[Flow-tools] Re: Flow-tools Digest, Vol 21, Issue 9

Mon, 22 Aug 2005 19:02:37 -0700 

hello

you can use this command to select the time

./flow-cat -t "8/23/05 04:00:00" -T "8/23/05 04:10:00" 
/usr/local/netflow/flowlog/2005/2005-08/ | ./flow-nfilter 
-f/usr/local/netflow/bin/acl/ip.acl -Ftest | ./flow-stat -f8 -S2
        
good luck




======= 2005-08-23 09:40:44 您在来信中写道:=======

>Send Flow-tools mailing list submissions to
>       [email protected]
>
>To subscribe or unsubscribe via the World Wide Web, visit
>       http://mailman.splintered.net/mailman/listinfo/flow-tools
>or, via email, send a message with subject or body 'help' to
>       [EMAIL PROTECTED]
>
>You can reach the person managing the list at
>       [EMAIL PROTECTED]
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Flow-tools digest..."
>
>
>Today's Topics:
>
>   1. Re: flow-nfilter (Andrew Fort)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 22 Aug 2005 16:20:31 +1000
>From: Andrew Fort <[EMAIL PROTECTED]>
>Subject: Re: [Flow-tools] flow-nfilter
>To: Paul Halliday <[EMAIL PROTECTED]>
>Cc: [email protected]
>Message-ID: <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>Paul Halliday wrote:
>> I am trying to grab a section of data within a time constraint. Is it
>> possible to do something like
>> 
>> filter-primitive 15minutes
>> type time-date
>>   permit gt 12:00:00
>>   deny lt 12:15:00
>> 
>> I have tried a couple different combinations, but I am not having much luck.
>> 
>> Thanks.
>
>excuse the lag (ehhem 6 months), I ran into this problem today and 
>didn't find a list answer, so I figured I'd post my solution.
>
>What works for me is:
>
>filter-primitive 00h
>   type time
>   deny gt 01:00:00
>   permit gt 00:00:00
>
>(note the deny must go first).
>
>This will match traffic between 00:00:01 and 01:00:00, if i understand 
>the logic correctly.
>
>For other hours in the day, this works:
>
>filter-primitive 01h
>   type time
>   deny gt 02:00:00
>   deny lt 01:00:00
>   permit gt 01:00:00
>
>I then use that as an additional match in my filter-definition.  The 
>configuration file gets quite large so I automate the building of it 
>from a database.
>
>-andrew
>
>
>------------------------------
>
>_______________________________________________
>Flow-tools mailing list
>[email protected]
>http://mailman.splintered.net/mailman/listinfo/flow-tools
>
>
>End of Flow-tools Digest, Vol 21, Issue 9
>*****************************************
>

= = = = = = = = = = = = = = = = = = = =
                        

        致
礼!
 
                                 
        徐绍岽
[EMAIL PROTECTED]
          2005-08-23


_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

Reply via email to