headers
uniojnqoifazy | 2 Jan 2012 07:48
Picon

RE: how can I create a new netflow file to save these filter flow ?

Hi ml
Are you mean 
# flow-cat ft-* | flow-nfilter  ft-v05.2010-05-09.190301+0800 >
newfilter.txt
But it's can work ,am I missing anything  ??

Cheers,
  unioj
-----Original Message-----
From: Michael W. Lucas [mailto:mwlucas@...] 
Sent: Wednesday, December 28, 2011 10:56 AM
To: uniojnqoifazy
Cc: flow-tools@...
Subject: Re: [Flow-tools] how can I create a new netflow file to save these
filter flow ?

flow-cat ft-* | flow-nfilter ... > ft-newfile

==ml

On Wed, Dec 28, 2011 at 10:45:26AM +0800, uniojnqoifazy wrote:
> Hi all,
> Have any command line tool can do it ?
> 
> 
> Cheers,
> Unioj
> 
> -----Original Message-----
> From: Joe Loiacono [mailto:jloiacon@...]
(Continue reading)

Permalink | Reply | 2 comments |
headers
Craig Weinhold | 2 Jan 2012 09:55
Favicon

RE: how can I create a new netflow file to save these filter flow ?

unioj,

Your original question was:

> I have retrieve some flow data by flow-print ,
> But now how can I create a new netflow file to save these filter flow ?

so presumably you are already piping together a series of flow tools commands (flow-cat, flow-merge,
flow-filter, flow-nfilter, etc), ending with "| flow-print"

Just replace the "| flow-print"  with "> ft-newfile" and those flows will be saved to the file "ft-newfile"
rather than printed to the terminal. You may wish to google "unix redirection" to find articles
describing how the |, >, <, >>, and << commands work in linux. Then go back and re-read the flow-tools man
pages and look at its examples.

-Craig

________________________________________
From: flow-tools-bounces@...
[flow-tools-bounces@...tered.net] on behalf of
uniojnqoifazy [uniojnqoifazy@...]
Sent: Monday, January 02, 2012 12:48 AM
To: 'Michael W. Lucas'
Cc: flow-tools@...
Subject: RE: [Flow-tools] how can I create a new netflow file to save   these   filter flow ?

Hi ml
Are you mean
# flow-cat ft-* | flow-nfilter  ft-v05.2010-05-09.190301+0800 >
newfilter.txt
(Continue reading)

Permalink | Reply | 1 comment |
headers
uniojnqoifazy | 2 Jan 2012 09:55
Picon

what's the mean about octets ?

 

Hi all,

what's the   mean about octets ? it’s the same as dOctets (Total number of Layer 3 bytes in the packets of the flow ) ?

 

 

cheers,

unioj

_______________________________________________
Flow-tools mailing list
flow-tools@...
http://mailman.splintered.net/mailman/listinfo/flow-tools
Permalink | Reply | 0 comments |
headers
uniojnqoifazy | 2 Jan 2012 09:59
Picon

what's the mean about octets ?

 

 

 

Hi all,

what's the   mean about octets ? it’s the same as dOctets (Total number of Layer 3 bytes in the packets of the flow ) ?

 

 

cheers,

unioj

 

_______________________________________________
Flow-tools mailing list
flow-tools@...
http://mailman.splintered.net/mailman/listinfo/flow-tools
Permalink | Reply | 0 comments |
headers
uniojnqoifazy | 2 Jan 2012 10:07
Picon

how to print out flow start and last time ?

 

Hi all,

Can I using flow-print to print out  :

First : firstSysUptime at start of flow

Last : lastSysUptime at the time the last packet of the flow was received

 

Or other tool ?

 

 

 

 

Cheers,

unioj

 

_______________________________________________
Flow-tools mailing list
flow-tools@...
http://mailman.splintered.net/mailman/listinfo/flow-tools
Permalink | Reply | 0 comments |
headers
Michael W. Lucas | 2 Jan 2012 14:54

Re: how can I create a new netflow file to save these filter flow ?


One thing to note is that the new flow file will not be compressed,
IIRC.  You can save space by gziping the new flow file.

On Mon, Jan 02, 2012 at 08:55:48AM +0000, Craig Weinhold wrote:
> unioj,
> 
> Your original question was:
> 
> > I have retrieve some flow data by flow-print ,
> > But now how can I create a new netflow file to save these filter flow ?
> 
> so presumably you are already piping together a series of flow tools commands (flow-cat, flow-merge,
flow-filter, flow-nfilter, etc), ending with "| flow-print"
> 
> Just replace the "| flow-print"  with "> ft-newfile" and those flows will be saved to the file "ft-newfile"
rather than printed to the terminal. You may wish to google "unix redirection" to find articles
describing how the |, >, <, >>, and << commands work in linux. Then go back and re-read the flow-tools man
pages and look at its examples.
> 
> -Craig
> 
> ________________________________________
> From: flow-tools-bounces@...
[flow-tools-bounces@...] on behalf of
uniojnqoifazy [uniojnqoifazy@...]
> Sent: Monday, January 02, 2012 12:48 AM
> To: 'Michael W. Lucas'
> Cc: flow-tools@...
> Subject: RE: [Flow-tools] how can I create a new netflow file to save   these   filter flow ?
> 
> Hi ml
> Are you mean
> # flow-cat ft-* | flow-nfilter  ft-v05.2010-05-09.190301+0800 >
> newfilter.txt
> But it's can work ,am I missing anything  ??
> 
> Cheers,
>   unioj
> -----Original Message-----
> From: Michael W. Lucas [mailto:mwlucas@...]
> Sent: Wednesday, December 28, 2011 10:56 AM
> To: uniojnqoifazy
> Cc: flow-tools@...
> Subject: Re: [Flow-tools] how can I create a new netflow file to save these
> filter flow ?
> 
> flow-cat ft-* | flow-nfilter ... > ft-newfile
> 
> ==ml
> 
> 
> On Wed, Dec 28, 2011 at 10:45:26AM +0800, uniojnqoifazy wrote:
> > Hi all,
> > Have any command line tool can do it ?
> >
> >
> > Cheers,
> > Unioj
> >
> > -----Original Message-----
> > From: Joe Loiacono [mailto:jloiacon@...]
> > Sent: Wednesday, December 28, 2011 1:33 AM
> > To: uniojnqoifazy
> > Cc: flow-tools@...; flow-tools-bounces@...
> > Subject: Re: [Flow-tools] how can I create a new netflow file to save
> these
> > filter flow ?
> >
> > Hi,
> >
> > You might try FlowViewer, a web-based front-end to flow-tools. It provides
> > for easy reports and adjusting of filters, graphing filtered data, and
> > maintaining long-term graph sets (ala MRTG) for specified filters. And,
> > with respect to your question, the ability to preserve filters for future
> > application.
> >
> > See: http://ensight.eos.nasa.gov/FlowViewer/
> >
> > Joe
> >
> >
> >
> > From: "uniojnqoifazy" <uniojnqoifazy@...>
> > To:   <flow-tools@...>
> > Date: 12/27/2011 03:50 AM
> > Subject:      [Flow-tools] how can I create a new netflow file to save
> > these
> >             filter flow ?
> > Sent by:      flow-tools-bounces@...
> >
> >
> >
> >
> >
> > Hi all,
> > I have retrieve some flow data by flow-print ,
> > But now how can I create a new netflow file to save these filter flow ?
> >
> >
> >
> > Cheers,
> > Unioj _______________________________________________
> > Flow-tools mailing list
> > flow-tools@...
> > http://mailman.splintered.net/mailman/listinfo/flow-tools
> >
> > _______________________________________________
> > Flow-tools mailing list
> > flow-tools@...
> > http://mailman.splintered.net/mailman/listinfo/flow-tools
> 
> --
> Michael W. Lucas
> http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
> Latest book: Network Flow Analysis http://www.networkflowanalysis.com/
> mwlucas@..., Twitter  <at> mwlauthor
> 
> _______________________________________________
> Flow-tools mailing list
> flow-tools@...
> http://mailman.splintered.net/mailman/listinfo/flow-tools

--

-- 
Michael W. Lucas 	
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: Network Flow Analysis http://www.networkflowanalysis.com/
mwlucas@..., Twitter  <at> mwlauthor
Permalink | Reply | 0 comments |
headers
uniojnqoifazy | 5 Jan 2012 03:44
Picon

transform netflow file to rrd file using flow-tool

Hi all,

Can I transform netflow file to rrd file using flow-tool ?

 

How  ?

 

 

 

Please anyone can help me !

 

 

Cheers,

unioj

 

 

_______________________________________________
Flow-tools mailing list
flow-tools@...
http://mailman.splintered.net/mailman/listinfo/flow-tools
Permalink | Reply | 1 comment |
headers
Joe Loiacono | 5 Jan 2012 16:07
Favicon

Re: transform netflow file to rrd file using flow-tool

I've never used it, but there is a tool called  flow-rpt2rrd:

"The flow-rpt2rrd utility processes the CSV output of flow-report into RRDtool format. The aggregates for a key are each stored as a DS in RRD filename {rrd_path,"/",key,rrd_postfix,".rrd"}. By default a DS is created for flows, octets, and packets. The key must be specified, for example an ip-port report could use smtp,nntp,ssh,telnet as the keys which would create a separate RRD for each key."

Also - FlowViewer does this for you using the FlowTracker capability.

http://ensight.eos.nasa.gov/FlowViewer/

Joe



From:        "uniojnqoifazy" <uniojnqoifazy-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To:        <flow-tools-ojNDMRNHqGVygxfI3sfyqtHuzzzSOjJt@public.gmane.org>
Date:        01/04/2012 09:45 PM
Subject:        [Flow-tools] transform netflow file to rrd file using flow-tool
Sent by:        flow-tools-bounces-ojNDMRNHqGVygxfI3sfyqtHuzzzSOjJt@public.gmane.org



Hi all,
Can I transform netflow file to rrd file using flow-tool ?
 
How  ?
 
 
 
Please anyone can help me !
 
 
Cheers,
unioj
 
 _______________________________________________
Flow-tools mailing list
flow-tools-PZzQvgnt7zHEueBKFXcDjA@public.gmane.org
http://mailman.splintered.net/mailman/listinfo/flow-tools 
_______________________________________________
Flow-tools mailing list
flow-tools@...
http://mailman.splintered.net/mailman/listinfo/flow-tools
Permalink | Reply | 0 comments |
headers
Konstantin V. Krotov | 11 Jan 2012 08:08
Picon
Favicon

how generate report in/out byte per each host on some net

hello list!
i have a some question:
how generate report incoming /outgoing  byte per each host from some net 
with minimal overhead: (flow-cat -> flow-nfilter -> flow-stat or 
flow-report)?
example pls.

--

-- 
WBR, Konstantin V. Krotov
CJSs "Information Systems"
mailto: kkv@...
phone: +7 (8332) 51-35-95
Permalink | Reply | 1 comment |
headers
Joe Loiacono | 11 Jan 2012 15:48
Favicon

Re: how generate report in/out byte per each host on some net

flow-tools-bounces-ojNDMRNHqGVygxfI3sfyqtHuzzzSOjJt@public.gmane.org wrote on 01/11/2012 02:08:11 AM:

> hello list!
> i have a some question:
> how generate report incoming /outgoing  byte per each host from some net
> with minimal overhead: (flow-cat -> flow-nfilter -> flow-stat or
> flow-report)?
> example pls.

From FlowViewer, I captured the output, and the intermediate filter files. Here's the results from a typical query you are asking for:

If you're using flow-tools, FlowViewer is a web-based front end. Makes things easy and is a quick install. See: http://ensight.eos.nasa.gov/FlowViewer/



*** Report for 'out': (flow-stat -f9) *****************

      Report: Source IP                                        Sort Field: 4  
  Start Time: January 10, 2012 11:00:00 GMT                      End Time: January 10, 2012 12:00:00 GMT  
      Device: xyz-core-01a                                       Exporter:                                          
      Source: 192.168.237.0/24                                Destination:                                          
 Source Port:                                            Destination Port:                              
  Source I/F:                                             Destination I/F:                                          
   Source AS:                                              Destination AS:                                          
   TOS Field:                                                    TCP Flag:                                          
  Include if: Any part of flow in Time Period                   Protocols:                            
Lines Cutoff: 100                                           Octets Cutoff:            
       

Host             Flows               Octets              Packets            

192.168.237.34   235                 5.96 GB             4510866            
192.168.237.35   315                 5.65 GB             4223478            
192.168.237.33   8                   5.00 GB             3622967            
192.168.237.32   13                  2.40 GB             1814986            
192.168.237.31   11                  54.58 MB            39584              
192.168.237.41   246                 62.35 KB            1190              
192.168.237.42   245                 62.09 KB            1185              
192.168.237.25   595                 34.86 KB            595                


*** Filter: *******

filter-primitive source_address
  type ip-address-prefix
  permit 198.118.237.0/24
  default deny
filter-primitive start_flows
  type time-date
  permit ge January 10, 2012 11:00:00
  default deny
filter-primitive end_flows
  type time-date
  permit lt January 10, 2012 12:00:00
  default deny
 
filter-definition Flow_Filter
  match ip-source-address source_address
  match end-time start_flows
  match start-time end_flows





*** Report for 'in': (flow-stat -f8) *****************        

      Report: Destination IP                                   Sort Field: 4  
  Start Time: January 10, 2012 11:00:00 GMT                      End Time: January 10, 2012 12:00:00 GMT  
      Device: xyz-core-01a                                       Exporter:                                          
      Source:                                                 Destination: 192.168.237.0/24                          
 Source Port:                                            Destination Port:                              
  Source I/F:                                             Destination I/F:                                          
   Source AS:                                              Destination AS:                                          
   TOS Field:                                                    TCP Flag:                                          
  Include if: Any part of flow in Time Period                   Protocols:                            
Lines Cutoff: 100                                           Octets Cutoff:            
       

Host             Flows               Octets              Packets            

192.168.237.33   38                  126.12 MB           2297416            
192.168.237.34   235                 107.15 MB           2150520            
192.168.237.35   315                 105.41 MB           2083491            
192.168.237.32   13                  42.80 MB            855540            
192.168.237.31   11                  1.34 MB             22204              
192.168.237.41   253                 106.45 KB           1150              
192.168.237.42   247                 105.52 KB           1140              
192.168.237.25   595                 26.73 KB            595



***  Filter: *******

filter-primitive dest_address
  type ip-address-prefix
  permit 192.168.237.0/24
  default deny
filter-primitive start_flows
  type time-date
  permit ge January 10, 2012 11:00:00
  default deny
filter-primitive end_flows
  type time-date
  permit lt January 10, 2012 12:00:00
  default deny
 
filter-definition Flow_Filter
  match ip-destination-address dest_address
  match end-time start_flows
  match start-time end_flows


                
_______________________________________________
Flow-tools mailing list
flow-tools@...
http://mailman.splintered.net/mailman/listinfo/flow-tools
Permalink | Reply | 0 comments |

Gmane