From: Hendrik Visage (hvisage@envisage.co.za)
Date: Tue Jun 04 2002 - 03:42:59 PDT
On Tue, Jun 04, 2002 at 11:25:50AM +0100, Goncalo Costa wrote:
>
> >> Hi All,
> >>
> >> I have cflowd and cfdcollect running fine but have decided that I want to
> >> use the raw flow files and do some aggregation on my own.
> >>
> >> Problem is I'm not exactly sure how the flow files are used and what rules
> >> to apply to them.
> >>
> >> From what I understand each file is overwritten as each one fills up on an
> >> ongoing basis:
> >>
> >> flow.0 file may be the current flow file and when it reaches the limit
> >> then flow.1 is used and so on until the last file flow.x is used and it
> >> goes back and overwrites flow.0
> >>
> >> Is this correct or am I way off base?
> >>
>
> If I remember correctly IP.flows.N files are rotated like this:
> (fixed width font)
>
> T0 T1
>
> IP.flow.0 -+ IP.flow.0 *new file*
> \
> \
> IP.flow.1 -+ +-> IP.flow.1
> \
> \
> IP.flow.2 -+ +-> IP.flow.2
> \
> \
> IP.flow.3 +-> IP.flow.3
I have a patch to make it timestamped.
>
>
> Goncalo
>
> _______________________________________________
> Cflowd mailing list
> Cflowd@caida.org
> http://login.caida.org/mailman/listinfo/cflowd
_______________________________________________
Cflowd mailing list
Cflowd@caida.org
http://login.caida.org/mailman/listinfo/cflowd
This archive was generated by hypermail 2.1.4 : Tue Jun 04 2002 - 03:53:28 PDT