[email protected] wrote on 01/11/2012 02:08:11 AM: > hello list! > i have a some question: > how generate report incoming /outgoing byte per each host from some net
> with minimal overhead: (flow-cat -> flow-nfilter -> flow-stat or > flow-report)? > example pls. >From FlowViewer, I captured the output, and the intermediate filter files. Here's the results from a typical query you are asking for: If you're using flow-tools, FlowViewer is a web-based front end. Makes things easy and is a quick install. See: http://ensight.eos.nasa.gov/FlowViewer/ *** Report for 'out': (flow-stat -f9) ***************** Report: Source IP Sort Field: 4 Start Time: January 10, 2012 11:00:00 GMT End Time: January 10, 2012 12:00:00 GMT Device: xyz-core-01a Exporter: Source: 192.168.237.0/24 Destination: Source Port: Destination Port: Source I/F: Destination I/F: Source AS: Destination AS: TOS Field: TCP Flag: Include if: Any part of flow in Time Period Protocols: Lines Cutoff: 100 Octets Cutoff: Host Flows Octets Packets 192.168.237.34 235 5.96 GB 4510866 192.168.237.35 315 5.65 GB 4223478 192.168.237.33 8 5.00 GB 3622967 192.168.237.32 13 2.40 GB 1814986 192.168.237.31 11 54.58 MB 39584 192.168.237.41 246 62.35 KB 1190 192.168.237.42 245 62.09 KB 1185 192.168.237.25 595 34.86 KB 595 *** Filter: ******* filter-primitive source_address type ip-address-prefix permit 198.118.237.0/24 default deny filter-primitive start_flows type time-date permit ge January 10, 2012 11:00:00 default deny filter-primitive end_flows type time-date permit lt January 10, 2012 12:00:00 default deny filter-definition Flow_Filter match ip-source-address source_address match end-time start_flows match start-time end_flows *** Report for 'in': (flow-stat -f8) ***************** Report: Destination IP Sort Field: 4 Start Time: January 10, 2012 11:00:00 GMT End Time: January 10, 2012 12:00:00 GMT Device: xyz-core-01a Exporter: Source: Destination: 192.168.237.0/24 Source Port: Destination Port: Source I/F: Destination I/F: Source AS: Destination AS: TOS Field: TCP Flag: Include if: Any part of flow in Time Period Protocols: Lines Cutoff: 100 Octets Cutoff: Host Flows Octets Packets 192.168.237.33 38 126.12 MB 2297416 192.168.237.34 235 107.15 MB 2150520 192.168.237.35 315 105.41 MB 2083491 192.168.237.32 13 42.80 MB 855540 192.168.237.31 11 1.34 MB 22204 192.168.237.41 253 106.45 KB 1150 192.168.237.42 247 105.52 KB 1140 192.168.237.25 595 26.73 KB 595 *** Filter: ******* filter-primitive dest_address type ip-address-prefix permit 192.168.237.0/24 default deny filter-primitive start_flows type time-date permit ge January 10, 2012 11:00:00 default deny filter-primitive end_flows type time-date permit lt January 10, 2012 12:00:00 default deny filter-definition Flow_Filter match ip-destination-address dest_address match end-time start_flows match start-time end_flows
_______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
