[netflow-tools] Where can I find the Documentation of the perl API
Deviloper
deviloper at slived.net
Fri Sep 12 00:57:07 EST 2008
Thanks for your reply Jeff!
I am using perl for nearly everything, too.
But I don´t feel good by poking around in an API I don´t know.
(It feels like to scamp on a nuclear warhead to charge my cellphone.
If the software crashes I am the on who get fired.)
(What I need to do is, reading the flowd files ans further aggregate the date.
Because we don´t want to drain to much computing power from ther routers to manage the netflow data.)
I found flowinsert.pl, by knowing only a bit about NetFlow, it should work with early versions like v5.
(The script is not documented, too.)
But using the dynamic template based formats introduced with netflow v9, I guess it is not
going to work. Is there somewhere an afford to read the template data of version 9 or is this done
automatically by the modul?
Thanks,
Bo
Jeff Saxe <JSaxe at briworks.com> hat am 11. September 2008 um 15:53 geschrieben:
> Hello, Bo. I don't know if there is a documented Perl API as much as
> you might think. The flowd program sits there and collects data into
> a file; that's a completely independent program sitting around doing
> just one thing. Then every once in a while, you can move aside the
> flowd file being collected, tap flowd on the shoulder with a "USR1"
> signal, and wait for a second or two for it to start a new file. Then
> you can do whatever you like with that freshly-cut-off file.
>
> If you want to read the data out in human form, you can use flowd-
> reader at the command line, possibly augmented with text-based shell
> tools like grep, sort, awk, uniq, etc. But if you want to parse the
> data in some more sophisticated way and do some further analysis,
> then you have the option to read the flowd binary log through either
> Python or Perl. I personally have chosen Perl because I'm very
> comfortable with it (my license plate says "PERL ROX"). So basically
> you run the Makefile.PL process in the README under Flowd-perl, and
> then you can write Perl programs with "use Flowd;" in them. Look at
> the two examples under tools, flowinsert.pl (read lines from flowd,
> lightly modify them, and construct INSERT statements to cram them
> into SQL) and wormsuspects.pl (no SQL involved, just read out of
> flowd log using Perl, construct in-RAM hash in Perl, then read the
> hash and exit, forgetting the hash). Many other strategies are possible.
>
> Good luck!
>
>
> -- Jeff Saxe, Network Engineer
> Blue Ridge InternetWorks, Charlottesville, VA
> CCIE # 9376
> 434-817-0707 ext. 2024 (work) / 434-882-3508 (cell) /
> JSaxe at briworks.com
>
>
>
> On Sep 11, 2008, at 3:31 AM, Deviloper wrote:
>
> > Greetings to all the people on netflow-tools mailinglist!
> >
> > I realized that flowd has all the feature I need for my recent
> > project,
> > apart from any documentation of the APIs.
> >
> > I searched through the package, but couldn´t find anything about
> > the perl API.
> >
> > If anybody has at least a API-description or a
> > recent pod/manpage where the API and its methodes are descripted it
> > would save my day.
> >
> > Thanks a lot,
> > Bo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20080911/6f0a1d32/attachment.html
More information about the netflow-tools
mailing list