On Tue, Feb 23, 2010 at 08:15:29AM -0500, Drew Weaver wrote:
> Does anyone have any scripts or advice for getting useful data out of
> flow-cat/flow-print, etc?
>
>
> I am just looking for examples for simple things like finding the top
> 10 IPs doing SMTP, or SSH, or FTP, etc nothing too fancy..
Here's a template you can use to sort by top 10 source IP:
flow-cat $NETFLOW_FILES |
flow-filter -I $OUTGOING_INTERFACE_OID |
flow-stat -f9 -S2 |
head -20
You can skip the line for filtering on interface if it's not needed in
your environment.
The "old style" tools, flow-filter and flow-stat, can be used for
quick and dirty reports like the one above. The "new style" tools,
flow-nfilter and flow-report, are much harder to use but have more
functionality.
For immediate views with graphing, you should use flow-viewer as Joe
suggests.
_______________________________________________
Flow-tools mailing list
[email protected]
http://mailman.splintered.net/mailman/listinfo/flow-tools
