On Apr 29, 2008, at 10:58 AM, Paul P Komkoff Jr wrote:
Replying to Glenn Hochberg:
Fair question (as to how they got stored in the files), but I
don't know
the answer. There are collectors somewhere in another
organization that
store what appears to be the raw PDUs in v5 format (i.e. binary).
It appears to start with the Netflow V5 header, etc.
In that case is there a way to transform it to the flow-tools format?
Where is the flow-tools format described, for that matter, if you
know (or
if anyone else on the list does)?
Short answer: yes, it is possible.
Slightly longer: yes, it is possible with the following python
program:
output = flowtools.FlowSet('blablabla', True)
for host, pdu in (some host/pdu source):
pdu = flowtools.FlowPDU(host, buf)
output.write(pdu)
assuming that your host always the same, you can do
host = struct.unpack("!I", socket.inet_aton('127.0.0.1'))[0]
how to deal with pdu source itself depends on do you have the length
of each pdu in your stream, or not. On every iteration buf should
contain exactly one PDU.
You can get pyflowtools source from http://pyflowtools.googlecode.com/
and updated flow-tools from http://flow-tools.googlecode.com
--
Paul P 'Stingray' Komkoff Jr // http://stingr.net/key <- my pgp key
This message represents the official view of the voices in my head
Thanks to all who offered suggestions! Paul's solution worked out
great for me--especially since I needed to access the data from
Python anyway.
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
