API

Python frontend to the nfdump CLI

class pynfdump.nfdump.Dumper(datadir='/', profile='live', sources=None, remote_host=None)

get_profile_data(profile=None)

Return a dictionary of the nfsen profile data

list_profiles()

Return a list of the nfsen profiles

parse_search(out)

parse_stats(out, object_field)

search(query='', aggregate=None, statistics=None, statistics_order=None, limit=None)

Run nfdump with the following arguments

Parameters:

• query – The nfdump filter
• aggregate –

  (True OR comma sep string OR list) of

  • srcip - Source IP Address
  • dstip - Destination IP Address
  • srcport - Source Port
  • dstport - Destination Port
• statistics –

  Generate netflow statistics info, one of

  • srcip - Source IP Address
  • dstip - Destination IP Address
  • ip - Any IP Address
  • srcport - Source Port
  • dstport - Destination Port
  • port - Any Port
  • srcas - Source ASN
  • dstas - Destination ASN
  • as - Any ASN
  • inif - Incoming Interface
  • outif - Outgoing Interface
  • proto - Protocol
• statistics_order –

  one of

  • packets
  • bytes
  • flows
  • bps - Bytes Per Second
  • pps - Packers Per Second
  • bpp. - Bytes Per Packet
• limit – number of results

set_where(start=None, end=None, filename=None, dirfiles=None, stdin=False)

Set the timeframe of the nfdump query. Specify one of the following:

• The start date
• The start and end date
• one of the filename,dirfiles, or stdin options

Parameters:

• start – Start date and time
• end – Start date and time
• filename – Search this single filename
• dirfiles – Search this directory
• stdin – Search stdin

exception pynfdump.nfdump.NFDumpError

pynfdump.nfdump.date_to_fn(date)

pynfdump.nfdump.load_protocols()

pynfdump.nfdump.maybe_int(val)

pynfdump.nfdump.run(cmds)

pynfdump.nfdump.search_file(filename, query='', aggregate=None, statistics=None, statistics_order=None, limit=None)

Search a single nfcapd file

Parameters:

• filename – the file to search

The rest of the options are passed directly to Dumper.search()