Thanks for the info. That makes sense. I'm using FlowViewer and I'm able
to get reports etc.
Christopher
On 06/12/14 08:21, Joe Loiacono wrote:
[email protected] wrote on 06/11/2014 01:06:45 PM:
> From: Christoper Holland <[email protected]>
> To: [email protected]
> Date: 06/12/2014 03:52 AM
> Subject: [Flow-tools] issues with flow-capture
> Sent by: [email protected]
>
> New to flow-tools. I'm running Ubuntu Server 12.02 with FlowViewer as a
> collector/analyzer.
>
> here is from flow-capture conf:
>
> -w /var/data/flows/office -V5 -E300G -N3
xxx.xxx.0.135/xxx.xxx.0.145/2050
>
> message from syslog:
>
> Jun 11 10:29:13 myserver flow-capture[23263]: ftpdu_seq_check():
> src_ip=xxx.xxx.0.145 dst_ip=xxx.xxx.0.135 d_version=5
> expecting=1346771233 received=1346771263 lost=30
I don't think this is too serious a problem. See:
http://mailman.splintered.net/pipermail/flow-tools/2003-April/001281.html
>
> The Cisco router sending the flows and my server are configured to use
> NTP for time, so they should be synced.
>
> flow-cat is giving me this warning as well:
>
> flow-cat: Warning, partial inflated record before EOF
That is not a problem ... just looking at a file that is not complete
yet.
By the way ... you may want to consider FlowViewer for web-based front
end to flow-tools:
https://sourceforge.net/projects/flowviewer
Regards,
Joe
_______________________________________________
Flow-tools mailing list
[email protected]
http://mailman.splintered.net/mailman/listinfo/flow-tools
