Thanx a lot about DFLOWS... The one I use is : flow-cat /var/log/netflow/ft/ft-v05* | flow-export -f3 -u "flowuser:2521bast18:localhost:3306:netflow:FLOWS"
-mUNIX_SECS,EXADDR,DFLOWS,DPKTS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT,PROT ,TOS or: flow-cat /var/log/netflow/ft/ft-v05* | flow-export -f3 -u "flowuser:2521bast18:localhost:3306:netflow:FLOWS" -m0x0000000000783069LL And it is actually working fine but I would like to know the exact signification of each field even if I can guess all of them I want that there's no doubt. For example The difference between UNIX_SEC, UNIX_NSEC, SYSUPTIME... I guess the first one is the time of the transmission, the second one the duration but the last one ??? Also 'D'OCTETS... D means Distribution ??? what should I understand by distribution... I hope those questions doesn't seem too stupid. Best regards. Baptiste Lacroix ________________________________ De : Joe Loiacono [mailto:[EMAIL PROTECTED] Envoyé : mercredi 14 mai 2008 14:52 À : Baptiste Lacroix Cc : [email protected]; [EMAIL PROTECTED] Objet : Re: [Flow-tools] More details about flow-export One thing that might be throwing you off is that DFLOWS does not exist for netflow versions 1 and 5. Here's a flow-export command I have used: flow-export -f2 -m UNIX_SECS, UNIX_NSECS, SYSUPTIME, EXADDR, DPKTS, DOCTETS, FIRST, LAST, SRCADDR, DSTADDR, INPUT, OUTPUT, SRCPORT, DSTPORT,PROT,TOS < ft-v05.2008-02-12.091503+0000 > ~/flowtools_export Joe "Baptiste Lacroix" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 05/14/2008 03:15 AM To <[email protected]> cc Subject [Flow-tools] More details about flow-export Hi, I'm actually working on a project about netflow. I'm using flow-tools and in particular flow-export. I just would like to know if a detail explanation of every field used to export (in the case of MYSQL export). I have some difficulties to well understand the DFLOWS for example. I'm finnishing my studies and the period that they're allowing for me to work on this project is really short so maybe I missed some explaination on the net and I apologize for this . Thanks in advance. Baptiste Lacroix _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
