On 10/1/07, sarah belkhiria <[EMAIL PROTECTED]> wrote: > > hi; > I hope that someone can help me with capturing version 5 > netflow. > i installed flow-tools 0.68.1 successfully on SUSE 10.0. > my command for capturing data is : > /usr/bin/flow-capture -w /var/log/netflow 0/0/2055 -V 5 - E1G -n 287 -N3 > IT WORKS. > I SEE THE tmp and ft-v05 files in /var/log/netflow, but when i try to see > the collected > data with flow-print; the result is like this : > Start End Sif SrcIPaddress SrcP DIf > DstIPaddress DstP > P Fl Pkts Octets > without data.(it seems like empty files) > > I have run tcpdump using the command line "tcpdump -ni port > 2055" which shows traffic being received as below: > 09:27:20.852231 IP 130.199.xxx.xx.50968 > > 192.168.47.xxx.2055: UDP, length: > 1416 > 09:27:20.852536 IP 130.199.xxx.xx.50968 > > 192.168.47.xxx.2055: UDP, length: > 1416 > > I run netstat -lnp > udp 0 flow-capture > > In syslog: ...FLOW-TOOLS...setsockopt(size=4194304) >
It seems that you are in fact receiving flows. But try this command instead: /usr/bin/flow-receive 0/0/2055 | flow-print And see what you get. In order to print received flow-files from flow-capture, remember that you have to use flow-cat to first concatenate the data and then pipe it to flow-print or similar. flow-cat /var/log/netflow | flow-print / Benjamin
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
