Hello, I have a question regarding practical usage of flow-tools with high volumes of traffic :) . Example configuration is to capture netflow by flow-capture from about 25 routers; with average size of binaries 10G per day, with highest compression level.
For example, I'm trying to aggregate this statistic by router address, and destination ip networks, by flow-report, using stat file such this: include filters/filter stat-report net1-router-in type summary-counters filter client-router-in output format ascii options +header,+xheader,+totals path itogo/client-router-in report net1-router-in (Total about 500 reports) And filters file: filter-definition net1-router-in match ip-destination-address net1 match exporter-ip-addr router filter-primitive router type ip-address permit 10.0.0.1 filter-primitive net1 type ip-address-prefix permit 10.10.10.0/26 . And, perfomance it too low to calculate my volumes. 15-minutes binary calculated for at least 18 minutes (100Mb binary), and at maximum - more then one hour (300Mb binary) on one-processor P4 1800 with 256M RAM. Of course, in working configuration machine could be little stronger :) Is there any ways to optimize aggregation? For example, to tag flows by exporter ip-address on one machine, then flow-send it to another, and then aggregate by networks? :) Is there someones, who uses flow-tools for big volumes calculation? _____________ Gennady Abramov, CCNA, CCNP; Demos-Internet NOC [EMAIL PROTECTED] _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
