[netflow-tools] Where can I find the Documentation of the perl API

Fri Sep 12 00:57:07 EST 2008

Thanks for your reply Jeff!

I am using perl for nearly everything, too.
But I don´t feel good by poking around in an API I don´t know.
(It feels like to scamp on a nuclear warhead to charge my cellphone. 
If the software crashes I am the on who get fired.)

(What I need to do is, reading the flowd files ans further aggregate the date.
Because we don´t want to drain to much computing power from ther routers to manage the netflow data.)

I found flowinsert.pl, by knowing only a bit about NetFlow, it should work with early versions like v5.
(The script is not documented, too.)
But using the dynamic template based formats introduced with netflow v9, I guess it is not
going to work. Is there somewhere an afford to read the template data of version 9 or is this done
automatically by the modul? 

Thanks,
Bo

Jeff Saxe <JSaxe at briworks.com> hat am 11. September 2008 um 15:53 geschrieben:

> Hello, Bo. I don't know if there is a documented Perl API as much as  
> you might think. The flowd program sits there and collects data into  
> a file; that's a completely independent program sitting around doing  
> just one thing. Then every once in a while, you can move aside the  
> flowd file being collected, tap flowd on the shoulder with a "USR1"  
> signal, and wait for a second or two for it to start a new file. Then  
> you can do whatever you like with that freshly-cut-off file.
> 
> If you want to read the data out in human form, you can use flowd- 
> reader at the command line, possibly augmented with text-based shell  
> tools like grep, sort, awk, uniq, etc. But if you want to parse the  
> data in some more sophisticated way and do some further analysis,  
> then you have the option to read the flowd binary log through either  
> Python or Perl. I personally have chosen Perl because I'm very  
> comfortable with it (my license plate says "PERL ROX"). So basically  
> you run the Makefile.PL process in the README under Flowd-perl, and  
> then you can write Perl programs with "use Flowd;" in them. Look at  
> the two examples under tools, flowinsert.pl (read lines from flowd,  
> lightly modify them, and construct INSERT statements to cram them  
> into SQL) and wormsuspects.pl (no SQL involved, just read out of  
> flowd log using Perl, construct in-RAM hash in Perl, then read the  
> hash and exit, forgetting the hash). Many other strategies are possible.
> 
> Good luck!
> 
> 
> -- Jeff Saxe, Network Engineer
> Blue Ridge InternetWorks, Charlottesville, VA
> CCIE # 9376
> 434-817-0707 ext. 2024 (work)  /  434-882-3508 (cell)  /   
> JSaxe at briworks.com
> 
> 
> 
> On Sep 11, 2008, at 3:31 AM, Deviloper wrote:
> 
> > Greetings to all the people on netflow-tools mailinglist!
> >
> > I realized that flowd has all the feature I need for my recent  
> > project,
> > apart from any documentation of the APIs.
> >
> > I searched through the package, but couldn´t find anything about  
> > the perl API.
> >
> > If anybody has at least a API-description or a
> > recent pod/manpage where the API and its methodes are descripted it  
> > would save my day.
> >
> > Thanks a lot,
> > Bo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20080911/6f0a1d32/attachment.html 