[netflow-tools] C flowd log example
Damien Miller
djm at mindrot.org
Wed Jul 19 11:39:49 EST 2006
On Tue, 18 Jul 2006, Guyon Morée wrote:
> Hi all,
>
> I'm looking for a a simple example on how to read the flowd logfile,
> using the C header included. Als I notice 2 header files, store.h and
> store-v2.h.
>
> Which one should i use and how?
store.h is the one you should use for new applications. store-v2.h is
the legacy log format. It defines a couple of APIs that you can use
to read flows:
- A FILE* oriented API: store_read_flow() and store_write_flow().
This is probably the easiest to use, as stdio will take care of
buffering, etc. Note that these do not try to back out cleanly
when a write error occurs, so they are better suited to reading
than writing.
- A file-descriptor oriented API: store_get_flow() and store_put_flow().
These don't do any buffering, but they will back out a failed write.
- Direct serialisation and deserialisation of flow records to/from
memory buffers: store_flow_deserialise(), store_flow_serialise(),
store_flow_serialise_masked(), store_calc_flow_len(). You might want
to use these if you need to store binary flow records though something
other than a file descriptor or FILE*, such as sending or receiving
flow records over a Unix domain socket, passing them via shared memory
or storing them in a database.
Most of these functions take a error buffer (and length) in which they
store an error message on failure.
flowd-reader.c is a pretty good example of how to use the file-descriptor
API.
-d
More information about the netflow-tools
mailing list