[flow-tools] New flow-stat design

Horatio B. Bogbindero wyy@admu.edu.ph
Thu, 13 Jun 2002 08:59:04 +0800 

Surlignage Mark Fullmer <maf@splintered.net>:

> (I'm resending this, pair appears to be dropping mail yet again)
> 
> I'm working on a redesigned flow-stat.  New features:
> 
will the old flow-stat still be maintained at least for a few more releases?

>  o Multiple reports can be run at once.
> 
>  o Per report filters using the filter code in ftlib -- see
>    http://www.splintered.net/sw/flow-tools/docs/flow-nfilter.html
> 
haven't gotten around to check out the new filter code yet. but, this is
definitely a step in the right direction. i felt the old filter code to 
limited due to the use of arrays. 

>  o Integrated tagging -- see
>    http://www.splintered.net/sw/flow-tools/docs/flow-tag.html
> 
>  o No formatted output.  ASCII CSV and possibly RRD files.  Maybe
>    binary if the ASCII turns out to be too slow. Perl or Python scripts
>    can be used to format the output.  Percent total format will not be
>    truncated.
> 
just as a suggestion. how about an XML formatted output with its 
corresponding DTD for flow-tools. abiet slow and crufty, it could provide 
greater flexibility later on when XML catches on. just an idea. 

anyway, for those who need to use it immediately, HTML output is used very 
often. 

>  o Data scaling.
> 
beautiful no more tail -n something. hehehe.

> I'd like to hear any opinions and feature requests...
> 
> Example configuration
> 
> stat-report test1
> # report type
>  type src-ip-port
> # filter
>  filter test-filter
> # scale data
>  scale 100
> # sort on
>  sort octets
> # fields in output
>  fields flows,octets,packets,bandwidth
> # format of output
>  format ascii
> # report as % of total.
>  options percent-total
> # where to send it
>  file /flows/reports/test.%D
> 
> stat-report test2
>  type src-ip-addr
>  filter test-filter
>  scale 100
>  sort octets
>  fields flows,octets,packets,bandwidth
>  format ascii
>  options percent-total
>  file /flows/reports/test2.%D
> 
> stat-report test3
>  type src-tag
>  filter test-filter
>  tag-mask 0xFFFF0000
>  scale 100
>  sort octets
>  fields flows,octets,packets,bandwidth
>  format ascii
>  file /flows/reports/test3.%D
> 
> # run all these reports
> stat-definition foo
> # tag flows
>  tag tag-definition-name
> # pre-filter
>  filter filter-definition-name
>  report test1
>  report test2
>  report test3
> 

interesting and nice. good luck! just a question will this be out before 
version 1.0?

-------------------------------------------
William Emmanuel S. Yu
Ateneo Campus Network Group (AteneoCNG)
email  :  wyu at ateneo dot edu
web    :  http://CNG.ateneo.net/wyu/
phone  :  +63(2)4266001-4186
GPG    :  http://CNG.ateneo.net/wyu/wyy.pgp