[flow-tools] flow-tag / flow-stat questions (fwd)
Mark Fullmer
maf@eng.oar.net
Tue, 3 Dec 2002 12:56:44 -0500
Add names to the options line, ie
options +header,+names
^^^^^^^^^
The ISP where the flow-tools list currently resides loses mail, I'm
working on getting it moved.
mark
On Tue, Dec 03, 2002 at 11:02:14AM +0100, Michael Redinger wrote:
>
> (Hm, somehow my first message didn't make. Resending ...)
>
> ---------- Forwarded message ----------
>
> On Tue, 19 Nov 2002, Mark Fullmer wrote:
>
> > > However, -f31 and -f32 do not work. Instead of the tag
> > > (name), the decimal numbers are shown (1115214 and 1115213).
> > > If I convert them to hex, they're really the same as in the
> > > tags file (0x44d and 0x44e) plus the leading 0x11, but the
> > > symbolic name is not displayed correctly.
> >
> > -f31 looks okay, f32 didn't have symbol lookups enabled. A patch
> > below will fix this, but you should really look at flow-report, it
> > has a lot more functionality and is easier for me to maintain.
>
>
> I tried flow-report now. The result is the same: the decimal number is
> shown, not the symbolic name.
> This is the only part I'm still missing, the rest seems to work fine.
> I could write a short python script that inserts the symbolic name. But I
> think that should be done by flow-report, right?
>
> Here's what I did:
>
>
>
> ##############################################################################
> /usr/local/netflow/var/cfg/xlates (same as in previous mail):
> tag-action UIBK_DST
> type dst-prefix
> match 10.1.19.64/26 set-dst 0x11044d
> match 10.2.28.64/30 set-dst 0x11044d
> ...
> tag-action UIBK_SRC
> type src-prefix
> match 10.1.19.64/26 set-src 0x11044d
> match 10.2.28.64/30 set-src 0x11044d
> ...
> tag-action OTHER_DST
> type dst-prefix
> match 0/0 set-dst 0x1
> tag-action OTHER_SRC
> type src-prefix
> match 0/0 set-src 0x1
> tag-action LOCAL_DST
> type dst-prefix
> match 10.0.0.0/16 set-dst 0x2
> tag-action LOCAL_SRC
> type src-prefix
> match 10.0.0.0/16 set-src 0x2
> tag-definition UIBK
> term
> action OTHER_DST
> action LOCAL_DST
> action UIBK_DST
> term
> action OTHER_SRC
> action LOCAL_SRC
> action UIBK_SRC
>
> ##############################################################################
> /usr/local/netflow/var/sym/tag:
> 0x44d c101
> 0x44e c102
> ...
> 0x0001 ALL
> 0x0002 UIBK
>
>
> ##############################################################################
> /usr/local/netflow/var/etc/reports:
>
> include-tag /usr/local/netflow/var/cfg/xlates
> stat-report net-tag
> type source/destination-tag
> output
> tag-mask 0x0000FFFF 0x0000FFFF
> format ascii
> records 100
> sort +octets
> options +header
> path /tmp/report-out
> stat-definition tag
> tag UIBK
> report net-tag
>
>
> ##############################################################################
> run:
> flow-report -s /usr/local/netflow/var/etc/reports -Stag < flow-tagged
>
>
> ##############################################################################
> result:
> # --- ---- ---- Report Information --- --- ---
> # build-version: flow-tools 0.62
> # name: net-tag
> # type: source/destination-tag
> # options: +header
> # sort_field: +octets
> # fields:
> +key1,+key2,+flows,+octets,+packets,+duration,+pps,+bps
> # tag: UIBK
> # records: 283
> # records_shown: 100
> # first-flow: 1038817725 Mon Dec 2 09:28:45 2002
> # last-flow: 1038818566 Mon Dec 2 09:42:46 2002
> # now: 1038823201 Mon Dec 2 11:00:01 2002
> # recn: source-tag,destination-tag,flows,octets,packets,duration,bps,pps
> 1,1102,29149,440950700,521427,503495000,33780.368991,5.932206
> 1,2,14939,329932510,351114,418476000,15855.612611,2.652603
> 1,1,30253,173730313,373785,955908000,12007.041859,2.852454
> 1,1101,414,168398843,121825,3734000,57352.480939,8.757689
>
> ##############################################################################
>
> Michael
>
>
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools