On 8/31/05, Mike Hunter <[EMAIL PROTECTED]> wrote: > On Aug 17, "Ross Wimmersberger" wrote: > > > I am curious to find out what you do with your netflow reporting system? > > We were hoping to get a little more detail so if HTTP is spiking, find > > out why, so I might be looking into the other reporting engine, but I am > > curious to see what and how you all use it on a daily basis?
We use it mainly to augment our IDS system. Some samples are here: http://dp.penix.org/Flows/ Just a bunch of cron jobs that run TCL scripts to generate web based reports. The graphing is done with a 'very crappy' shell script that grabs stats and populates RRD's (rrdtool). Everything is refreshed every 5 minutes. The host based reports are generated either on demand (IDS correlation) or via a trigger (bandwidth markers, flow-dscan, etc) during each report generation period. The great thing about flows is the sky is the limit. So much information, so many ways to display it, so little time.. -p _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
