On Thu, Feb 28, 2008 at 03:01:21PM +0700, michael kapelko wrote: > [...] So it appeared > `flow-cat' reads all files in all subdirs of /usr/local/sflow/ft in > this case which constantly increases the time to parse traffic. Why is > that so? Isn't it sane to only read the necessary files?
How is flow-cat supposed to know which files have data that falls within the requested time ranges if it doesn't check the contents of every file in the directory tree? By the filename? Well, you know that the filename contains the date and time the traffic flow ended, but flow-cat doesn't necessarily know that. And the filename doesn't say when the traffic started, so flow-cat still has to at least do the equivalent of the "flow-header" command to find out what the range of traffic is in the file. Which means opening up every file. Even if flow-cat was able to "guess" the start and end of traffic in a file by the filename (and it might be a nice addition to the code to have it do that), it would still need to recursively descend the directory tree, looking through directory entries of thousands and thousands of files, before it found the ones you wanted. So if you know what date and time you want, and you know what naming scheme you have, it's a lot faster to specify the top-level directory and maybe even the full filenames on the command line. _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
