[flow-tools] flow-import problems
Mark Fullmer
maf@eng.oar.net
Wed, 4 Dec 2002 11:08:43 -0500
flow-import will only read the cflowd raw format. Unfortunately there's
no magic number so it's easy to unknowingly feed it other data.
Look at flow-fanout to replicate the data feed instead.
mark
On Wed, Dec 04, 2002 at 01:29:56PM +0300, Alexander Serkin wrote:
> Hello,
> Can anybody help me to understand flow-import?
> I'm collecting flow by cflowd with the following
> configuration:
>
> CISCOEXPORTER {
> HOST: x.x.x.x
> ADDRESSES: { x.x.x.x }
> CFDATAPORT: 2055
> SNMPCOMM: 'public'
> LOCALAS: MYASNUM
> COLLECT: { netmatrix, ifmatrix, portmatrix, asmatrix
> }
> }
>
> The artsnets utility produces valid information.
> But after doing
>
> flow-import -V5 -f0 < arts.YYYYMMDD > ft-YYYYMMDD
>
> the command
>
> flow-cat ft-YYYYMMDD | flow-stat -f10 -S3
>
> gives some absolutely fantastic data far from
> real src/dst IP addresses.
>
> SY,
> --
> Alexander
>
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools