[netflow-tools] Thanks and request for flowd

Josef Fortier joe.fortier at simondelivers.com
Sat Jun 30 01:22:06 EST 2007

First, thanks for a solid and simple flow collector.

I've been running it for about 6 months, and it's been quite useful.

I'm sure my usage is somewhat out of kilter with some of the intended
functions. Here is what I've been doing

    1) I collect everything. I'm not sure what I'll need to look at, so
       this seems the best policy.

    2) I use flowd-reader to report. The perl interface indicates it's
       "just a thin wrapper" and I've not really looked at the Python
       interface. I've ended up with shell.

	The details
	    a)	I echo a filter list piped to flowd-reader with a -f flag
		to /dev/stdin. I wish there was a cleaner way to do
		ad-hoc filters.

	    b) I pipe the output to awk to select fields, and then sort
	       etc. to refine the output.


    1) Is there a better way to pipe ad-hoc filters to flowd-reader (or
       another API).

    2) Can tagging improve filtering. It appears that tagging is a way
       to create meta-information for reporting, but I keep wondering if
       I can use it to create positive additive filters ("find me all
       the http traffic, then find me the https")  rather then negative
       filters (discard work fine cumulatively).



Josef Fortier                             joe.fortier at simondelivers.com
Network Administrator                                    (763) 656-5650	

More information about the netflow-tools mailing list