[flow-tools] New flow-stat design
Mark Fullmer
maf@splintered.net
Wed, 12 Jun 2002 15:26:41 -0400
(I'm resending this, pair appears to be dropping mail yet again)
I'm working on a redesigned flow-stat. New features:
o Multiple reports can be run at once.
o Per report filters using the filter code in ftlib -- see
http://www.splintered.net/sw/flow-tools/docs/flow-nfilter.html
o Integrated tagging -- see
http://www.splintered.net/sw/flow-tools/docs/flow-tag.html
o No formatted output. ASCII CSV and possibly RRD files. Maybe
binary if the ASCII turns out to be too slow. Perl or Python scripts
can be used to format the output. Percent total format will not be
truncated.
o Data scaling.
I'd like to hear any opinions and feature requests...
Example configuration
stat-report test1
# report type
type src-ip-port
# filter
filter test-filter
# scale data
scale 100
# sort on
sort octets
# fields in output
fields flows,octets,packets,bandwidth
# format of output
format ascii
# report as % of total.
options percent-total
# where to send it
file /flows/reports/test.%D
stat-report test2
type src-ip-addr
filter test-filter
scale 100
sort octets
fields flows,octets,packets,bandwidth
format ascii
options percent-total
file /flows/reports/test2.%D
stat-report test3
type src-tag
filter test-filter
tag-mask 0xFFFF0000
scale 100
sort octets
fields flows,octets,packets,bandwidth
format ascii
file /flows/reports/test3.%D
# run all these reports
stat-definition foo
# tag flows
tag tag-definition-name
# pre-filter
filter filter-definition-name
report test1
report test2
report test3
mark