[c-nsp] Netflow Processing Tools

Joe Loiacono jloiacon at csc.com
Wed Sep 21 10:08:37 EDT 2005 

Hi Lawrence,

I recently announced the availability of a flow-tools companion tool 
called FlowViewer on the flow-tools mailing list ( 
http://mailman.splintered.net/mailman/listinfo/flow-tools ). Granted it 
produces web-based text reports and not graphs at this time, it may still 
be useful to you.

http://ensight.eos.nasa.gov/FlowViewer/

FlowViewer makes analysis of netflow data quick and easy. The FlowViewer
user identifies filtering criteria and selects one of the flow-tools
reports. A single CGI script accepts the input, creates intermediate
flow-tools files, and produces the report.

The requirements for deploying the tool include Perl v5.0 or greater, a 
web
server with CGI, and flow-tools. The web server should be running on the
same machine as you are storing your flow-tools files. FlowViewer is
'un-tarred' into a cgi-bin directory, a small configuration file is
modified for your site's specifics, and you are off and running. A README
file contains more details.

I plan to release a follow-up, FlowGrapher, that creates graphs as well as 
text in response to user-provided selection criteria. The follow-up will 
require the Perl GD graphing package.

I've copied this and your request to the flow-tools list.

Thanks,

Joe Loiacono





Lawrence Wong <lawrencewong72
@yahoo.com>
Sent by: cisco-nsp-bounces
09/21/2005 08:24 AM
 
        To:     cisco-nsp at puck.nether.net
        cc: 
        Subject:        [c-nsp] Netflow Processing Tools


Hi everyone,

We have been using flow-tools to monitor my Cisco
routers. The Netflow records are recorded and stored
correctly.

We thinking of generating some graphs from these
archived netflow records and have looked at FlowScan &
CUFlow. However, from the "flowscan" manual, it
appears that this combination is more designed to run
in the background and process post 5mins flow records.

Does anyone have any idea/experience on how I can get
FlowScan/CUFlow to parse my 1 month's worth of old
flow records? At the same time, is it possible to
configure FlowScan/CUFlow such that it will parse new
flow records once a day instead of checking every 30s?

If FlowScan/CUFlow is not suitable to perform the
above, any recommendations on which flow-tools
compatible utility can achieve what I am trying to do?

Thanks in advance!


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list