I am using nfcapd to capture Netflow export packets. It has a -x option to call another program when a new flow output file is available. I want to call nfdump whenever a new file becomes available, so I run nfcapd like this:
#!/bin/bash
t="nfcapd -p 5566 -l /root/nfcapd_log/ -t 5 -x \"nfdump -r %d%f \""
echo $t
eval $t
which calls nfdump fine as I see its output on the screen.
I pass the path to the new file from nfcapd to the -r option in nfdump.
My problem is that I need pass fmt: %ts %te %td %pr %sa %da %sp %dp %ra %in %out %pkt %ipkt %opkt %ibyt %obyt %fl %dir %ismc %odmc %idmc %osmc as an argument to nfdump which is a string to tell it what type of flow information I want, so it needs to be in quotes. I have experimented with escaping the quotes but I am getting nowhere. This is my script so far:
#!/bin/bash
t1="nfcapd -p 5566 -l /root/nfcapd_log/ -t 5 -x \"nfdump -r %d%f -o \\\"fmt: %ts %te %td %pr %sa %da %sp %dp %ra %in %out %pkt %ipkt %opkt %ibyt %obyt %fl %dir %ismc %odmc %idmc %osmc\\\" \" "
echo $t1
eval $t1
But nfdump doesn't like the format as the help information is printed.
I am fairly new to bash so there might be a really simple solution. Any help would be much appreciated.
Thanks.
