[netflow-tools] Flow time query
Robin Breathe
rbreathe at brookes.ac.uk
Mon Sep 26 17:57:30 EST 2005
Greetings,
I'm trying to work out whether flow-tools will allow me to retrieve (or
calculate) a second-accurate flow start-time in seconds since the UNIX
epoch.
If my understanding is correct, and refering to the NetFlow v9
specification along with store.h, AGENT_INFO contains time_sec &
time_nanosec, but these appear to always take the same value as
RECV_TIME.recv_sec. I want to calculate a flows start and stop times
relative to unix epoch rather than the devices uptime.
Would the following give me what I'm looking for?
actual_flows_start =
(AGENT_INFO.time_sec - 100*AGENT_INFO.sys_uptime_ms)
+ FLOW_TIMES.flows_start
Is there a more sane/sensible way?
On a semi-related note, I've locally patched flowd-reader to support
export to SQLite to facilitate further analysis. Would anyone else be
interested in my cleaning up my patches and submitting them?
Robin
--
Robin Breathe, Computer Services, Oxford Brookes University, Oxford, UK
rbreathe at brookes.ac.uk Tel: +44 1865 483685 Fax: +44 1865 483073
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/netflow-tools/attachments/20050926/9051bdd9/attachment.bin
More information about the netflow-tools
mailing list