Re: [Cflowd] Raw Files and Rules

From: Goncalo Costa (goncalo.costa@kpnqwest.pt)
Date: Tue Jun 04 2002 - 03:25:50 PDT

Next message: Hendrik Visage: "Re: [Cflowd] Raw Files and Rules"

Previous message: Darren Ward: "RE: [Cflowd] Protocol analysis by Network"
In reply to: Darren Ward: "[Cflowd] Raw Files and Rules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

>> Hi All,
>>
>> I have cflowd and cfdcollect running fine but have decided that I want to
>> use the raw flow files and do some aggregation on my own.
>>
>> Problem is I'm not exactly sure how the flow files are used and what rules
>> to apply to them.
>>
>> From what I understand each file is overwritten as each one fills up on an
>> ongoing basis:
>>
>> flow.0 file may be the current flow file and when it reaches the limit
>> then flow.1 is used and so on until the last file flow.x is used and it
>> goes back and overwrites flow.0
>>
>> Is this correct or am I way off base?
>>

If I remember correctly IP.flows.N files are rotated like this:
(fixed width font)

T0 T1

IP.flow.0 -+ IP.flow.0 *new file*
            \
             \
IP.flow.1 -+ +-> IP.flow.1
            \
             \
IP.flow.2 -+ +-> IP.flow.2
            \
             \
IP.flow.3 +-> IP.flow.3

Goncalo

_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd

Next message: Hendrik Visage: "Re: [Cflowd] Raw Files and Rules"
Previous message: Darren Ward: "RE: [Cflowd] Protocol analysis by Network"
In reply to: Darren Ward: "[Cflowd] Raw Files and Rules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jun 04 2002 - 03:39:27 PDT