Re: ANNOUNCE: FlowScan-1.006 released

From: Jeffrey Meltzer (meltzer@villageworld.com)
Date: Wed Feb 28 2001 - 21:19:09 PST

  • Next message: Rich Norderhaug: "Re: Problems compiling Cflowd (cflowd-2-1-b1) - SOLUTION"

    Hi,

    I just upgraded, an all seems to be working well. Using the new graphs.mf
    file, I now have the graphs/date directory, which has a file for each
    network i have, and the top in/out for each of those local networks.
    But, I don't see anything created that shows the top ASN's in/out, that
    would use asn.txt, etc.

    Am I missing something, or is this output not included?

    Thanks,

    Jeff

    On Wed, Feb 28, 2001 at 04:04:15PM -0600, Dave Plonka typed:
    >
    > cflowd users,
    >
    > I'm pleased to announce the release of `FlowScan-1.006'.
    > `FlowScan' is a tool to monitor and graph flow information from
    > Cisco and Riverstone routers in near real-time.
    >
    > Amonst many other things, `FlowScan' can measure and graph
    > traffic for applications such as Napster. A sample of what
    > FlowScan can do is at:
    >
    > http://wwwstats.net.wisc.edu
    >
    > Changes in FlowScan-1.006 (since FlowScan-1.005)
    > * The CampusIO and SubNetIO reports were enhanced with a new
    > optional configuration directive: `TopN'. When defined, this
    > directive causes "Top Talker" reports to be produced. These
    > HTML reports contain the most active (i.e. "top") source and
    > destination addresses.
    >
    > * The CampusIO and SubNetIO reports were enhanced to record the
    > number of local IP addresses that where active for each
    > network and subnet into the RRD files. This enables users to
    > estimate the number of active hosts hosts over time, detect
    > "scans" which systematically sweep across network address
    > space, and to calculate the average bytes, packets, and
    > flows per host.
    >
    > * The template Makefile used to produce the graphs was enhanced to
    > allow the inclusion of "events" in the graphs, similarly to
    > what can be done with Cricket. This allows you to label
    > events such as configuration changes and outages to discover
    > correlations with traffic measurement.
    >
    > * Two new utilities suitable for stand-alone use, are included.
    > <kbd>ip2hostname</kbd> converts IP addresses to their
    > respective hostnames. <kbd>event2vrule</kbd> adds "events"
    > to `rrdtool' graphs.
    >
    > * Added support for LFAP (Lightweight Flow Accouting Protocol)
    > used by Riverstone and Enterasys (formerly Cabletron)
    > routers. This currently requires `slate' (from
    > `http://www.nmops.org') and `lfapd' by Steven Premeau
    > <premeau@uwp.edu>. `lfapd' produces time-stamped raw flow
    > files in the same cflowd-defined format that is processed by
    > FlowScan.
    >
    > * Added the ability for the `CampusIO' report to identify outbound
    > flows based solely on the flow's destination IP address.
    > While this is less trustworthy than using `NextHops' or
    > `OutputIfIndexes', it is now the default and will be useful
    > for environments where the flow nexthop or output ifIndex
    > values are not meaningful.
    >
    > * The `CampusIO' report contains a new experimental feature which
    > reads a BGP routing table, and therefore can determine which
    > Autonomous systems source, transit, or sink most of your
    > institution's traffic. The `CampusIO' report was enhanced
    > with new optional configuration directives: `BGPDumpFile',
    > `TopN', `ReportPrefixFormat'. When properly defined, these
    > directives cause `CampusIO' to create tabular HTML reports
    > named `{origin|path}_{in|out}.html' under `OutputDir' after
    > analyzing each raw flow file. These reports show the "top"
    > Autonomous Systems with which your site exchanges traffic.
    >
    > * A `WebProxyIfIndex' directive was added to the `CampusIO'
    > report. This allows one to specify the index of the
    > interface to which HTTP traffic is being transparently
    > redirected. This enables `FlowScan' to properly count HTTP
    > flows even though NetFlow v5 does not accurately report the
    > nexthop value for flows which are transparently redirected
    > via a Cisco route-map.
    >
    > * `CampusIO' now contains a fix for a bug introduced in `FlowScan-
    > 1.005' which would sometimes cause perl to abort with this
    > message:
    >
    > patricia.c:645: patricia_lookup: Assertion `prefix' failed.
    >
    > This would happen if the `NextHops' or `LocalNextHops' were
    > specified by name rather than IP address. It also would
    > happen if the boulder `SUBNET' values were specified
    > incorrectly.
    >
    > Availability
    > FlowScan is licensed under the GNU General Public License, and
    > is available to you at:
    >
    > http://net.doit.wisc.edu/~plonka/FlowScan/
    >
    > Mailing Lists
    > There are two mailing lists having to do with FlowScan:
    >
    > * flowscan
    > a general mailing list for FlowScan users.
    >
    > * flowscan-announce
    > a low-volume, restricted post mailing list to keep FlowScan
    > users informed of news regarding FlowScan.
    >
    > The lists' respective archives are available at:
    >
    > http://net.doit.wisc.edu/~plonka/list/flowscan
    >
    > and:
    >
    > http://net.doit.wisc.edu/~plonka/list/flowscan-announce
    >
    > Announcements will be "cross-posted" to both lists, so there's
    > no need to join both.
    >
    > These lists are hosted by the Division of Information
    > Technology's Network Engineering Technology group at the
    > University of Wisconsin - Madison. To subscribe to either of
    > them, send email to:
    >
    > majordomo@net.doit.wisc.edu
    >
    > containing either:
    >
    > subscribe flowscan
    >
    > *or*:
    >
    > subscribe flowscan-announce
    >
    > You should receive an automatic response that will request that
    > you verify your request to become a member of the list, to which
    > you must reply with the authentication information there-in.
    > Then, in response to your reply, you should receive a welcome
    > message. If you have any questions about the administrative
    > policies of this list's manager, please contact:
    >
    > owner-flowscan@net.doit.wisc.edu
    >
    > *or*:
    >
    > owner-flowscan-announce@net.doit.wisc.edu
    >
    > FlowScan Resources
    > Overview:
    >
    > http://www.caida.org/tools/utilities/flowscan/
    >
    > Paper - "FlowScan: A Network Traffic Flow Reporting and
    > Visualization Tool":
    >
    > HTML: http://net.doit.wisc.edu/~plonka/lisa/FlowScan/
    > PostScript: http://net.doit.wisc.edu/~plonka/lisa/FlowScan/out.ps.gz
    >
    > http://www.caida.org/tools/utilities/flowscan/
    >
    > LISA XIV (New Orleans, Dec. 2000) Presentation:
    >
    > http://net.doit.wisc.edu/~plonka/lisa/FlowScan/presentation/
    >
    > NANOG 21 (Atlanta, Feb. 2001) Presentation:
    >
    > http://www.nanog.org/mtg-0102/plonka.html
    > http://net.doit.wisc.edu/~plonka/nanog/
    >
    > Other:
    >
    > http://wwwstats.net.wisc.edu
    > http://net.doit.wisc.edu/data/Napster/
    > http://net.doit.wisc.edu/data/flow/size/
    >
    > Contributors
    > Alexander Kunz <Alexander.Kunz@nextra.de>
    > Kevin Gannon <kevin@gannons.net>
    > John Payne <john@sackheads.org>
    > Michael Hare <Michael.Hare@doit.wisc.edu>
    > Steven Premeau <premeau@uwp.edu>
    >
    > Thanks
    > I'd like to thank the participants in the FlowScan mailing list
    > for their efforts and feedback.
    >
    > Also, thanks to Daniel McRobb, Tobi Oetiker, and CAIDA for
    > providing the main tools upon which FlowScan is built, namely
    > "cflowd" and "RRDTOOL".
    >
    > Copyright and Disclaimer
    > Note that this document is provided `as is'. The information
    > in it is not warranted to be correct. Use it at your own
    > risk.
    >
    > Copyright (c) 2000-2001 Dave Plonka <plonka@doit.wisc.edu>.
    > All rights reserved.
    >
    > This document may be reproduced and distributed in its
    > entirety (including this authorship, copyright, and
    > permission notice), provided that no charge is made for the
    > document itself.
    >
    > --
    > plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
    > --
    > cflowd mailing list
    > cflowd@caida.org
    >

    --
    cflowd mailing list
    cflowd@caida.org
    



    This archive was generated by hypermail 2b29 : Wed Feb 28 2001 - 21:49:01 PST