Hi,
Thanks for the JKFlow tip. I've managed to install it instead of CUFlow and
I've written an initial xml config file. I'm now analysing the output... One
question, would you have any tips (other than improving the collector's
hardware) on how to improve the performance of flowscan/jkflow? I guess my
main problem is that I've got load's of subnets that I need to exclude:
Eg:
<directions>
<direction name="me-Internet" from="me" to="Internet"
noto="mycountry">
<set name="Application Layer Protocols"/>
<set name="Transport Layer Protocols"/>
<total/>
<scoreboard hosts="1" ports="1"/>
</direction>
Where mycountry is:
<site name="mycountry"
subnets="194.158.32.0/19,195.158.64.0/18,193.110.155.0/24,217.15.96.0/20,217
.22.176.0/20,212.56.128.0/19,213.165.160.0/19,213.217.192.0/18,80.71.96.0/20
,80.77.192.0/20,62.173.0.0/19,194.204.96.0/19,217.168.160.0/20,217.30.96.0/2
0,192.106.64.0/19,194.153.85.0/24,194.105.32.0/20,217.145.0.0/20,194.158.39.
0/24,192.136.7.0/24,193.188.32.0/20,217.168.168.0/22,80.85.96.0/20"/>
Any tips would be greatly appreciated.
Thanks.
Joe
-----Original Message-----
From: Robert Galloway [mailto:[EMAIL PROTECTED]
Sent: 14 June 2004 16:08
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Flow-tools] Newbie: Flowtools no inbound traffic.
Hi Joe,
I'm not sure about the outbound only issue. If you are using NAT,
that could cause that problem. Also, the Cat6500's do strange
things as well. Make sure you have the "route-cache flow" on all
of your major interfaces.
On the module, look for JKFlow. It should do what your after and
you can use the same setup you already have.
Thanks,
Robert S. Galloway
Chief Network Security Engineer
IKANO Communications
...the Internet branding company
Official Data Networking Services Provider for the
Salt Lake Olympic Winter Games of 2002
[EMAIL PROTECTED]
801-415-8089
---------- Original Message ----------------------------------
From: "Joe Borg" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Mon, 14 Jun 2004 13:31:04 +0200
>Hi,
>
>I'm new to flow-tools. I've recently installed it following the
How-To for
>Flowtools with CUFlow and RRD. The install seems fine, however,
the graphed
>output shows no inbound traffic. I've listed all my subnets in
the cf file
>as specified in the how to. The percentages given in the legend,
however, do
>show that there is inbound traffic (e.g. TCP 94% out, 40% in).
Can anyone
>help me with this problem? I've found posts with similar problems
but not
>with the use of CUFlow.
>
>
>
>Secondly, I've realised that CUFlow is not ideal for my purpose,
since I'm
>particularly interested in a detailed breakdown of the traffic
flowing
>between subnets (we're a carrier), as well as to the Internet.
Can anyone
>indicate what the best solution would be (i.e. packages/perl
modules to
>use..)? Thanks.
>
>
>
>Joe
>
>
>
>------------------------------------------------
>Mr. Joseph Borg
>Network Engineer
>DataStream Ltd.
>Office Direct: 2567 7245
>Office General: 2567 7000
>URL: <http://www.datastream.com.mt/
<BLOCKED::http://www.datastream.com.mt/>
>>
>
>This Email is confidential and intended solely for the use of the
individual
>to whom it is addressed. Any views or opinions represented are
solely those
>of the author and do not necessarily represent those of
Datastream Ltd. If
>you are not the intended recipient, be advised that you have
received this
>e-mail in error and that any use, dissemination,
forwarding,printing or
>copying of this Email is strictly prohibited. Please notify the
sender
>immediately by e-mail if you have received this e-mail by mistake
or call
>+356 21482000 and delete this e-mail from your system. E-mail
transmission
>cannot be guaranteed to be secure or free of errors as
information could be
>intercepted, corrupted, lost, destroyed, delayed or incomplete,
and/or
>contain viruses. The sender therefore does not accept liability
for any
>errors or omissions in the contents of this message, which arise
as a result
>of Email Transmission.
>
>
>
>
>
>
>
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
