[Flow-tools] More details about flow-export

Baptiste Lacroix Baptiste.Lacroix at businessdecision.com
Wed May 14 09:11:14 EDT 2008 

Thanx a lot about DFLOWS... The one I use is :
flow-cat /var/log/netflow/ft/ft-v05* | flow-export -f3 -u
"flowuser:2521bast18:localhost:3306:netflow:FLOWS" 

 
-mUNIX_SECS,EXADDR,DFLOWS,DPKTS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT,PROT
,TOS

or: 

flow-cat /var/log/netflow/ft/ft-v05* | flow-export -f3 -u
"flowuser:2521bast18:localhost:3306:netflow:FLOWS" -m0x0000000000783069LL

 
 
And it is actually working fine but I would like to know the exact
signification of each field even if I can guess all of them I want that
there's no doubt.
For example The difference between UNIX_SEC, UNIX_NSEC, SYSUPTIME... I guess
the first one is the time of the transmission, the second one the duration
but the last one ???
Also 'D'OCTETS... D means Distribution ??? what should I understand by
distribution... I hope those questions doesn't seem too stupid.
Best regards.
 
Baptiste Lacroix 
 

________________________________

De : Joe Loiacono [mailto:jloiacon at csc.com] 
Envoyé : mercredi 14 mai 2008 14:52
À : Baptiste Lacroix
Cc : flow-tools at list.splintered.net; flow-tools-bounces at list.splintered.net
Objet : Re: [Flow-tools] More details about flow-export



One thing that might be throwing you off is that DFLOWS does not exist for
netflow versions 1 and 5. 

Here's a flow-export command I have used: 

flow-export -f2 -m UNIX_SECS, UNIX_NSECS, SYSUPTIME, EXADDR, DPKTS, DOCTETS,
FIRST, LAST, SRCADDR, DSTADDR, INPUT, OUTPUT, SRCPORT, DSTPORT,PROT,TOS <
ft-v05.2008-02-12.091503+0000 > ~/flowtools_export

Joe 




"Baptiste Lacroix" <Baptiste.Lacroix at businessdecision.com> 
Sent by: flow-tools-bounces at list.splintered.net 

05/14/2008 03:15 AM 

To
<flow-tools at list.splintered.net> 
cc
Subject
[Flow-tools] More details about flow-export

	




Hi, 
  
  I'm actually working on a project about netflow. I'm using flow-tools and
in particular flow-export. I just would like to know if a detail explanation
of every field used to export (in the case of MYSQL export). I have some
difficulties to well understand the DFLOWS for example. I'm finnishing my
studies and the period that they're allowing for me to work on this project
is really short so maybe I missed some explaination on the net and I
apologize for this . 
Thanks in advance. 
  
Baptiste Lacroix 
 _______________________________________________
Flow-tools mailing list
flow-tools at splintered.net
http://mailman.splintered.net/mailman/listinfo/flow-tools 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20080514/2572f719/attachment.htm

More information about the Flow-tools mailing list