[netflow-tools] relaying of flows to unix domain socket
Damien Miller
djm at mindrot.org
Thu Aug 25 08:14:51 EST 2005
Hi,
Tonight's flowd snapshot (20050825+) will have another useful feature
in it: relaying of flows (in flowd's storage format) to a local Unix
domain socket in real time. Just specify "logsock" instead of, or in
addition to the current "logfile" parameter in flowd, with a path to
the socket. E.g.
logsock "/var/log/flowd.logsock"
This allows you to build lightweight monitor applications that do their
thing in realtime. I will probably write something to update rrd
databases with basic stats for the next release, but the new Python API
makes this mode really able to use. The following Python program is a
minimal client for this mode in 10 lines of code.
This feature is still considered experimental for this release, until
it receives more widespread testing and feedback.
Enjoy,
Damien Miller
------------ testlogsock.py
#!/usr/bin/env python
import socket
import flowd
s = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
s.bind("/var/log/flowd.logsock")
while 1:
flowrec = s.recv(1024)
flow = flowd.Flow(blob = flowrec)
print flow.format(flowd.DISPLAY_ALL)
------------
More information about the netflow-tools
mailing list