Hi, im new to netflow and flow-tools and i hope i�ll find someone who can help me with my question (maybe it�s only a question of understanding netflow). I use flow-tools version 0.66 and it�s running very well. I use flow-capture to collect netflows from 5 backbone routers. I started 5 different flow-captures with different working dirs and ports to listen on, so that the flows from each router is seperated.
flow-cat </dir/router1> | flow-stat -f10 > filerouter1 flow-cat </dir/router2> | flow-stat -f10 > filerouter2 flow-cat </dir/router3> | flow-stat -f10 > filerouter3 ... gives me information for accouting for accouting, i will cut these filerouter1-3 togehter (sortet by source/dest. ip) filerouter1,2&3 -> fileallrouters if i have connections which go over multiple routers, i have some entries like this # src IPaddr dst IPaddr flows octets packets 81.92.x.x 80.50.x.x 1 59 1 (same connection on router1) 81.92.x.x 80.50.x.x 1 62 1 (same connection on router2) i take the entry with the highest byte count for my accounting (router2) and delete the others Is there any (flow)tool available which makes this automated? (check for some connection over multiple router log files and take only the entry with highest byte count) what flow-tools should i use for accounting ? There are some connections in my logfiles which i dont understand, like this example # src IPaddr dst IPaddr flows octets packets 81.92.x.x 213.240.x.x 5 1403 7 (same connection on router1) 81.92.x.x 213.240.x.x 3 2813 15 (same connection on router2) How is it possible , that an entry with 5 flows has less bytes than an entry with 3 flows ? Thanks for your help and sorry about my very, very bad english greets mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
