From onur at netlab.uky.edu Fri Jun 18 02:44:42 2010 From: onur at netlab.uky.edu (Onur) Date: Thu, 17 Jun 2010 12:44:42 -0400 Subject: [netflow-tools] Questions on Flowd Message-ID: <4C1A50FA.2050007@netlab.uky.edu> I am new to Flowd and would like to learn more on its features. I have a couple of questions and would really appreciate answers. 1) Does Flowd detect (e.g. using the flow sequence numbers) and report packets that were lost in transmission ? 2) Is it possible to configure Flowd to break the logdata and save it in multiple files based on either a file size limit or time durations? Thanks in advance, Onur From screw.badluck at seznam.cz Tue Jun 22 09:44:06 2010 From: screw.badluck at seznam.cz (screw.badluck at seznam.cz) Date: Tue, 22 Jun 2010 01:44:06 +0200 (CEST) Subject: [netflow-tools] Converting tcpdump log to NetFlow stats Message-ID: <295.158.348-23060-1530937073-1277163846@seznam.cz> Hi, is it possible to convert data logged with tcpdump -w to netflow statistic with proper timestamps using softflowd and flowd or does flowd mark data as "now"+ Thanks, badluck. From screw.badluck at seznam.cz Tue Jun 22 09:59:38 2010 From: screw.badluck at seznam.cz (screw.badluck at seznam.cz) Date: Tue, 22 Jun 2010 01:59:38 +0200 (CEST) Subject: [netflow-tools] Fwd: Converting tcpdump log to NetFlow stats Message-ID: <302.161.351-25189-194901797-1277164778@seznam.cz> Hi, is it possible to convert data logged with tcpdump -w to netflow statistic with proper timestamps using softflowd and flowd or does flowd mark data as "now"+ Thanks, badluck. From screw.badluck at seznam.cz Thu Jun 24 00:23:19 2010 From: screw.badluck at seznam.cz (screw.badluck at seznam.cz) Date: Wed, 23 Jun 2010 16:23:19 +0200 (CEST) Subject: [netflow-tools] Converting tcpdump log to NetFlow stats In-Reply-To: <295.158.348-23060-1530937073-1277163846@seznam.cz> Message-ID: <309.164.354-2419-280037430-1277302999@seznam.cz> > Hi, is it possible to convert data logged with tcpdump -w to netflow statistic > with proper timestamps using softflowd and flowd or does flowd mark data as > "now"+ > > Thanks, badluck. > > So, from what i've learned, it's not possible export flows that spans more than ~49 days because first/last switched are expressed in ms since boot on 32bits = max 4294967296ms ... ~49days. So even when i'd tried to fake boot time (in softflowd.c line 1876) i could still export data with correct timestamps only 49days into the future then i would need to restart export and compute new head (sys_uptime and unix_secs) and also first last for each flow. Or is there an easier way out? From jloiacon at csc.com Thu Jun 24 08:35:56 2010 From: jloiacon at csc.com (Joe Loiacono) Date: Wed, 23 Jun 2010 18:35:56 -0400 Subject: [netflow-tools] Converting tcpdump log to NetFlow stats In-Reply-To: <309.164.354-2419-280037430-1277302999@seznam.cz> References: <295.158.348-23060-1530937073-1277163846@seznam.cz> <309.164.354-2419-280037430-1277302999@seznam.cz> Message-ID: Did you check out 'ntop/nprobe'? http://www.ntop.org/ Joe |------------> | From: | |------------> >------------------------------------------------------------------------------------------------------------------------------------------| |screw.badluck at seznam.cz | >------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >------------------------------------------------------------------------------------------------------------------------------------------| |netflow-tools at mindrot.org | >------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >------------------------------------------------------------------------------------------------------------------------------------------| |06/23/2010 10:23 AM | >------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >------------------------------------------------------------------------------------------------------------------------------------------| |Re: [netflow-tools] Converting tcpdump log to NetFlow stats | >------------------------------------------------------------------------------------------------------------------------------------------| > Hi, is it possible to convert data logged with tcpdump -w to netflow statistic > with proper timestamps using softflowd and flowd or does flowd mark data as > "now"+ > > Thanks, badluck. > > So, from what i've learned, it's not possible export flows that spans more than ~49 days because first/last switched are expressed in ms since boot on 32bits = max 4294967296ms ... ~49days. So even when i'd tried to fake boot time (in softflowd.c line 1876) i could still export data with correct timestamps only 49days into the future then i would need to restart export and compute new head (sys_uptime and unix_secs) and also first last for each flow. Or is there an easier way out? _______________________________________________ netflow-tools mailing list netflow-tools at mindrot.org https://lists.mindrot.org/mailman/listinfo/netflow-tools