> I use flow-capture/flowscan to make bandwidth graph with rrdtool. Since one > week, i have a big problem. I have too much data and flow-capture/flowscan is > too slow > > 400 Mbits/s > 90000 packets/s > 10000 flows/s > > The server has Bi-xeon 2.40Ghz and RAM 2Go > > Does someone have a solution to solve this problem ? How can i resolv my > problem > ? Perhaps , change my server to bi-opteron ? I have 400Kb/s flows trafic, (MAN network, two main routers, 16 others routers, about 250 LAN's, studets, edonkey, bitTorrent trafic and more...) Flows works on 2xXeon(hyp) 2.8GHz, looks like 4 procesors, and load is 0,2, serial ata disk. Flowscan work allways after flow-filter. This reduced load. I made script, which split one main flow-cat to many flow-filter (by linux tee command and named fifo /var/tmp/flsX in example). It's weird, but it works very fast:) Maybe 1min flow files speed-up process. After about 2h I merge small 1min files into 1h files. I made this solution, because I needed fast reaction on atack.
This is an example: ---- #!/bin/sh fld="/usr/local/netflow/bin" /bin/cp $1 /var/local/flows/data/ $fld/flow-cat $1 |tee /var/tmp/fls0 |tee /var/tmp/fls1 |tee /var/tmp/fls2 |tee /var/tmp/fls3 |tee /var/tmp/fls4 |tee /var/tmp/fls5 |tee /var/tmp/fls6 |$fld/flow-stat -f9 -S1 | head -32 | $fld/flow-stat -f9 -S2 </var/tmp/fls0 |head -32 | grep -v ^# > /var/tmp/oct.current.tmp& $fld/flow-stat -f9 -S3 </var/tmp/fls1 | head -32 | grep -v ^# > /var/tmp/pkt.current.tmp& $fld/flow-filter -f /etc/flow.acl -r1 </var/tmp/fls2 | $fld/flow-stat -f8 -S1 | head -32 | grep -v ^# >/var/tmp/flw_icmp.current.tmp& $fld/flow-filter -f /etc/flow.acl -r1 </var/tmp/fls3 | $fld/flow-stat -f8 -S2 | head -32 | grep -v ^# >/var/tmp/oct_icmp.current.tmp& $fld/flow-filter -f /etc/flow.acl -r1 </var/tmp/fls4 | $fld/flow-stat -f8 -S3 | head -32 | grep -v ^# >/var/tmp/pkt_icmp.current.tmp& $fld/flow-stat -f0 </var/tmp/fls5 | head -32 | grep -v ^# > /var/tmp/total.tmp& $fld/flow-filter -f /etc/flow.acl -S spam -P 25 </var/tmp/fls6 |$fld/flow-stat -f9 -S1 | head -32 | grep -v ^# > /var/tmp/spam.tmp& ------------- _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
