[netflow-tools] flowd + avici v9 flows problem
Damien Miller
djm at mindrot.org
Sun Aug 14 11:17:35 EST 2005
On Sun, 14 Aug 2005, Damien Miller wrote:
> This diff is not complete: it doesn't fully update the Perl and Python
> APIs (which I will probably rewrite to be faster) and, while it includes
> compaibility code to read logs from previous releases, this code isn't
> actually hooked in yet.
Here is a better diff. It also includes a "flowd-reader -L" mode that can
be used to convert old flow logs to the new format. E.g.
flowd-reader -Lo new.log old.log
FYI, one very nice side effect of the new format is, because it has no
per-log header, it makes logging to FIFO's and pipes much easier - no
patches or special modes should be required now.
The next release of flowd will probably add the ability to log to multiple
targets, including Unix domain sockets. E.g. you could put the following
in flowd.conf:
logfile "/var/log/netflow.log"
logfile "/var/run/stats.sock" socket datagram
and have a real-time summary process listening on /var/run/stats.sock
accepting the flows.
But the first priority now is updating the Perl and Python code...
-d
More information about the netflow-tools
mailing list