hi there
I'm busy trying to setup a set of reports for traffic in/out for a few specific ip addresses. I have something like this for my filters:
<filters> filter-primitive tcp type ip-protocol permit TCP
filter-primitive web-ports type ip-port permit https permit 80 default deny
filter-primitive www-mysite-com type ip-address permit 1.2.3.4 default deny
filter-definition www-mysite-com-in match ip-protocol tcp match dst-ip-port web-ports match dst-ip-addr www-mysite-com
filter-definition www-mysite-com-out match ip-protocol tcp match src-ip-port web-ports match src-ip-addr www-mysite-com </filters>
<stat report> stat-report www-mysite-com-in type ip-destination-address filter www-mysite-com-in output format ascii
stat-report www-mysite-com-out type ip-destination-address filter www-mysite-com-out output format ascii
stat-definition www-mysite-com-in report www-mysite-com-in time-series 5
stat-definition www-mysite-com-out report www-mysite-com-out time-series 5 </stat report>
the end goal of this is to be used for graphing data, but for now I just want to see ip-destination-address to verify that the data I'll eventually graph is correct.
If I run a report for www-mysite-com-in, I get the data I'm expecting, but if I run the report for www-mysite-com-out, I don't
if I use flow-print < flowfile, I see the data for both in/out, so the data is definately in the flowfiles.
1) can you see anything glaringly obvious that I've missed that'd stop the -out report from working? I've change report type to things like ip-source/destination-address for verification of the data and i still get zero output for the -out, only for -in
2) is there an easier way to do this? I'm eventually looking for a +in and +out value to graph (I did get Mark's flow-rpt2rrd, flow-log2rrd from the archives - thanks Mark)
thanks
--Rob
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
