[netflow-tools] Flowd-0.9 Python Library Problem
Jesse Kempf
jkempf at davisvision.com
Mon Sep 17 06:52:39 EST 2007
Hi,
So I'm writing a small python program that massages duplicate flows out of a stream of NetFlow exports and allows one to redirect these flows to arbitrary locations.
I'm using softflowd on FreeBSD to monitor several links, and export in v9 format to a different FreeBSD machine.
I'm using the flowd python module to parse the netflow records. They come in on a UDP port, I pass them to flowd.Flow()...and that's where everything explodes.
Softflowd is set to export v9 flows.
Wireshark says these are v9 flows.
flowd.Flow() explodes with:
Traceback (most recent call last):
File "nfagro.py", line 105, in ?
main()
File "nfagro.py", line 84, in main
msg = NetflowRecord(msg)
File "nfagro.py", line 24, in __init__
self.nf = flowd.Flow(blob=msg)
ValueError: Unsupported version
And this is being pulled from (msg, sndaddr) = listensocket.recvfrom(10240).
When I look at the data in msg, too, the first two octets are 0x0009. So...could this be an endianness issue? Some other crazy thing?
Cheers,
-Jesse Kempf
------------------------------------------------------------------------
The information contained in this communication is intended
only for the use of the recipient(s) named above. It may
contain information that is privileged or confidential, and
may be protected by State and/or Federal Regulations. If
the reader of this message is not the intended recipient,
you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of
its contents, is strictly prohibited. If you have received
this communication in error, please return it to the sender
immediately and delete the original message and any copy
of it from your computer system. If you have any questions
concerning this message, please contact the sender.
------------------------------------------------------------------------
More information about the netflow-tools
mailing list