[Cflowd] Raw Files and Rules

From: Darren Ward (darren.ward@nttaus.com.au)
Date: Mon Jun 03 2002 - 22:25:16 PDT

Next message: Paul Matthews: "[Cflowd] Protocol analysis by Network"

Previous message: JOSEPH EDWARD.: "[Cflowd] please kindly get back to me"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

I have cflowd and cfdcollect running fine but have decided that I want to
use the raw flow files and do some aggregation on my own.

Problem is I'm not exactly sure how the flow files are used and what rules
to apply to them.

From what I understand each file is overwritten as each one fills up on an
ongoing basis:

flow.0 file may be the current flow file and when it reaches the limit then
flow.1 is used and so on until the last file flow.x is used and it goes back
and overwrites flow.0

Is this correct or am I way off base?

Darren

_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd

Next message: Paul Matthews: "[Cflowd] Protocol analysis by Network"
Previous message: JOSEPH EDWARD.: "[Cflowd] please kindly get back to me"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 03 2002 - 22:37:54 PDT