[Flow-tools] Re: flow-capture filter
Karen Durinyan
karen.durinyan at gmail.com
Mon Jan 21 05:31:07 EST 2008
Hi Everybody,
Sorry if the question is repleted but really I need a help, thanks.
Problem is that I want to filter traffic from and to some host.
The filter configuration is looking like:
cat /etc/flow-tools/cfg/filter.cfg
filter-primitive myhost
type ip-address
deny x.x.x.38
default permit
filter-definition drop_myhost
match ip-source-address myhost
or
match ip-destination-address myhost
and I start flow capture like this:
flow-capture -w /var/flow-tools -N 0 -e 1 -n 1439 -V5 -p
/var/run/flow-captur.pid -f /etc/flow-tools/cfg/filter.cfg -F
drop_myhost 0/y.y.y.1/8818 -R /etc/flow-tools/export.sh
but still I see host x.x.x.38 in flow :(
flow-cat `ls ft*` | flow-stat -f 10 -S 3 | grep x.x.x.38
x.x.x.38 216.155.193.146 1 288 4
x.x.x.38 80.85.129.25 1 152 2
x.x.x.38 89.208.43.72 1 152 2
Anything wrong in configuration?
And the flow-tools version is:
flow-tools version 0.68.1: built by stingray at palevo on Вск Июл 15
03:58:57 IST 2007
--
Bests,
Karen
More information about the Flow-tools
mailing list