<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16640" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=918240313-14052008>Thanx a lot about
DFLOWS... The one I use is :</SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=918240313-14052008>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="COLOR: black; mso-ansi-language: EN-GB">flow-cat
/var/log/netflow/ft/ft-v05* | flow-export -f3 -u
"flowuser:2521bast18:localhost:3306:netflow:FLOWS"<SPAN
class=918240313-14052008> </SPAN></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="COLOR: black; mso-ansi-language: EN-GB"><SPAN
class=918240313-14052008>
-m</SPAN>UNIX_SECS,EXADDR,DFLOWS,DPKTS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT,PROT,TOS</SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="COLOR: black; mso-ansi-language: EN-GB"><?xml:namespace prefix = o ns =
"urn:schemas-microsoft-com:office:office" /><o:p><SPAN
class=918240313-14052008>or: </SPAN></o:p></SPAN></P><SPAN lang=EN-GB
style="COLOR: black; mso-ansi-language: EN-GB"><o:p><SPAN
class=918240313-14052008>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-GB
style="mso-ansi-language: EN-GB; mso-bidi-font-style: italic">flow-cat
/var/log/netflow/ft/ft-v05* | flow-export -f3 -u
"flowuser:2521bast18:localhost:3306:netflow:FLOWS"
-m0x0000000000783069LL<o:p></o:p></SPAN></P></SPAN></o:p></SPAN></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=918240313-14052008><FONT face=Arial color=#0000ff size=2>And it
is actually working fine but I would like to know the exact signification of
each field even if I can guess all of them I want that there's no
doubt.</FONT></SPAN></DIV>
<DIV><SPAN class=918240313-14052008><FONT face=Arial color=#0000ff size=2>For
example The difference between UNIX_SEC, UNIX_NSEC, SYSUPTIME... I guess the
first one is the time of the transmission, the second one the duration but the
last one ???</FONT></SPAN></DIV>
<DIV><SPAN class=918240313-14052008><FONT face=Arial color=#0000ff size=2>Also
'D'OCTETS... D means Distribution ??? what should I understand by
distribution... I hope those questions doesn't seem too
stupid.</FONT></SPAN></DIV>
<DIV><SPAN class=918240313-14052008><FONT face=Arial color=#0000ff size=2>Best
regards.</FONT></SPAN></DIV>
<DIV><SPAN class=918240313-14052008><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV><STRONG><SPAN
style="FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Verdana">Baptiste
Lacroix</SPAN></STRONG>
<DIV> </DIV><BR>
<DIV class=OutlookMessageHeader lang=fr dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>De :</B> Joe Loiacono [mailto:jloiacon@csc.com]
<BR><B>Envoyé :</B> mercredi 14 mai 2008 14:52<BR><B>À :</B> Baptiste
Lacroix<BR><B>Cc :</B> flow-tools@list.splintered.net;
flow-tools-bounces@list.splintered.net<BR><B>Objet :</B> Re: [Flow-tools]
More details about flow-export<BR></FONT><BR></DIV>
<DIV></DIV><BR><FONT size=2><TT>One thing that might be throwing you off is that
DFLOWS does not exist for netflow versions 1 and 5.</TT></FONT> <BR><BR><FONT
size=2><TT>Here's a flow-export command I have used:</TT></FONT> <BR><BR><FONT
size=2><TT>flow-export -f2 -m UNIX_SECS, UNIX_NSECS, SYSUPTIME, EXADDR, DPKTS,
DOCTETS, FIRST, LAST, SRCADDR, DSTADDR, INPUT, OUTPUT, SRCPORT, DSTPORT,PROT,TOS
< ft-v05.2008-02-12.091503+0000 > ~/flowtools_export<BR></TT></FONT><FONT
face=sans-serif size=2><BR>Joe</FONT> <BR><BR><BR><BR>
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD width="40%"><FONT face=sans-serif size=1><B>"Baptiste Lacroix"
<Baptiste.Lacroix@businessdecision.com></B> </FONT><BR><FONT
face=sans-serif size=1>Sent by:
flow-tools-bounces@list.splintered.net</FONT>
<P><FONT face=sans-serif size=1>05/14/2008 03:15 AM</FONT> </P>
<TD width="59%">
<TABLE width="100%">
<TBODY>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif size=1>To</FONT></DIV>
<TD><FONT face=sans-serif
size=1><flow-tools@list.splintered.net></FONT>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif size=1>cc</FONT></DIV>
<TD>
<TR vAlign=top>
<TD>
<DIV align=right><FONT face=sans-serif size=1>Subject</FONT></DIV>
<TD><FONT face=sans-serif size=1>[Flow-tools] More details about
flow-export</FONT></TR></TBODY></TABLE><BR>
<TABLE>
<TBODY>
<TR vAlign=top>
<TD>
<TD></TR></TBODY></TABLE><BR></TR></TBODY></TABLE><BR><BR><BR><FONT face=Arial
size=2>Hi,</FONT> <BR><FONT size=3> </FONT> <BR><FONT face=Arial
size=2> I'm actually working on a project about netflow. I'm using
flow-tools and in particular flow-export. I just would like to know if a detail
explanation of every field used to export (in the case of MYSQL export). I have
some difficulties to well understand the DFLOWS for example. I'm finnishing my
studies and the period that they're allowing for me to work on this project is
really short so maybe I missed some explaination on the net and I apologize for
this .</FONT> <BR><FONT face=Arial size=2>Thanks in advance.</FONT> <BR><FONT
size=3> </FONT> <BR><FONT face=Verdana size=2><B>Baptiste
Lacroix</B></FONT><FONT size=3> </FONT><BR><FONT size=3> </FONT><FONT
size=2><TT>_______________________________________________<BR>Flow-tools mailing
list<BR>flow-tools@splintered.net<BR>http://mailman.splintered.net/mailman/listinfo/flow-tools</TT></FONT>
<BR></BODY></HTML>