[netflow-tools] Flow time query
rbreathe at brookes.ac.uk
Mon Sep 26 17:57:30 EST 2005
I'm trying to work out whether flow-tools will allow me to retrieve (or
calculate) a second-accurate flow start-time in seconds since the UNIX
If my understanding is correct, and refering to the NetFlow v9
specification along with store.h, AGENT_INFO contains time_sec &
time_nanosec, but these appear to always take the same value as
RECV_TIME.recv_sec. I want to calculate a flows start and stop times
relative to unix epoch rather than the devices uptime.
Would the following give me what I'm looking for?
(AGENT_INFO.time_sec - 100*AGENT_INFO.sys_uptime_ms)
Is there a more sane/sensible way?
On a semi-related note, I've locally patched flowd-reader to support
export to SQLite to facilitate further analysis. Would anyone else be
interested in my cleaning up my patches and submitting them?
Robin Breathe, Computer Services, Oxford Brookes University, Oxford, UK
rbreathe at brookes.ac.uk Tel: +44 1865 483685 Fax: +44 1865 483073
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/netflow-tools/attachments/20050926/9051bdd9/attachment.bin
More information about the netflow-tools