Antwort: Re: [flow-tools] -f -F Support on flow-receive and flow-capture

Mark Fullmer maf@eng.oar.net
Mon, 9 Dec 2002 13:31:15 -0500 

The filter definition needs to reference a source or destination address,
for example.

filter-definition DIAL
  match source-ip-address TEST

I'm not sure about
  flow-receive: open(/usr/local/netflow/var/sym/tag): No such file or directory.

The only way that would happen is if you're using the tagging option in
flow-receive, or you're not running 0.62.

mark

On Mon, Dec 09, 2002 at 06:56:02PM +0100, Ahmet.Balamir@berlikomm.net wrote:
> 
> Hi Mark.
> 
> Thanks
> 
> I just installed the version 0.62 on Red hat.
> 
> I simple wanted to test the -f -F flag on flow-receive.
> 
> I created a filter (the default filter) with the following content
> 
> 
> 
> 
> filter-primitive TEST
>    type ip-address-prefix
>    permit 217.9.41.0/27
> filter-definition DIAL
>      match ip-address TEST
> 
> in the direcrtory /usr/local/netflow/var/cfg.
> 
> I tested the following
> #
> flow-receive -F DIAL 0/0/2055 | flow-print
> 
> I got following errors
> flow-receive: open(/usr/local/netflow/var/sym/tag): No such file or
> directory
> flow-receive: Unknown match criteria "ip-address" in filter-definition
> "DIAL".
> flow-receive: resolve_primitives(): failed
> flow-receive: ftfil_load(/usr/local/netflow/var/cfg/filter): failed
> flow-print: ftiheader_read(): Warning, short read while loading header top.
> flow-print: ftiheader_read(): failed
> flow-print: ftio_init(): failed
> 
> What happens here. Is something wrong on the filter syntax or somethig
> corrupted in the install ?.
> 
> Thanks
> 
> Best regards
> 
> 
> 
>  ________________________________________________________________________
> BerliKomm Telekommunikationsgesellschaft mbH
> 
>                     Ahmet Balamir
> 
> 
>                     Phone:         +49 30 8188 9821
> Ludwig-Erhard-Haus       Fax:
> Fasanenstraße 85         CellPhone:      +49 163 818 9821
> 10623 Berlin             eMail:          Ahmed.Balamir@berlikomm.net
> Germany             WWW:           http://www.berlikomm.net
> ________________________________________________________________________
> 
> 
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools