I would like the mailing list to help give me a sanity check on the way the raw flow files work in
I have cflowd running and it is recieving information from two routers. In my cflowd.conf file
I have each raw flow file as being of size 1,000,000 bytes. And there are 10 files per router. The
files are named xxx.xxx.xxx.a.flows.n and xxx.xxx.xxx.b.flows.n. With a & b being the two routers
and n being an integer zero to 9 for each one of the ten raw flow files.
I am running cflowd with Dave Plonka's Flowscan patch, so of course I also have the files
flows.yyyymmdd_hh:mm:ss-0500 and flows.current. From my understanding the flows.timestamp file
contains the current flows as they are being recieved, the flows.current file has the previous
flows that were recieved for the previous time period.
Here are the questions:
1) What I do not get is, what exactly is in the 20 (10 for each router) raw flow files that are
supposedly memory mapped raw flow files?
2) Are these just the flow files that are in the buffer that havent been pushed off the queue
3) What would be the difference between running a script on the flow.current compared to the
flow.timestamp, compared to the other 20?
4) How can I find the time range covered by the 20 raw flow files?
Thanks for your time, any replies are welcome
Academic Computing & Networking Services
Florida State University
Do You Yahoo!?
Send your FREE holiday greetings online!
-- cflowd mailing list firstname.lastname@example.org
This archive was generated by hypermail 2b29 : Fri Dec 28 2001 - 13:08:36 PST