[netflow-tools] Flowd-0.9 Python Library Problem

Damien Miller djm at mindrot.org
Mon Sep 17 16:18:44 EST 2007



On Sun, 16 Sep 2007, Jesse Kempf wrote:

> Hi,
> So I'm writing a small python program that massages duplicate flows
> out of a stream of NetFlow exports and allows one to redirect these
> flows to arbitrary locations. I'm using softflowd on FreeBSD to
> monitor several links, and export in v9 format to a different FreeBSD
> machine. I'm using the flowd python module to parse the netflow
> records. They come in on a UDP port, I pass them to flowd.Flow()...and
> that's where everything explodes.
>
> Softflowd is set to export v9 flows.
> Wireshark says these are v9 flows.
> flowd.Flow() explodes with:
> Traceback (most recent call last):
>   File "nfagro.py", line 105, in ?
>     main()
>   File "nfagro.py", line 84, in main
>     msg = NetflowRecord(msg)
>   File "nfagro.py", line 24, in __init__
>     self.nf = flowd.Flow(blob=msg)
> ValueError: Unsupported version
>
> And this is being pulled from (msg, sndaddr) =
> listensocket.recvfrom(10240). When I look at the data in msg, too, the
> first two octets are 0x0009. So...could this be an endianness issue?
> Some other crazy thing?

Are you trying to parse netflow records directly with the flowd Python
module? That won't work - the Python module is to read logs written by
flowd. flowd writes its own NetFlow version independant log format.

I agree that a making a lightweight NetFlow parser library out of flowd's
guts would be a good thing though :)

-d


More information about the netflow-tools mailing list