[netflow-tools] Flowd-0.9 Python Library Problem
djm at mindrot.org
Mon Sep 17 16:18:44 EST 2007
On Sun, 16 Sep 2007, Jesse Kempf wrote:
> So I'm writing a small python program that massages duplicate flows
> out of a stream of NetFlow exports and allows one to redirect these
> flows to arbitrary locations. I'm using softflowd on FreeBSD to
> monitor several links, and export in v9 format to a different FreeBSD
> machine. I'm using the flowd python module to parse the netflow
> records. They come in on a UDP port, I pass them to flowd.Flow()...and
> that's where everything explodes.
> Softflowd is set to export v9 flows.
> Wireshark says these are v9 flows.
> flowd.Flow() explodes with:
> Traceback (most recent call last):
> File "nfagro.py", line 105, in ?
> File "nfagro.py", line 84, in main
> msg = NetflowRecord(msg)
> File "nfagro.py", line 24, in __init__
> self.nf = flowd.Flow(blob=msg)
> ValueError: Unsupported version
> And this is being pulled from (msg, sndaddr) =
> listensocket.recvfrom(10240). When I look at the data in msg, too, the
> first two octets are 0x0009. So...could this be an endianness issue?
> Some other crazy thing?
Are you trying to parse netflow records directly with the flowd Python
module? That won't work - the Python module is to read logs written by
flowd. flowd writes its own NetFlow version independant log format.
I agree that a making a lightweight NetFlow parser library out of flowd's
guts would be a good thing though :)
More information about the netflow-tools