Hi,
After running flow-capture beginning december 1, I looked into the flows
directory and it has tremendously grown into 16Gig in size.
As of now it contains 6005 pieces of 5-minute flows. My goal is to run
"flow-cat all_December_flows | flow-stat -f 8", however I'm having a
difficulty when executing this command. To overcome the shell limitation when
flow-catting too many files (6005), someone suggested to execute flow-cat to
all flows one by one using this script:
#!/bin/sh
for i in /var/netflow/ft/all/ft-v05.2006-12-0* ; do flow-cat ${i} >> dec0; done
#for i in /var/netflow/ft/all/ft-v05.2006-12-1* ; do flow-cat ${i} >> dec0; done
#for i in /var/netflow/ft/all/ft-v05.2006-12-2* ; do flow-cat ${i} >> dec0; done
To my surprise, after running flowcat on only the flows from dec1 to dec9, I
ended up with a huge 20Gig "dec0" flow, which is even bigger than the whole
flows directory which is only (16Gig).
Any idea what's happening here? Why did it grown up to 20gig?
How do you extract your top destination hosts for a whole month or even quarter
of the year when dealing with so many flows and so big in sizes? I tried
running flowdumper on the "dec0" file and it contains the usual flows details...
Thanks.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com _______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
