Hi All,
I'm am using a flow-export | grok | flow-import routine to deal with routers sending stupid timestamps and also to provide bespoke aggregation. In the process I lose all the lovely metadata that the original flow file contains. How can I hack the output of flow-import to replicate the stats below?
For example.
% flow-header < ft-v07.2006-04-05.152646+0000
#
# mode: normal
# capture hostname: flow
# capture start: Wed Apr 5 15:26:46 2006
# capture end: Wed Apr 5 15:31:45 2006
# capture period: 299 seconds
# compress: off
# byte order: big
# stream version: 3
# export version: 7
# lost flows: 104
# corrupt packets: 0
# sequencer resets: 2
# capture flows: 972045
#
% fcat ft-v07.2006-04-05.152646+0000 | flow-export -f2 | grok | flow-import -V7 -f2 > ft-test
flow-export: Exported 972045 records
flow-import: Imported 972045 records.
% flow-header < ft-test
#
# mode: streaming
# compress: off
# byte order: big
# stream version: 3
# export version: 7
# comments: flow-import
#
**********************************************************************
Registered Office:
Marks and Spencer plc
Waterside House
35 North Wharf Road
London
W2 1NW
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
<<www.marksandspencer.com>>
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.
2005
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
