[netflow-tools] Thanks and request for flowd
Josef Fortier
joe.fortier at simondelivers.com
Sat Jun 30 01:22:06 EST 2007
First, thanks for a solid and simple flow collector.
I've been running it for about 6 months, and it's been quite useful.
I'm sure my usage is somewhat out of kilter with some of the intended
functions. Here is what I've been doing
1) I collect everything. I'm not sure what I'll need to look at, so
this seems the best policy.
2) I use flowd-reader to report. The perl interface indicates it's
"just a thin wrapper" and I've not really looked at the Python
interface. I've ended up with shell.
The details
a) I echo a filter list piped to flowd-reader with a -f flag
to /dev/stdin. I wish there was a cleaner way to do
ad-hoc filters.
b) I pipe the output to awk to select fields, and then sort
etc. to refine the output.
QUESTIONS/REQUESTS
1) Is there a better way to pipe ad-hoc filters to flowd-reader (or
another API).
2) Can tagging improve filtering. It appears that tagging is a way
to create meta-information for reporting, but I keep wondering if
I can use it to create positive additive filters ("find me all
the http traffic, then find me the https") rather then negative
filters (discard work fine cumulatively).
Joe
--
_______________________________________________________________________
Josef Fortier joe.fortier at simondelivers.com
Network Administrator (763) 656-5650
_______________________________________________________________________
More information about the netflow-tools
mailing list