[flow-tools] flow-tag / flow-stat questions
Michael Redinger
Michael.Redinger@uibk.ac.at
Mon, 2 Dec 2002 11:03:51 +0100 (CET)
On Tue, 19 Nov 2002, Mark Fullmer wrote:
> > However, -f31 and -f32 do not work. Instead of the tag
> > (name), the decimal numbers are shown (1115214 and 1115213).
> > If I convert them to hex, they're really the same as in the
> > tags file (0x44d and 0x44e) plus the leading 0x11, but the
> > symbolic name is not displayed correctly.
>
> -f31 looks okay, f32 didn't have symbol lookups enabled. A patch
> below will fix this, but you should really look at flow-report, it
> has a lot more functionality and is easier for me to maintain.
I tried flow-report now. The result is the same: the decimal number is
shown, not the symbolic name.
This is the only part I'm still missing, the rest seems to work fine.
I could write a short python script that inserts the symbolic name. But I
think that should be done by flow-report, right?
Here's what I did:
##############################################################################
/usr/local/netflow/var/cfg/xlates (same as in previous mail):
tag-action UIBK_DST
type dst-prefix
match 10.1.19.64/26 set-dst 0x11044d
match 10.2.28.64/30 set-dst 0x11044d
...
tag-action UIBK_SRC
type src-prefix
match 10.1.19.64/26 set-src 0x11044d
match 10.2.28.64/30 set-src 0x11044d
...
tag-action OTHER_DST
type dst-prefix
match 0/0 set-dst 0x1
tag-action OTHER_SRC
type src-prefix
match 0/0 set-src 0x1
tag-action LOCAL_DST
type dst-prefix
match 10.0.0.0/16 set-dst 0x2
tag-action LOCAL_SRC
type src-prefix
match 10.0.0.0/16 set-src 0x2
tag-definition UIBK
term
action OTHER_DST
action LOCAL_DST
action UIBK_DST
term
action OTHER_SRC
action LOCAL_SRC
action UIBK_SRC
##############################################################################
/usr/local/netflow/var/sym/tag:
0x44d c101
0x44e c102
...
0x0001 ALL
0x0002 UIBK
##############################################################################
/usr/local/netflow/var/etc/reports:
include-tag /usr/local/netflow/var/cfg/xlates
stat-report net-tag
type source/destination-tag
output
tag-mask 0x0000FFFF 0x0000FFFF
format ascii
records 100
sort +octets
options +header
path /tmp/report-out
stat-definition tag
tag UIBK
report net-tag
##############################################################################
run:
flow-report -s /usr/local/netflow/var/etc/reports -Stag < flow-tagged
##############################################################################
result:
# --- ---- ---- Report Information --- --- ---
# build-version: flow-tools 0.62
# name: net-tag
# type: source/destination-tag
# options: +header
# sort_field: +octets
# fields:
+key1,+key2,+flows,+octets,+packets,+duration,+pps,+bps
# tag: UIBK
# records: 283
# records_shown: 100
# first-flow: 1038817725 Mon Dec 2 09:28:45 2002
# last-flow: 1038818566 Mon Dec 2 09:42:46 2002
# now: 1038823201 Mon Dec 2 11:00:01 2002
# recn: source-tag,destination-tag,flows,octets,packets,duration,bps,pps
1,1102,29149,440950700,521427,503495000,33780.368991,5.932206
1,2,14939,329932510,351114,418476000,15855.612611,2.652603
1,1,30253,173730313,373785,955908000,12007.041859,2.852454
1,1101,414,168398843,121825,3734000,57352.480939,8.757689
##############################################################################
Michael