Hello All. I am running a Dual Xeon 2.4 HT with 1GB ram. I am using flow-capture to store the raw netflow data, and then flowscan to parse the data and update the rrd files. I updating 3000 rrds because we have 3000 IPs on our network, and right now the network is averaging 200mbits daily; if I were only running one instance of flow-capture/flowscan, it would take considerably longer than 300 seconds to update the rrds.
What I did was have the cisco export the netflow data stream to two IPs (which are on the same server), and then run two copies of flow-capture and flowscan. This helps a lot, each takes about 150 secs to analyze its half of the IPs. My question is what happens as the network gets so large that the processors cannot keep up? Am I pushing the limits of flow-cap/scan too far? Is there some way to increase effeciency? Has anyone generated an rrd file for this many IPs on so much traffic? I really don't want to tell my boss we need a Quad Xeon system to generate bandwidth graphs. Here are the commands I am using: /usr/local/netflow/bin/flow-capture -z0 -w /var/netflow/ft1 IP1/ROUTER/2000 -S5 -V5 -E1G -n 287 -N /usr/local/netflow/bin/flow-capture -z0 -w /var/netflow/ft2 IP2/ROUTER2/2000 -S5 -V5 -E1G -n 287 -N 0 flowscan (parsing for the first half of the IPs out of /var/netflow/ft1) flowscan (parsing for second half of the IPs out of /var/netflow/ft2) Thank You for any input, Rick Blundell http://www.netflowguide.com -- Unsubscribe mailto:[EMAIL PROTECTED] Help mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/rrd-users WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
