Raw flow files

From: Liger-dc (liger_dc@yahoo.com)
Date: Fri Dec 28 2001 - 12:51:22 PST

  • Next message: fingers: "problems building on a Sun"

    I would like the mailing list to help give me a sanity check on the way the raw flow files work in
    cflowd.
       I have cflowd running and it is recieving information from two routers. In my cflowd.conf file
    I have each raw flow file as being of size 1,000,000 bytes. And there are 10 files per router. The
    files are named xxx.xxx.xxx.a.flows.n and xxx.xxx.xxx.b.flows.n. With a & b being the two routers
    and n being an integer zero to 9 for each one of the ten raw flow files.
      
       I am running cflowd with Dave Plonka's Flowscan patch, so of course I also have the files
    flows.yyyymmdd_hh:mm:ss-0500 and flows.current. From my understanding the flows.timestamp file
    contains the current flows as they are being recieved, the flows.current file has the previous
    flows that were recieved for the previous time period.

    Here are the questions:
     
       1) What I do not get is, what exactly is in the 20 (10 for each router) raw flow files that are
    supposedly memory mapped raw flow files?
       2) Are these just the flow files that are in the buffer that havent been pushed off the queue
    yet?
       3) What would be the difference between running a script on the flow.current compared to the
    flow.timestamp, compared to the other 20?
       4) How can I find the time range covered by the 20 raw flow files?

    Thanks for your time, any replies are welcome

    =====
    Edson Manners
    Academic Computing & Networking Services
    Florida State University

    __________________________________________________
    Do You Yahoo!?
    Send your FREE holiday greetings online!
    http://greetings.yahoo.com

    --
    cflowd mailing list
    cflowd@caida.org
    



    This archive was generated by hypermail 2b29 : Fri Dec 28 2001 - 13:08:36 PST