Writing the raw flows to disk (thanks to Plonka's super sweet patch) I'm seeing over 1 Gig per hour being written to disk. Unfortunately this is a small data center, so I'm trying to optimize as best I can before moving this to a primary data center.
I'm trying to strike a balance between the # of flow files, their size, and optimal disk IO. I would appreciate if anyone else with a large amount of bandwidth being written by cflowd could chime in and describe their hardware setup and/or software config.
Here is the cflowd.conf file
OPTIONS {
LOGFACILITY: local6
TCPCOLLECTPORT: 2056
PKTBUFSIZE: 2097152
TABLESOCKFILE: /usr/local/arts/etc/cflowdtable.socket
FLOWDIR: /usr/local/arts/data/cflowd/flows
FLOWFILELEN: 100000
NUMFLOWFILES: 10
MINLOGMISSED: 1000
}
I also wanted to confirm that in the CISCOEXPORTER Section to collect all of the raw flows I only need
COLLECT: { flows }
and not
#COLLECT: { flows, protocol, portmatrix, netmatrix, asmatrix }
Thanks a lot!
- Jeffrey
-- Yahoo Network Engineering email: jeffrey@papen.com beep: page-jeffrey@papen.com work: 408-616-3897 fax: 408-530-5307 cell: 650-580-2684 page: 877-701-1126 Yahoo Messenger ID: jpapen -- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Wed Mar 07 2001 - 08:44:42 PST