[flow-tools] Re: your mail
Mark Fullmer
maf@eng.oar.net
Fri, 10 May 2002 11:43:01 -0400
You can use flow-filter to filter on the IP address range or tag the
ranges with flow-tag. With this approach it's possible to include
spoofed traffic by mistake. If there is only one customer on the
interface polling the interface counters with SNMP may be a better
solution.
mark
On Wed, May 08, 2002 at 03:56:23PM +0200, Heiko Brey wrote:
> Hi,
>
> is there a way doing something like this with the flow-tools:
>
> Cust. has one interface on the catalyst (e.g. 61) and we want to account
> inbound AND outbound traffic for this interface.
>
> The problem is that the catalyst exports its data in version 7 and we aint
> got the source interface.
>
> If we do a "flow-cat /netflow | flow-stat -f 23" we get something like
> this:
>
> # Name: Input/Output Interface
> #
> # Args: /usr/local/netflow/bin/flow-stat -f 23
> #
> #
> # in out flows octets packets
> #
> 0 67 12381 86788421 149787
> 0 61 8347 11067577 72776
>
> This isn't enough to account both directions of traffic the user
> generates!
>
> Is there a solution for this avaliable?
>
> Thank you!
>
> Regards,
>
> Heiko