From snellika at cisco.com Tue Jun 16 08:29:44 2009 From: snellika at cisco.com (Suraj Nellikar (snellika)) Date: Mon, 15 Jun 2009 18:29:44 -0400 Subject: [netflow-tools] Storing Interface Information in the flow Message-ID: Hi, I am using flowd as a netflow collector and when it captures the packets, I can see the in_if and out_if fields (interface indexes), but these are not seen in the logfile. How can I configure flowd such that I can store these fields along with the flow information(src_ip,dst_ip....). Thanks, Suraj.N -------------- next part -------------- An HTML attachment was scrubbed... URL: From JSaxe at briworks.com Tue Jun 16 10:55:24 2009 From: JSaxe at briworks.com (Jeff Saxe) Date: Mon, 15 Jun 2009 20:55:24 -0400 Subject: [netflow-tools] Storing Interface Information in the flow In-Reply-To: References: Message-ID: <39F27DC6-66C0-447F-BDBD-B76F3C3FB355@briworks.com> Yes, there is. The sample flowd.conf file distributed with the program, as a model for you to customize, lists several field titles which you can choose to uncomment and thereby store -- or you can take the brute approach and "store ALL", which might generate larger log files than you'd prefer. But although it may not be obvious from the Web site of the program, there is a man page installed with it when you install, so "man flowd.conf" will show you all the possible "store" statements. In particular, I believe the one you want is... store IF_INDICES Cheers! -- Jeff Saxe, Network Engineer Blue Ridge InternetWorks, Charlottesville, VA 434-817-0707 ext. 2024 / JSaxe at briworks.com On Jun 15, 2009, at 6:29 PM, Suraj Nellikar (snellika) wrote: > Hi, > I am using flowd as a netflow collector and when it captures the > packets, I can see the in_if and out_if fields (interface indexes), > but these are not seen in the logfile. How can I configure flowd > such that I can store these fields along with the flow > information(src_ip,dst_ip?.). > > Thanks, > Suraj.N > _______________________________________________ > netflow-tools mailing list > netflow-tools at mindrot.org > https://lists.mindrot.org/mailman/listinfo/netflow-tools -------------- next part -------------- An HTML attachment was scrubbed... URL: From snellika at cisco.com Tue Jun 16 11:28:49 2009 From: snellika at cisco.com (Suraj Nellikar (snellika)) Date: Mon, 15 Jun 2009 21:28:49 -0400 Subject: [netflow-tools] Storing Interface Information in the flow In-Reply-To: <39F27DC6-66C0-447F-BDBD-B76F3C3FB355@briworks.com> References: <39F27DC6-66C0-447F-BDBD-B76F3C3FB355@briworks.com> Message-ID: Thanks Jeff. I was doing that but it was not showing up when I used to read the logfile using flowd-reader. Then I saw the man page for flowd-reader and came to know that I have to use the '-v' option to show all the fields. By default, flowd-reader prints only a subset of the flow. Thanks for the information on man page. Suraj.N From: Jeff Saxe [mailto:JSaxe at briworks.com] Sent: Monday, June 15, 2009 5:55 PM To: Suraj Nellikar (snellika) Cc: netflow-tools at mindrot.org Subject: Re: [netflow-tools] Storing Interface Information in the flow Yes, there is. The sample flowd.conf file distributed with the program, as a model for you to customize, lists several field titles which you can choose to uncomment and thereby store -- or you can take the brute approach and "store ALL", which might generate larger log files than you'd prefer. But although it may not be obvious from the Web site of the program, there is a man page installed with it when you install, so "man flowd.conf" will show you all the possible "store" statements. In particular, I believe the one you want is... store IF_INDICES Cheers! -- Jeff Saxe, Network Engineer Blue Ridge InternetWorks, Charlottesville, VA 434-817-0707 ext. 2024 / JSaxe at briworks.com On Jun 15, 2009, at 6:29 PM, Suraj Nellikar (snellika) wrote: Hi, I am using flowd as a netflow collector and when it captures the packets, I can see the in_if and out_if fields (interface indexes), but these are not seen in the logfile. How can I configure flowd such that I can store these fields along with the flow information(src_ip,dst_ip....). Thanks, Suraj.N _______________________________________________ netflow-tools mailing list netflow-tools at mindrot.org https://lists.mindrot.org/mailman/listinfo/netflow-tools -------------- next part -------------- An HTML attachment was scrubbed... URL: From snellika at cisco.com Tue Jun 16 11:26:34 2009 From: snellika at cisco.com (Suraj Nellikar (snellika)) Date: Mon, 15 Jun 2009 21:26:34 -0400 Subject: [netflow-tools] flowinsert.pl tool gives an error Message-ID: Hi, I am trying to store the binary flows from logfile into a sqlite DB. When I run "./flowinsert.pl ../logfile" command, it gives the following error:- DBD::SQLite::db do failed: file is encrypted or is not a database at ./flowinsert.pl If I am right, we have to pass the logfile (which has the flows in binary format) into flowinsert.pl and it will store it in the DB, right? Could you let me know why there is this error? Thanks, Suraj.N -------------- next part -------------- An HTML attachment was scrubbed... URL: From snellika at cisco.com Wed Jun 17 08:34:22 2009 From: snellika at cisco.com (Suraj Nellikar (snellika)) Date: Tue, 16 Jun 2009 18:34:22 -0400 Subject: [netflow-tools] Collector does not aggregate single flows Message-ID: Hi, When I observe the logs at the flowd collector collecting netflow v9 packets, I see that it is not aggregating the packets coming from the same flow. Instead it is just storing it separately. Is there any way to aggregate the packets into a single flow? Thanks, Suraj.N -------------- next part -------------- An HTML attachment was scrubbed... URL: From raphaelruiz at gmail.com Thu Jun 18 01:38:30 2009 From: raphaelruiz at gmail.com (Raphael Ruiz) Date: Wed, 17 Jun 2009 12:38:30 -0300 Subject: [netflow-tools] Graphs and trafic Message-ID: <1a6f1ce60906170838l56ba66c0x9d99659c33c16af6@mail.gmail.com> Hi I use nfsen nfdump and softflowd. The flows are captured in the eth0, with receive all traffic from mirror port of the switch Gbit Ethernet. I have two questions: 1- I have observed what the graphs older than one month, are modified in the design and would lost details of the informations. 2- The information related the Trafic, don't have matching with the information obtained in Cacti. Thanks Raphael Ruiz Universidade Federal Fluminense Niter?i- Rio de Janeiro - Brasil