You also might want to look into nfdump at http://nfdump.sourceforge.net/.
It's active as of 2010-07-11 and has a flow-tools to nfdump converter (ft2nfdump) if you want to experiment with it using your existing data. > If you are not the intended recipient of this message (including attachments), or if you have received this message in error, immediately notify us and delete it and any attachments. If you no longer wish to receive e-mail from Edward Jones, please send this request to [email protected]. You must include the e-mail address that you wish not to receive e-mail communications. For important additional information related to this e-mail, visit www.edwardjones.com/US_email_disclosure -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Craig Weinhold > Sent: Tuesday, September 20, 2011 10:30 AM > To: Richard Hartmann > Cc: [email protected] > Subject: Re: [Flow-tools] flow-export 0.68 hanging while > reading in data > > Maybe try flowdumper? it's a perl utility included with the > Cflow.pm library from flow-tools contrib directory that > simply prints flows. > > flow-export doesn't have a lot of places where it can hang. > The only one is in the ftio_read routine which relies on zlib > compression. Maybe disable compression on your collector, or > recompile flow-tools with the most up-to-date zlib version? > > flow-tools does have known problems. flow-report creates > unbounded data structures that can seem to hang when > processing flow storms. Flow-capture may write garbage that > is received on the collector port, and this can confuse its > sequence number tracking. I've never seen it lock up, though. > > One thing is for certain -- if a flow file is corrupt, > there's not much you can easily do to fix it. Just delete it > and move on... > > > I've switched to using flowd > (http://www.mindrot.org/projects/flowd/) as a collector, and > then importing the files into flow-tools format. > > -Craig > > > On Tue, 20 Sep 2011, Richard Hartmann wrote: > > > Hi all, > > > > recently, flow-export started to hang during exports. When > using the > > same input file and options, it's always hanging at the same line. > > Using different command line options on the same file makes > it hang in > > different places, but given fixed combination of file & > options, you > > will always hang at the same line. > > > > So all of these will hang at different places, reproducibly: > > > > flow-export -f2 < foo > > > > flow-export -f2 \ > > -mUNIX_SECS,DPKTS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT,PROT < foo > > > > flow-export -f2 \ > > > -mUNIX_SECS,DPKTS,DOCTETS,SRCADDR,DSTADDR,SRCPORT,DSTPORT,PROT > < foo > > > \ bar > > > > As I don't speak C, my options are somewhat limited. > > > > Any help, or suggestions of software that is actively > maintained (in > > case flow-tools are simply deprecated), welcome. Especially if they > > are able to read the format used by flow-capture. > > > > > > Thanks, > > Richard > > _______________________________________________ > > Flow-tools mailing list > > [email protected] > > http://mailman.splintered.net/mailman/listinfo/flow-tools > > > _______________________________________________ > Flow-tools mailing list > [email protected] > http://mailman.splintered.net/mailman/listinfo/flow-tools > _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
