[Flow-tools] Export flow file to V5 PDUs or IPFIX format?
Andrew O'Brien
andrewo at oriel.com.au
Tue Feb 10 21:42:04 EST 2009
Hi all,
This may be a stupid question but I can't see a way using the flow-tools
command line tools to convert a flow-tools format file to a file in
either of the following formats:
1) IPFIX format
Or
2) Netflow V5 PDUs
Any ideas or pointers to other tools are appreciated!
As background, I've been tasked with importing data regularly from a 3rd
party netflow collector which uses flow-tools into a locally-controlled
SiLK (http://tools.netsa.cert.org/silk/silk_docs.html) installation.
SiLK provides import tools from IPFIX or, using another related tool,
from pcap (via IPFIX). However reading the list it seems that the pcap
output from flow-export is not really guaranteed to be accurate either
in timestamp or bytecount.
Currently I am using flow-send to the SiLK netflow collector running on
localhost. While it works most of the time it just isn't reliable. I
have no way to see whether UDP buffer overruns have caused large parts
of my import data to go missing.
Of course, whilst using the -x switch to flow-send with values in the
range of 100-200 has proven to be fully successful I still have no
guarantees under high CPU load.
I'm more than happy to write something myself, it just struck me as odd
that I couldn't see anything easily available and I'd much rather not
reinvent the wheel.
Cheers,
Andrew
More information about the Flow-tools
mailing list