Re: [Cflowd] format of the cflowd flow files!

From: Yew Jin CHUA (yewjin@hotpop.com)
Date: Mon Jun 24 2002 - 10:39:57 PDT

  • Next message: Jerome Bertsch: "[Cflowd] snmp and netflow"

    hi,

            They are in raw format. Read the faq on cflowd web site, it tells you most of the things. Below is a section from the faq that may interest you.

    --
    Q: What are popular ways to read and/or post-process NetFlow data?
    

    A: Here are a few:

    Use CAIDA's cflowd, and its accompanying flowdump util

    Use cflowd, and Dave Plonka's Cflow.pm perl module: http://net.doit.wisc.edu/~plonka/Cflow/ which comes with a sample perl script called "flowdumper" which mimics flowdump, but shows you how to use the perl API to access the NetFlow flow fields. Use the Ohio State University "flow-tools" package by Mark Fullmer, etc. (You can find that and more linked from here: http://www.switch.ch/tf-tant/floma/software.html#netflow --

    On Mon, Jun 24, 2002 at 05:27:40PM +0100, Warren Daly wrote: | Please help, what format are the cflowd flow files in? | Here is my setup: | | root 5835 1 0 17:09 ? 00:00:00 | /usr/local/arts/sbin/cflowdmux /usr/local/arts/etc/cflowd.conf | root 5942 1 0 17:10 ? 00:00:00 | /usr/local/arts/sbin/cflowd -s 60 -O 0 -m | /usr/local/arts/etc/cflowd.conf | | and my conf file: | | OPTIONS { | LOGFACILITY: local6 | TCPCOLLECTPORT: 2055 | TABLESOCKFILE: /home/flowscan/cflowdtable.socket | FLOWDIR: /home/flowscan/flows | FLOWFILELEN: 1000000 | NUMFLOWFILES: 10 | MINLOGMISSED: 300 | } | CISCOEXPORTER { | HOST: 193.x.xxx.x | ADDRESSES: { 193.x.x.x, 193.x.x.x, 193.x.x.x } # Addresses of | interfaces on Cisco | CFDATAPORT: 2055 | COLLECT: { protocol, portmatrix, ifmatrix, nexthop, | netmatrix, | asmatrix, tos, flows } | } | COLLECTOR { | HOST: 193.1.xxx.xxx | AUTH: none | } | | now here are the cflowd files in /home/flowscan/flows/ | -rw-r--r-- 1 root root 110 Jun 24 17:11 | flows.20020624_17:11:59+0100 | -rw-r--r-- 1 root root 550 Jun 24 17:12 | flows.20020624_17:13:01+0100 | -rw-r--r-- 1 root root 110 Jun 24 17:13 | flows.20020624_17:14:02+0100 | -rw-r--r-- 1 root root 495 Jun 24 17:14 | flows.20020624_17:15:03+0100 | -rw-r--r-- 1 root root 110 Jun 24 17:15 | flows.20020624_17:16:05+0100 | -rw-r--r-- 1 root root 495 Jun 24 17:16 | flows.20020624_17:17:07+0100 | | when I open then with VI I see this! Is this the correct format? Should | I see this in tabular format in plain english? | | ^@^A^A^Aq^A¢^@^A^@!^@^@^H^@^@^@^@ | ^@^@^E^@^A| | =^WD(=^WD@^A^@^@^@^@^@^Y^^^P^@^@^@^A^A^Aq^A~^^@^A^@^]^@^@^H^@^@ | ^@^@ | ^@^@^E^@^A~\=^WD(=^WD@^A^@^@^@^@^@^Y^^^P^@^@^@^A^A^Aq^A"^@^A^ | @#^@^@^H^@^@^@^@ | ^@^@^E^@^A | =^WD(=^WD@^A^@^@^@^@^@^Y^^^P^@^@^@^A^A^Aq^A~Z^@^A^@^Y^@^@^H^@^@ | ^@^@ | ^@^@^E^@^A~X=^WD(=^WD@^A^@^@^@^@^@^Y^^^P^@^@^@^A^A^Aq^A^R^@^A | ^@^_^@^@^H^@^@^@^@ | ^@^@^E^@^A^P=^WD(=^WD@^A^@^@^@^@^@^Y^^^P^@^@^@^A^A^Aq^A~V^@^A | ^@^U^@^@^H^@^@^@^@ | | Thank you, | Warren | | Warren Daly HEAnet Ltd. | Network Engineer Brooklawn House, | Tel:+353-1-660 9040 Crampton Avenue, | Fax:+353-1-660 3666 Shelbourne Rd,Dublin 4. | mailto:warren.daly@heanet.ie | Web: <http://www.heanet.ie> | | Note: If you have any difficulties in verifying the digital signature on | this message click: http://www.ezitrust.com/fetch/trustus.cgi | | | | |

    _______________________________________________ Cflowd mailing list Cflowd@caida.org http://login.caida.org/mailman/listinfo/cflowd



    This archive was generated by hypermail 2.1.4 : Mon Jun 24 2002 - 10:48:26 PDT