[flow-tools] problem: src as is 0
Annie Tong
annie.tong@wcom.com
Tue, 16 Apr 2002 09:46:34 -0700
Hi Olav,
From the flow-tool doc under the section flow-capture, it stated that
the Cisco's Netflow exports represent the local AS as 0 instead of the
real value. To replace the 0, you can use the option -A
AS0_substitution when using flow-capture. It'll replace the 0 with your
configured AS0_substitution. However, it also stated that under certain
configurations, AS 0 represents a cache miss or non forwarded traffic,
so we've to use the option with caution.
Annie Tong
MAE Engineering
MCI WorldCom
Olav Langeland wrote:
>I am new to flowtools, and installed 0.57 on a FreeBSD 4.5 machine. Our
>setup is 2 Cisco 7206 with 2 ISP hooked up, our own AS. Exporting flows
>from just 1 router now, and looks good, exporting, collecting, saving. I
>want to use it for billing and general network statistics. Exporting
>netflow v5.
>
>When I try to extract some AS information I get this:
>--cut--
>$flow-cat -p ft-v05.2002-04-13.* | flow-stat -f19 -P -p -S4 | less
># src AS flows octets packets
>#
>0 44.659 86.779 52.008
>3320 8.773 2.330 8.029
>5430 0.960 0.195 0.975
>etc.
>--cut--
>
>This seemed to work when I tested the Cisco Netflow software. Any help
>appreciated, I didnt find any other posts about this when I skimmed
>through the mailinglist archive (probably hidden somewhere).
>
>thanks,
>Olav Langeland
>
>_______________________________________________
>flow-tools@splintered.net
>http://www.splintered.net/sw/flow-tools
>