[netflow-tools] Thanks and request for flowd
Damien Miller
djm at mindrot.org
Mon Jul 23 16:28:15 EST 2007
On Fri, 29 Jun 2007, Josef Fortier wrote:
> QUESTIONS/REQUESTS
>
> 1) Is there a better way to pipe ad-hoc filters to flowd-reader (or
> another API).
What sort of filters are you after? I wouldn't oppose allowing some basic
commandline switches to filter by source/destination address or port.
> 2) Can tagging improve filtering. It appears that tagging is a way
> to create meta-information for reporting, but I keep wondering if
> I can use it to create positive additive filters ("find me all
> the http traffic, then find me the https") rather then negative
> filters (discard work fine cumulatively).
Yes, there have been other requesting that too. I haven't been able to
figure out a syntax for flowd.conf that works well for additive/cumulative
tagging. The problem is that the filters are now "one match wins", but
cumulative tagging breaks that a little. Suggestions welcome!
-d
More information about the netflow-tools
mailing list