The premise is to save space How to make the first one clear, is it possible to make the second one through nfdump? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
You can filter the flow files and store the filtered data in a new file:
You cannot remove single fields as it does not really save space. You's rather compress the files with bzip2 as shown above. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks) |
Beta Was this translation helpful? Give feedback.
You can filter the flow files and store the filtered data in a new file:
nfdump -r nfcapd.2024.... -w protoTCP.nfd -z=bz2 'proto tcp'You cannot remove single fields as it does not really save space. You's rather compress the files with bzip2 as shown above.