[Flow-tools] flowscan do not generate anything
Gustavo Rodrigues Ramos
gustavo at acmesecurity.org
Fri Nov 19 08:52:04 EST 2004
Hi,
jing shen wrote:
> Hi £¬
>
> I collect about 4GB netflow data from a Juniper router. I want to
> do post processing with flowscan.
>
> When using flow-print, it shows the file contain many records
> on traffic of that router.
It sounds good... :)
> "ERROR updating /home/sj/bin/flowscan/reports/rrds/service_nntp_src.rrd:
> illegal attempt to update using time 1100759797 when last update time
> is 1100770678 (minimum one second step) "
>
> If I copy files one by one to processing directory, and flowscan
> manually. It shows:
>
> "2004/11/19 21:12:06 working on file /home/sj/bin/flowscan/ft/ft-v05.2004-11-19.000001+0800...
> /home/sj/bin/flowscan/ft/ft-v05.2004-11-19.000001+0800: Invalid index in cflowd flow file:
> 0xCF100103! Version 5 flow-export is required with *all* fields being saved.
> 2004/11/19 21:12:06 flowscan-1.020 CUFlow: Cflow::find took 0 wallclock secs ( 0.00 usr + 0.00 sys = 0.00 CPU) for 91155237 flow file bytes, flow hit ratio: 0/0
> 2004/11/19 21:12:06 flowscan-1.020 CUFlow: report took 0 wallclock secs ( 0.00 usr + 0.01 sys = 0.01 CPU)
> sleep 30... "
>
>
> why?
>
Well, you need to recompile the Cflow module. It's under contrib
directory of flow-tools source code (it's not necessary to re-compile
flow-tools..).
Please, have a look:
https://www1.columbia.edu/sec/bboard/mj/cuflow-users/archive/2003_12/msg00006.html
Bye,
--
Gustavo Rodrigues Ramos
ACME! Computer Security Researcher
gustavo @ acmesecurity . org
More information about the Flow-tools
mailing list