flow-tools-boun...@list.splintered.net wrote on 06/11/2014 01:06:45 PM:
From: Christoper Holland christ...@skyviewtech.com
To: flow-tools@list.splintered.net
Date: 06/12/2014 03:52 AM
Subject: [Flow-tools] issues with flow-capture
Sent by: flow-tools-boun...@list.splintered.net
New to
flow-tools-boun...@list.splintered.net wrote on 07/01/2013 11:36:27 AM:
From: Donnelly, Michael (ITS) michael.donne...@its.ny.gov
To: flow-tools@list.splintered.net flow-tools@list.splintered.net
Date: 07/02/2013 09:47 AM
Subject: [Flow-tools] General usage : Queries and Reports across
FlowViewer 4.1 provides a convenient web-based user interface to two
popular netflow collector/analyzers: flow-tools and SiLK. After a long
wait, SiLK v3.7.1 was released to the general public this week. The
inclusion of the underlying SiLK tool set enables FlowViewer users to
continue to use
flow-tools-boun...@list.splintered.net wrote on 05/06/2013 04:49:07 PM:
In March I rebooted the Ubuntu system running the flow-tools
installation. After the reboot an http request for flow information
returns no data although the apache service seems to be running
fine. I can also see flows
FlowViewer version 4.0 will work with IPFIX/v9 provided you can get a copy
of SiLK v3.0.
SiLK has been developed by the NetSA group at Carnegie Mellon and it's
previous versions (prior v3.0) are freely available.
The manager of the SiLK software, Chris Inacio, has told me in emails he
is
Konstantin,
You could also let FlowViewer handle this for you in the user interface.
You can graph it and track it (via rrdtool) as well.
http://ensight.eos.nasa.gov/FlowViewer/
Joe Loiacono
From: Konstantin V. Krotov k...@insysnet.ru
To: flow-tools@list.splintered.net
Date: 07/20
Dave,
Ironically I am finishing up testing for FlowViewer v 4.0. It now supports
both flow-tools (for legacy) and SiLK v 3.0 (which supports Cisco's v9 and
IPFIX.) Version 4.0 also has a new user interface (but preserves all
existing Trackings, etc.)
NASA (as govt.) was eligible for a beta
Yep, I've got a feeling flow-tools may not be upgraded for IPFIX. However,
we're (FlowViewer) working on an IPFIX solution. Stay tuned ...
Joe Loiacono
From: Mark Boolootian boo...@ucsc.edu
To: Drew Weaver drew.wea...@thenap.com
Cc: flow-tools@list.splintered.net flow-tools
I've never used it, but there is a tool called flow-rpt2rrd:
The flow-rpt2rrd utility processes the CSV output of flow-report into
RRDtool format. The aggregates for a key are each stored as a DS in RRD
filename {rrd_path,/,key,rrd_postfix,.rrd}. By default a DS is created
for flows, octets,
Hi,
You might try FlowViewer, a web-based front-end to flow-tools. It provides
for easy reports and adjusting of filters, graphing filtered data, and
maintaining long-term graph sets (ala MRTG) for specified filters. And,
with respect to your question, the ability to preserve filters for future
flow-tools-boun...@list.splintered.net wrote on 10/26/2011 07:56:14 PM:
srcIPdstIPprot srcPort dstPort octets packets
I.I.P.P192.168.2.1966 3389 3799 55 1
I.I.P.P192.168.2.1966 3389 4465 40 1
I.I.P.P
flow-tools-boun...@list.splintered.net wrote on 06/16/2011 10:46:14 AM:
Thank you very much! That works fine, and FlowViewer gives me the
same report if I had just looked at the right thing! Now the next
question, is there a nice way to plot this over time?
Can you set an individual
flow-tools-boun...@list.splintered.net wrote on 01/29/2011 03:46:05 PM:
Math seems sound.
300 seconds is a function of exporter interval and collector file
rotation. Most flows are shorter. Some will be longer if the
exporter interval (active flow timeout) isn't configured properly.
Craig,
Thanks for the 'flowd2ft' script to enable conversion between flowd V9
captures and flow-tools ft files (
http://mailman.splintered.net/pipermail/flow-tools/2009-March/003765.html
)
From your accompanying email message of Mar 13, 2009:
Naturally it only supports for V5 fields (use
When you apply flow-stat to a single ft file, you're getting the average
rate over the length of time associated with the file. My ft files are
typically 15 minutes long. If we assume yours are 15 minutes also, you are
comparing a 15 minute average with an MRTG 5-minute SNMP sample of all
talking about, I wouldn't sample at
all. It's not a very heavy load, and you'll be happier with the results.
You don't have to change the ft file times.
Joe
From:
Jacky Chan bigserp...@gmail.com
To:
Joe Loiacono/USA/c...@csc
Cc:
flow-tools@list.splintered.net
Date:
05/04/2010 11:30 AM
Subject:
Re
Uttam,
FlowViewer, an easy-install web companion tool for flow-tools, has an
option to view results adjusted for sampling.
http://ensight.eos.nasa.gov/FlowViewer
Joe Loiacono
Network Engineering, Sr. Principal Leader
CSC
7900 Harkins Road, Lanham, MD 20706
IT Infrastructure Solutions | p: +1
Why don't you use FlowViewer? It is a web companion tool for flow-tools,
and meets your requirements. Check out:
http://ensight.eos.nasa.gov/FlowViewer
Look through the screenshots, and read through the User's Guide.
Joe
|
| From: |
|
Also make sure there is no firewall (iptables) blocking things. the f/w
blocks packets after tcpdump.
Joe Loiacono
|
| From
have
flows being written.
I did also disable iptables and ip6tables (?) per Craig and Joe. I will
test now if those are getting in the way too.
Many thanks to al
Kirk
On Fri, Jan 8, 2010 at 12:20 PM, Joe Loiacono jloia...@csc.com wrote:
Also make sure there is no firewall (iptables) blocking
flow-capture logs for me to: /var/log/cflowd.log. Looks like cacti is
intermediate and sending to system messages at /var/log/messages?
My typical messages:
3076 Apr 20 15:15:17 dbcollect flow-capture[20686]: remove/2
2009/2009-03/2009-03-29/ft-v07.2009-03-29.234501+
3077 Apr 20 15:16:37
Yes - I've had flow-tools install instantly via apt-get. Sweet.
Joe
Andrew O'Brien andr...@oriel.com.au
Sent by: flow-tools-boun...@list.splintered.net
02/18/2009 04:06 PM
To
Armin Garcia saintar...@gmail.com, flow-tools@list.splintered.net
cc
Subject
RE: [Flow-tools] Problems installing
Kai,
This might help:
http://ensight.eos.nasa.gov/FlowViewer/faq.html#27
Joe
Zemke, Kai kai.ze...@smartnet.de
Sent by: flow-tools-boun...@list.splintered.net
01/06/2009 10:44 AM
To
flow-tools@list.splintered.net
cc
Subject
[Flow-tools] Using flow-fanout with different interfaces
Hi,
I know I've never had trouble with hundreds of port numbers.
Joe
Maxim Kuleshov [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
10/28/2008 06:43 PM
To
flow-tools@list.splintered.net
cc
Subject
[Flow-tools] limit for number of filter elements
Hello!
Is there any limitation for number of
mailing list where maybe someone
can confirm it for you.
Joe
Huber AdrianTRAIL [EMAIL PROTECTED]
08/06/2008 03:38 PM
To
Joe Loiacono/CIV/[EMAIL PROTECTED]
cc
Subject
Question regarding FlowViewer
Hello!
I’ve been spending some part of my morning trying to figure
this one
Hi Sarah,
Ironically I saw that yesterday for the first time and was confused
myself. I traced it back to some testing we were doing with different
flow-masks. Turns out IOS v 12.1(12c)E2) does not have the set mls flow
interface-full command I was hoping would allow us to see input and
I've started having trouble storing netflow from a 6509. Apparently when
restarting flow-capture, depending on which of the MSFC or Supervisor
sends the first packet, all data will be stored in that format (either v1
or v7). So, if I restart flow-capture, I may wind up with some files V1
and
Curious how the netflow data got stored in those files originally? I.e.,
what format are they in? ASCII?
Netflow data arrives at a collector as a series of UDP packets with PDUs
in the v5 format. A typical collector breaks apart the payload and stores
it in some format.
If it is ASCII (or
Dmitry,
If you are using flow-tools to collect your netflow data, you could then
use the FlowTracker component of FlowViewer to graphically track each
user. The graph would be a 'group' graph with Input above the x-axis, and
Output below the x-axis (for example). You could even stack multiple
[EMAIL PROTECTED] wrote on 02/28/2008 03:01:21 AM:
We have `flow-capture' running for (looking at the `top' output)
about 300 hours and pretty many flow. We used the following command:
/usr/bin/flow-cat -t 2008/02/13 14:00:00 -T 2008/02/13 14:29:59
/usr/local/sflow/ft | customParser
to
You'll probably have fprobe send to 127.0.0.1 port nnn.
Then start flow-capture (
http://www.splintered.net/sw/flow-tools/docs/flow-capture.html ) probably
something like:
flow-capture -p /flows/pids/flowtool.pid -w /flows/router_1 -E2000M -S5
0/0/nnn
E2000 would limit space used up to 2
You might try nprobe from the NTOP group: http://www.ntop.org/nProbe.html
Web site indicates that universities can get it for no cost.
fprobe is another option. http://sourceforge.net/projects/fprobe GPL
license without a fee, I believe.
These convert captured IP packets into netflow data and
Having problems getting flow-capture to create directories and add files.
Netflow UDP v5 packets are arriving (though they have skimpy data) but
flow-capture is not doing anything.
So we thought we'd build flow-tools by hand on Red Hat (wondering if
perhaps the RPM was faulty).
But the gmake
The authors can chime in, but I think this was fixed in 0.68.2. Might as
well go to 0.68.3:
http://flow-tools.googlecode.com/files/flow-tools-0.68.3.tar.bz2
Joe
Christian Vo [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
12/27/2007 01:01 PM
To
flow-tools@list.splintered.net
cc
Subject
Maybe the port got bound up somehow.
Can you try a 'netstat -an'?
If port 2055 is listed then somehow you got to kill it off. You could try
the flow-capture command using a different port and see what results.
Joe
Christian Vo [EMAIL PROTECTED]
12/20/2007 12:12 PM
To
Joe Loiacono/CIV
[EMAIL PROTECTED] wrote on 11/01/2007 09:54:57 PM:
Would flow-tools server A+B have identical traffic for this traffic
flow?(i.e. Src IP/Dst IP/ Octets etc)
Yes.
- Or would Flow-tools server A
only see the total octets as the tail is directly connected to Router A?
Each router will
[EMAIL PROTECTED] wrote on 10/23/2007 11:20:04 PM:
Hi all,
Does anyone do that? We currently just have the mrtg 95th percentile
hack, and I really can't verify it's accuracy.
We've got the same data in flows, anyone run across a tool to pull usage
data easily for a specific IP and/or
Hi Caio,
Alot of this has been done already with FlowViewer, available as
open-source. One of the FlowViewer tools, Flowtracker, uses RRDtool to
maintain four MRTG-like graphs for any filtered subset the user defines.
It also has a capability for grouping individual 'trackings' into a single
From Cisco
http://cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html
Rules for expiring NetFlow cache entries include:
•Flows which have been idle for a specified time are expired and removed
from the cache
•Long lived flows are expired and
Great, Paul. And others. Thanks!
I looked through the bug fixes, but I don't know enough about the
specifics - did the 64-bit problem get solved? Was it the time_t/u_int32
problem?
Thanks,
Joe
Paul P Komkoff Jr [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
07/15/2007 06:32 PM
To
Does this look like the 64-bit problem?ftio.c: In function âreadnâ:
ftio.c:2270: error: invalid lvalue in assignmentAnything else?Thanks!JoeCSCNOC-Flowviewer:/home/msmit227/NetFlow/flow-tools-0.68 # make
Making all in lib
make[1]: Entering directory `/home/msmit227/NetFlow/flow-tools-0.68/lib'
[EMAIL PROTECTED] wrote on 04/19/2007 02:45:51 PM:
2007/04/19 14:30:26 working on file
/var/netflow/ft-v05.2007-04-19.142823-0400...
Does the following show anything?
/var/netflow/flow-stat -f10 ft-v05.2007-04-19.142823-0400
Are the flow files populated?
Looks like you're receiving alot of
[EMAIL PROTECTED] wrote on 02/28/2007 12:19:10 PM:
I was troubleshooting an unrelated problem on our netflow cruncher this
morning and discovered flow-capture chewing up RAM/Swap (to the point
where it allocated all the swap on the box and was less-than-politely
killed for doing so).
This
[EMAIL PROTECTED] wrote on 02/28/2007 03:58:47 PM:
Hi Jason -
Message: 3
I am fairly new to analyzing netflow data and was wondering if anyone
could offer some suggestions. We are currently sending exports from a
cisco router to an instance of flow-capture which is storing it for
[EMAIL PROTECTED] wrote on 01/30/2007 11:56:13 PM:
[snip]
Lastly, can someone here suggest a way to know who is consuming the
traffic we are seeing in our MRTG graphs?
For example, our upstream provider A, at around 1:00 pm has reached
30M in MRTG scale. Given that the data source for this
FlowViewer 3.1 is now available.
Upgrade includes:
statistcal information (MAX, MIN, 95th PCT, AVG) with FlowGraphs
introduces the ability to archive and restart trackings
now permits queries longer than 30 days
permits a range of port numbers (e.g. ports 1024:1048) on queries
fixed a number of
[EMAIL PROTECTED] wrote on 12/05/2006 09:45:57 AM:
Hi Alistair,
When i run flow-capture -h, i have the same message:
[EMAIL PROTECTED] bin]# /usr/local/netflow/bin/flow-capture -h
Usage: /usr/local/netflow/bin/flow-capture { start | stop }
[EMAIL PROTECTED] bin]#
I use flow-capture from
Renata,
You could use the FlowViewer toolset, particularly FlowGrapher to be able
to see graphs of netflow data. Also, FlowTracker, which use RRDtool, will
create MRTG-like graphs over longer periods of time. The FlowViewer tools
are a web front-end to many of the flow-tools capabilities.
Everton da Silva Marques [EMAIL PROTECTED]
wrote on 08/10/2006 03:51:11 PM:
On Thu, Aug 10, 2006 at 02:22:24PM -0400, Joe Loiacono wrote:
Having trouble getting flow-capture to stay up. It immediately
dies after
invoking it. I've tested flow-receive and it works fine. Anybody
see
Users of FlowGrapher from the FlowViewer web companion
to flow-tools
may want to upgrade to FlowViewer v2.3. Modifications
have improved
the processing time of FlowGrapher up to 10-fold.
FlowViewer, with
FlowGrapher, can be found at:
http://ensight.eos.nasa.gov/FlowViewer
Thanks,
Joe
(Didn't
You need to know the SNMP index for the interface
in question (I guess this applies to virtual interfaces as well.) Here's
an example of flows which are leaving the router interface identified by
SNMP index 8:
In a file called 'filter_file' include:
filter-primitive dest_if
type ifindex
This has come up before on long runs.
I believe that while flow-tools is cranking, the web browser times-out
waiting. Looks like this breaks the stdout redirection. Might need to do
a 'fork' that keeps the redirection open by sending '... (dots)' or something
to the browser showing progress. I'll
Caught a couple of bugs in FlowViewer 2.0 and released
FlowViewer 2.1.
The first problem could result in missing data at
the beginning of a requested time period. The second problem would result
in missing graph data if the request straddled the end of a year. I recommend
users upgrade at their
53 matches
Mail list logo
