Hi all, This may be a stupid question but I can't see a way using the flow-tools command line tools to convert a flow-tools format file to a file in either of the following formats:
1) IPFIX format Or 2) Netflow V5 PDUs Any ideas or pointers to other tools are appreciated! As background, I've been tasked with importing data regularly from a 3rd party netflow collector which uses flow-tools into a locally-controlled SiLK (http://tools.netsa.cert.org/silk/silk_docs.html) installation. SiLK provides import tools from IPFIX or, using another related tool, from pcap (via IPFIX). However reading the list it seems that the pcap output from flow-export is not really guaranteed to be accurate either in timestamp or bytecount. Currently I am using flow-send to the SiLK netflow collector running on localhost. While it works most of the time it just isn't reliable. I have no way to see whether UDP buffer overruns have caused large parts of my import data to go missing. Of course, whilst using the -x switch to flow-send with values in the range of 100-200 has proven to be fully successful I still have no guarantees under high CPU load. I'm more than happy to write something myself, it just struck me as odd that I couldn't see anything easily available and I'd much rather not reinvent the wheel. Cheers, Andrew _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
