From flow-tools at splintered.net Thu Mar 5 04:31:11 2009 From: flow-tools at splintered.net (Catherine Oliver) Date: Thu Mar 5 04:31:16 2009 Subject: [Flow-tools] RE: USA Menshealth ID33413 You gf hot pics Message-ID: An HTML attachment was scrubbed... URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20090305/4e6ca71a/attachment.htm From MensHealth at rodale.delivery.net Sat Mar 7 07:33:19 2009 From: MensHealth at rodale.delivery.net (Men's Health) Date: Sat Mar 7 07:33:19 2009 Subject: [Flow-tools] =?utf-8?q?Additional_20=25_Off_Sale_=E2=80=93_This_?= =?utf-8?q?Weekend_Only_?= Message-ID: <49077459688.1234368994129@delivery.net> An HTML attachment was scrubbed... URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20090307/781ea7a7/attachment.htm From craig.weinhold at cdw.com Fri Mar 13 00:34:48 2009 From: craig.weinhold at cdw.com (Craig Weinhold) Date: Fri Mar 13 00:44:39 2009 Subject: [Flow-tools] Netflow V9 workaround Message-ID: Damien Miller's flowd collector (http://www.mindrot.org/projects/flowd) can collect Netflow v1/v5/v7/v9 and export in a form compatible with flow-tools' flow-import. It's a quick way to get V9 collection working with all your existing flow-tools reports, tagging, filters, etc. Naturally it only supports for V5 fields (use 'record netflow-original' when setting up Cisco flexible netflow). Below is a crontab script to automate the flowd->flow-tools move. As a side note, Cisco IOS 12.4(22)T finally supports native V5 export from flexible netflow. As another side note, flowd also supports multicast listening, -Craig #!/usr/bin/perl # "flowd2ft" crontab script to move flowd capture files into flow-tools # -- flow-tools variables our $ftImport = "/usr/local/netflow/bin/flow-import"; # where ft's flow-import is our $ftDir = "/var/log/flow-tools-capture"; # where ft's capture files go our $ftTZ = "-0500"; # timezone for ft capture files our $ftPeriod = 300; # seconds per ft capture file and cron interval # -- flowd variables our $flowdReader = "/usr/local/bin/flowd-reader"; # where flowd-reader is our $flowdConf = "/usr/local/etc/flowd.conf"; # where flowd.conf is our $flowdHup = "10"; # SIGUSR1 our ($flowdPid, $flowdLog); our ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time - $ftPeriod); our $ftFile = sprintf("ft-v05.%04d-%02d-%02d.%02d%02d%02d$ftTZ", $year + 1900, $mon + 1, $mday, $hour, $min, $sec); open(IN, $flowdConf) || die "Could not read $flowdConf"; while ( ) { if (/^\s*logfile ["]?([^"\s]+)/) { $flowdLog = $1; } if (/^\s*pidfile ["]?([^"\s]+)/) { $flowdPid = $1; } } close(IN); exit if (! -f $flowdLog); # exit silently on empty file die "$flowdPid does not exist: $!" if (! -f $flowdPid); my $pid = `cat $flowdPid`; `mv $flowdLog $flowdLog.tmp`; die "$flowdPid ($pid) invalid: $!" if (! kill $flowdHup, $pid); `$flowdReader -c $flowdLog.tmp | $flowImport -f 2 -V 5 -z 1 > $ftDir/$ftFile`; unlink("$flowdLog.tmp"); From mrandl at coprosys.cz Mon Mar 23 16:20:22 2009 From: mrandl at coprosys.cz (Martin Randl) Date: Mon Mar 23 16:20:28 2009 Subject: [Flow-tools] ip accounting Message-ID: <1237839622.3223.43.camel@localhost.localdomain> Hi all, I want to create simple network accounting with flow-tools. We have BGP router with netflow enabled. Flow-capture create files with netflow data correctly... I have a list of our custommers with their IP adresses/subnets. I want to get a summary of trafic for each of our custommer. I want to find fastest method to calculate summaries of data... For example # List with ipadresses/subnets. prefixlist_c1 permit 10.20.30.0/24 permit 10.20.50.0/24 prefixlist_c2 permit 10.20.100.0/25 # Report should be... head: custommer, traffic in, traffic out. custommer1, 278123412312343bits, 12341234234235bits custommer2, 23412341241234bits, 1234141234455bits Sorry for my english :) Martin From jloiacon at csc.com Mon Mar 23 16:38:28 2009 From: jloiacon at csc.com (Joe Loiacono) Date: Mon Mar 23 16:38:37 2009 Subject: [Flow-tools] ip accounting In-Reply-To: <1237839622.3223.43.camel@localhost.localdomain> Message-ID: Martin, You can accomplish this with FlowViewer which allows you to track customers usage over time with graphs and statistics. FlowViewer is a web-based companion tool for flow-tools. It also provides you to do ad-hoc queries and is useful for many types of network traffic analysis tasks. http://ensight.eos.nasa.gov/FlowViewer/ Joe Loiacono Martin Randl Sent by: flow-tools-bounces@list.splintered.net 03/23/2009 04:20 PM To flow-tools@list.splintered.net cc Subject [Flow-tools] ip accounting Hi all, I want to create simple network accounting with flow-tools. We have BGP router with netflow enabled. Flow-capture create files with netflow data correctly... I have a list of our custommers with their IP adresses/subnets. I want to get a summary of trafic for each of our custommer. I want to find fastest method to calculate summaries of data... For example # List with ipadresses/subnets. prefixlist_c1 permit 10.20.30.0/24 permit 10.20.50.0/24 prefixlist_c2 permit 10.20.100.0/25 # Report should be... head: custommer, traffic in, traffic out. custommer1, 278123412312343bits, 12341234234235bits custommer2, 23412341241234bits, 1234141234455bits Sorry for my english :) Martin _______________________________________________ Flow-tools mailing list flow-tools@splintered.net http://mailman.splintered.net/mailman/listinfo/flow-tools -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.splintered.net/pipermail/flow-tools/attachments/20090323/8f56e9ae/attachment.htm