[Flow-tools] Printing raw netflow v5
Glenn Hochberg
gah at research.att.com
Mon Apr 28 21:06:30 EDT 2008
On Apr 28, 2008, at 4:41 PM, jloiacon at csc.com wrote:
>
> Curious how the netflow data got stored in those files originally?
> I.e., what format are they in? ASCII?
>
> Netflow data arrives at a collector as a series of UDP packets with
> PDUs in the v5 format. A typical collector breaks apart the payload
> and stores it in some format.
>
> If it is ASCII (or cflowd), flow-import will be able to create flow-
> tools data from it.
>
> Joe
>
>
> Sorry--somehow left off the subject line. Here it is again.
>
> On Apr 28, 2008, at 3:17 PM, Glenn Hochberg wrote:
>
> > I have some raw netflow v5 data in some files. These are not flow-
> > tools format files--just raw netflow. Is it possible to feed these
> > into the flow-tools commands such as flow-print somehow?
> >
> > Thanks!
> >
> > -Glenn Hochberg
> >
Fair question (as to how they got stored in the files), but I don't
know the answer. There are collectors somewhere in another
organization that store what appears to be the raw PDUs in v5 format
(i.e. binary).
It appears to start with the Netflow V5 header, etc.
In that case is there a way to transform it to the flow-tools
format? Where is the flow-tools format described, for that matter,
if you know (or if anyone else on the list does)?
Thanks.
--Glenn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20080428/96c25016/attachment.htm
More information about the Flow-tools
mailing list