On Jan 26, 19:52, Andrew Kemp wrote:
> I was advocating the use of cflowd and related
> utils for this project, but a couple of other
> network engineers has raised a concern with
> "the summarisation that cflowd performs".
> Another consequence of this summaristaion is that
> "cflowd was considered deficient as it throws
> away too much data".
Use used to use the flow-* tools earlier but eventually decided to use
- Your colleagues are somewhat right, but cflowd can be made to capture
the complete flows, too. Just use Dave Plonka's patches:
- You can use the cflowd's flowdump to analyse the flows or use the C++
API to write your own tools. With the flow-* tools I ended up writing perl
scripts to analyse the flows, but C++ is definitely more efficient.
(I like both Perl and C++ but not unstructured C.)
- cflowd's separate process cflowdmux causes less packet loss and allows
to log every single missed flow.
-- Dr. Martin Horneffer -- Horneffer@rrz.uni-koeln.de -- cflowd mailing list firstname.lastname@example.org
This archive was generated by hypermail 2b29 : Fri Jan 26 2001 - 02:28:10 PST