Hi,
I just upgraded, an all seems to be working well. Using the new graphs.mf
file, I now have the graphs/date directory, which has a file for each
network i have, and the top in/out for each of those local networks.
But, I don't see anything created that shows the top ASN's in/out, that
would use asn.txt, etc.
Am I missing something, or is this output not included?
Thanks,
Jeff
On Wed, Feb 28, 2001 at 04:04:15PM -0600, Dave Plonka typed:
>
> cflowd users,
>
> I'm pleased to announce the release of `FlowScan-1.006'.
> `FlowScan' is a tool to monitor and graph flow information from
> Cisco and Riverstone routers in near real-time.
>
> Amonst many other things, `FlowScan' can measure and graph
> traffic for applications such as Napster. A sample of what
> FlowScan can do is at:
>
> http://wwwstats.net.wisc.edu
>
> Changes in FlowScan-1.006 (since FlowScan-1.005)
> * The CampusIO and SubNetIO reports were enhanced with a new
> optional configuration directive: `TopN'. When defined, this
> directive causes "Top Talker" reports to be produced. These
> HTML reports contain the most active (i.e. "top") source and
> destination addresses.
>
> * The CampusIO and SubNetIO reports were enhanced to record the
> number of local IP addresses that where active for each
> network and subnet into the RRD files. This enables users to
> estimate the number of active hosts hosts over time, detect
> "scans" which systematically sweep across network address
> space, and to calculate the average bytes, packets, and
> flows per host.
>
> * The template Makefile used to produce the graphs was enhanced to
> allow the inclusion of "events" in the graphs, similarly to
> what can be done with Cricket. This allows you to label
> events such as configuration changes and outages to discover
> correlations with traffic measurement.
>
> * Two new utilities suitable for stand-alone use, are included.
> <kbd>ip2hostname</kbd> converts IP addresses to their
> respective hostnames. <kbd>event2vrule</kbd> adds "events"
> to `rrdtool' graphs.
>
> * Added support for LFAP (Lightweight Flow Accouting Protocol)
> used by Riverstone and Enterasys (formerly Cabletron)
> routers. This currently requires `slate' (from
> `http://www.nmops.org') and `lfapd' by Steven Premeau
> <premeau@uwp.edu>. `lfapd' produces time-stamped raw flow
> files in the same cflowd-defined format that is processed by
> FlowScan.
>
> * Added the ability for the `CampusIO' report to identify outbound
> flows based solely on the flow's destination IP address.
> While this is less trustworthy than using `NextHops' or
> `OutputIfIndexes', it is now the default and will be useful
> for environments where the flow nexthop or output ifIndex
> values are not meaningful.
>
> * The `CampusIO' report contains a new experimental feature which
> reads a BGP routing table, and therefore can determine which
> Autonomous systems source, transit, or sink most of your
> institution's traffic. The `CampusIO' report was enhanced
> with new optional configuration directives: `BGPDumpFile',
> `TopN', `ReportPrefixFormat'. When properly defined, these
> directives cause `CampusIO' to create tabular HTML reports
> named `{origin|path}_{in|out}.html' under `OutputDir' after
> analyzing each raw flow file. These reports show the "top"
> Autonomous Systems with which your site exchanges traffic.
>
> * A `WebProxyIfIndex' directive was added to the `CampusIO'
> report. This allows one to specify the index of the
> interface to which HTTP traffic is being transparently
> redirected. This enables `FlowScan' to properly count HTTP
> flows even though NetFlow v5 does not accurately report the
> nexthop value for flows which are transparently redirected
> via a Cisco route-map.
>
> * `CampusIO' now contains a fix for a bug introduced in `FlowScan-
> 1.005' which would sometimes cause perl to abort with this
> message:
>
> patricia.c:645: patricia_lookup: Assertion `prefix' failed.
>
> This would happen if the `NextHops' or `LocalNextHops' were
> specified by name rather than IP address. It also would
> happen if the boulder `SUBNET' values were specified
> incorrectly.
>
> Availability
> FlowScan is licensed under the GNU General Public License, and
> is available to you at:
>
> http://net.doit.wisc.edu/~plonka/FlowScan/
>
> Mailing Lists
> There are two mailing lists having to do with FlowScan:
>
> * flowscan
> a general mailing list for FlowScan users.
>
> * flowscan-announce
> a low-volume, restricted post mailing list to keep FlowScan
> users informed of news regarding FlowScan.
>
> The lists' respective archives are available at:
>
> http://net.doit.wisc.edu/~plonka/list/flowscan
>
> and:
>
> http://net.doit.wisc.edu/~plonka/list/flowscan-announce
>
> Announcements will be "cross-posted" to both lists, so there's
> no need to join both.
>
> These lists are hosted by the Division of Information
> Technology's Network Engineering Technology group at the
> University of Wisconsin - Madison. To subscribe to either of
> them, send email to:
>
> majordomo@net.doit.wisc.edu
>
> containing either:
>
> subscribe flowscan
>
> *or*:
>
> subscribe flowscan-announce
>
> You should receive an automatic response that will request that
> you verify your request to become a member of the list, to which
> you must reply with the authentication information there-in.
> Then, in response to your reply, you should receive a welcome
> message. If you have any questions about the administrative
> policies of this list's manager, please contact:
>
> owner-flowscan@net.doit.wisc.edu
>
> *or*:
>
> owner-flowscan-announce@net.doit.wisc.edu
>
> FlowScan Resources
> Overview:
>
> http://www.caida.org/tools/utilities/flowscan/
>
> Paper - "FlowScan: A Network Traffic Flow Reporting and
> Visualization Tool":
>
> HTML: http://net.doit.wisc.edu/~plonka/lisa/FlowScan/
> PostScript: http://net.doit.wisc.edu/~plonka/lisa/FlowScan/out.ps.gz
>
> http://www.caida.org/tools/utilities/flowscan/
>
> LISA XIV (New Orleans, Dec. 2000) Presentation:
>
> http://net.doit.wisc.edu/~plonka/lisa/FlowScan/presentation/
>
> NANOG 21 (Atlanta, Feb. 2001) Presentation:
>
> http://www.nanog.org/mtg-0102/plonka.html
> http://net.doit.wisc.edu/~plonka/nanog/
>
> Other:
>
> http://wwwstats.net.wisc.edu
> http://net.doit.wisc.edu/data/Napster/
> http://net.doit.wisc.edu/data/flow/size/
>
> Contributors
> Alexander Kunz <Alexander.Kunz@nextra.de>
> Kevin Gannon <kevin@gannons.net>
> John Payne <john@sackheads.org>
> Michael Hare <Michael.Hare@doit.wisc.edu>
> Steven Premeau <premeau@uwp.edu>
>
> Thanks
> I'd like to thank the participants in the FlowScan mailing list
> for their efforts and feedback.
>
> Also, thanks to Daniel McRobb, Tobi Oetiker, and CAIDA for
> providing the main tools upon which FlowScan is built, namely
> "cflowd" and "RRDTOOL".
>
> Copyright and Disclaimer
> Note that this document is provided `as is'. The information
> in it is not warranted to be correct. Use it at your own
> risk.
>
> Copyright (c) 2000-2001 Dave Plonka <plonka@doit.wisc.edu>.
> All rights reserved.
>
> This document may be reproduced and distributed in its
> entirety (including this authorship, copyright, and
> permission notice), provided that no charge is made for the
> document itself.
>
> --
> plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
> --
> cflowd mailing list
> cflowd@caida.org
>
-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Wed Feb 28 2001 - 21:49:01 PST