I have racked my brain on this one with no results. I wrote brand new report configuration files with just the type:
ip-source/destination-address/ip-destination-port
When I run the command shown below using the new filter I get teh same output. The first line of data is repeated until I CRTL-C the process.
Can anyone try the file I have below and tell me what you get? The high-level report works fine, but the other two do not.
poindexter /etc/flow-tools/cfg # flow-cat /data/flows/2005/2005-05/2005-05-10/ft* | flow-report -s /etc/flow-tools/cfg/level.rpt -S low-level
# recn: ip-source-address*,ip-destination-address*,ip-destination-port*,flows,octets,packets,duration
172.21.121.90,206.190.44.100,554,1,144,3,1088
172.21.121.90,206.190.44.100,554,1,144,3,1088
172.21.121.90,206.190.44.100,554,1,144,3,1088
...
repeats forever...
Nick
-- Nick Ellson CCDA, CCNP, CCSP, CCAI, MCSE 2000, Security+, Network+ Network Hobbyist.
On Tue, 10 May 2005, Nick Ellson wrote:
Interesting artifact with this report file.
flow-cat ft* | flow-report -s /etc/flow-tools/cfg/stat.cfg -S high-level - Yields the correct list of dest ports.
flow-cat ft* | flow-report -s /etc/flow-tools/cfg/stat.cfg -S med-level
- And low-level both output the column header and the first row.. and the first row is repeated forever in a loop.
Anyone see this behavior?
Nick
stat-report high-level-rpt type ip-destination-port filter noise output format ascii
stat-definition high-level report high-level-rpt
stat-report low-level-rpt type ip-source/destination-address/ip-destination-port filter noise output format ascii
stat-definition low-level report low-level-rpt
stat-report mid-level-rpt type ip-destination-address/ip-destination-port filter noise output format ascii
stat-definition mid-level report mid-level-rpt
filter-primitive protocols type ip-protocol permit 6 permit 17 default deny
filter-primitive snmpdump type ip-port deny 161 deny 162 default permit
filter-primitive backnoise type ip-address-mask deny 192.168.0.0 255.255.252.0 deny 224.0.0.0 240.0.0.0 default permit
filter-primitive localdest type ip-address-mask deny 172.21.0.0 255.255.0.0 deny 10.0.0.0 255.0.0.0 deny 192.168.0.0 255.255.0.0 default permit
filter-definition noise match ip-protocol protocols match ip-source-address backnoise match ip-destination-address backnoise match ip-destination-port snmpdump match ip-destination-address localdest
-- Nick Ellson CCDA, CCNP, CCSP, CCAI, MCSE 2000, Security+, Network+ Network Hobbyist. _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
