[netflow-tools] Thanks and request for flowd
joe.fortier at simondelivers.com
Sat Jun 30 01:22:06 EST 2007
First, thanks for a solid and simple flow collector.
I've been running it for about 6 months, and it's been quite useful.
I'm sure my usage is somewhat out of kilter with some of the intended
functions. Here is what I've been doing
1) I collect everything. I'm not sure what I'll need to look at, so
this seems the best policy.
2) I use flowd-reader to report. The perl interface indicates it's
"just a thin wrapper" and I've not really looked at the Python
interface. I've ended up with shell.
a) I echo a filter list piped to flowd-reader with a -f flag
to /dev/stdin. I wish there was a cleaner way to do
b) I pipe the output to awk to select fields, and then sort
etc. to refine the output.
1) Is there a better way to pipe ad-hoc filters to flowd-reader (or
2) Can tagging improve filtering. It appears that tagging is a way
to create meta-information for reporting, but I keep wondering if
I can use it to create positive additive filters ("find me all
the http traffic, then find me the https") rather then negative
filters (discard work fine cumulatively).
Josef Fortier joe.fortier at simondelivers.com
Network Administrator (763) 656-5650
More information about the netflow-tools