[flow-tools] problems with expire

Michael Redinger Michael.Redinger@uibk.ac.at
Sun, 15 Dec 2002 19:09:36 +0100 (CET) 

Thanks again, Mark.
I now tried to use flow-capture's tagging. However, I am using -V 5.
Therefore I get an error when using -t ... -T ... :

flow-capture: -V not supported with tagging.

Am I correct that, when I don't specify -V ('cause I can't), some kind of 
version 5 output will be used? Found the following line in the 
flow-capture man page:
"1005 Flow-Tools tagged version 5"

Thanks,
Michael


On Sun, 15 Dec 2002, Mark Fullmer wrote:

> The default behavior of flow-capture is to compress the flow files.  On
> the other hand flow-tag and the other programs that are used in a pipeline
> have compression off by default.  Flow-capture is remembering the
> compressed file size, flow-tag is inflating them.
> 
> Use -z0 with flow-capture, or use the inline tagging feature and what
> you're doing should work.  The only downside of inline tagging right
> now us that flow-capture needs to be restarted to read new tags.  This
> will probably be fixed in 0.64.
> 
> mark
> 
> On Sun, Dec 15, 2002 at 03:39:59PM +0100, Michael Redinger wrote:
> > 
> > I found that flow-capture correctly cleans up its directory on startup.
> > But then it somehow stops.
> > 
> > Below you find how I run flow-capture. Maybe there's a problem with the 
> > rotate script and flow-capture doesn't like it that I tag the flow files
> > in the directory they were created in?
> > 
> > 
> > /usr/local/bin/flow-capture -S 5 -V 5 -E 8G -N 0 -n 95 -p  \
> > /var/run/flow-capture.pid -w /var/local/netflow/flow-capture/ \
> > -R /usr/local/sbin/capture-post 127.0.0.1/127.0.0.1/9801
> > 
> > 
> > rotate script:
> > /usr/local/bin/flow-tag -t /usr/local/netflow/var/cfg/xlates -TUIBK \
> > 	< $1 > ${1}.tmp && mv ${1}.tmp ${1}
> > /usr/local/bin/flow-report -s /usr/local/netflow/var/cfg/reports -Sall < $1
> > 
> > 
> > 
> > Michael
> > 
> > 
> > 
> > On Wed, 11 Dec 2002, Michael Redinger wrote:
> > 
> > > On Sun, 8 Dec 2002, Mark Fullmer wrote:
> > > 
> > > > Flow-capture needs to "own" its work directory.  Running flow-expire
> > > > in the same dir will cause the type of problem you ran into.
> > > > 
> > > > I'm not aware of any problems with flow-capture expiring files.
> > > > 
> > > > What does du -s -k /var/local/netflow/flow-capture show?
> > > 
> > > Currenty it's 10794608 (so approx. 10G). (One flow file is about 20 MB 
> > > here).
> > > 
> > > Michael
> > > 
> > > > On Sat, Dec 07, 2002 at 07:05:16PM +0100, Michael Redinger wrote:
> > > > > 
> > > > > Hello,
> > > > > 
> > > > > is there a bug in flow-capture that prevents it from expiring old flow 
> > > > > files? This doesn't work for me.
> > > > > 
> > > > > I also tried to run flow-expire directly, but that's even worse: it 
> > > > > deletes the temporary flow file (tmp-...). This even kills flow-capture then.
> > > > > 
> > > > > Here's how I run the two programs:
> > > > > 
> > > > > /usr/local/bin/flow-capture -S 5 -V 5 -E 8G -N 0 -n 95 -p \
> > > > > 	/var/run/flow-capture.pid -w /var/local/netflow/flow-capture/ \
> > > > > 	-R /usr/local/sbin/capture-post 127.0.0.1/127.0.0.1/9801
> > > > > 
> > > > > /usr/local/bin/flow-expire -E 8G -w /var/local/netflow/flow-capture/
> > > > > 
> > > > > 
> > > > > Thanks,
> > > > > 
> > > > > Michael
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > _______________________________________________
> > > > > flow-tools@splintered.net
> > > > > http://www.splintered.net/sw/flow-tools
> > > > 
> > > > _______________________________________________
> > > > flow-tools@splintered.net
> > > > http://www.splintered.net/sw/flow-tools
> > > > 
> > > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > flow-tools@splintered.net
> > > http://www.splintered.net/sw/flow-tools
> > > 
> > > 
> > 
> > 
> > _______________________________________________
> > flow-tools@splintered.net
> > http://www.splintered.net/sw/flow-tools
> 
>