[netflow-tools] mailing list suggestions
Heath Snoek
Heath at snookmz.com
Thu Jan 31 16:00:59 EST 2008
Hi list
I have been playing around with flowd over the last couple of days, so I
would firstly like to give my thanks and congratulations to all those
involved in the project (thanks Damien!). I wonder if I could be so
bold as to make a couple of observations/suggestions?
Because of the robots.txt file within the netflow-tools mailing list, it
appears that Google is respecting the 'Disallow' tag and not indexing
the mailing list archive. Being that there is no search function, and
no indexing from Google, it is difficult to search the list for
persistent problems/questions. My 'quick' work around:
wget -m -erobots=off http://lists.mindrot.org/pipermail/netflow-tools/
grep <query> *
Would it be worthwhile creating a FAQ, and removing indexing/adding a
search function, a wiki for tutorials etc?
Two questions that I need to find the answer to have been asked
previously, the first of the two has been asked twice already (not
including my post the other day):
The logsock error:
connect to logsock: No such file or directory
Discussed in:
http://lists.mindrot.org/pipermail/netflow-tools/2006-May/000198.html
http://lists.mindrot.org/pipermail/netflow-tools/2006-November/000242.html
and my question
http://lists.mindrot.org/pipermail/netflow-tools/2008-January/000355.html
And a further question, asked once previously:
http://lists.mindrot.org/pipermail/netflow-tools/2006-November/000244.html
I've run into some issues trying to work out some of the fields that
flowd is returning, specifically:
flow_start and flow_finish.
flow_start 4d10m5s.348 flow_finish 4d10m5s.272
Firstly, why is flow_start LATER than flow_finish, and what exactly is
that time format (*confused*)? I have been searching around and have
come up with a document from Cisco.com describing netflow version 9
datagram, which can be found here:
http://tinyurl.com/24jvyz
http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html
But it doesn't appear to describe flow_start or flow_finish, so perhaps
this is a flowd specific naming convention?
Cheers
Heath
More information about the netflow-tools
mailing list