[email protected] wrote on 07/01/2013 11:36:27 AM: > From: "Donnelly, Michael (ITS)" <[email protected]> > To: "[email protected]" <[email protected]> > Date: 07/02/2013 09:47 AM > Subject: [Flow-tools] General usage : Queries and Reports across > multiple collections. > Sent by: [email protected]
> New flow-tools 0.68 / flowviewer 4.1 installation. Netflow v5 on > all devices. > > I have 3 routers out to different ISPs that share the internet > service provided to my internal wan/man. > I have individual flow-capture instances running for the 3 routers > and a flow-tracker group that makes > nice stacked graphs showing traffic flow. (isp-a , isp-b , isp-c ) . > > I frequently need to search the group of devices for traffic > patterns. I wish to be able to search/report > across a whole group, or against individual collections. How do i > pull that off? > > My first stab at a solution is to run a flow-merge against the 3 > collections and build a 4th larger collection > ( ā isp-all ā ) that iād use for searching across all isp-routers. > The drawback of this method is its a diskspace > killer. > > It seems the other option is to have all three routers send to the > same port/instance of flow capture, but then > I lose the granularity of the stacked graphs in flow tracker, and > the ability to search individual router datasets. Just to give you a quick reply - check to see if "exporter" is different on your different feeds. Then you could have them all export to the same flow-capture, but segregate on "exporter". You can see the exporter IP address: flow-stat -f27 < ft-v05.2013-07-02.121500+0000 See http://ensight.eos.nasa.gov/FlowViewer/faq.html#26 for help. Please let me know of any questions or problems .... Joe
_______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
