Hello all, Each end day i'm generating reports using flow-stat -f11. That's the script that I use:
#!/bin/sh one_day_ago=`/bin/date --date='1 day ago' +%Y%m%d` rep_flows_courant=`/bin/date --date='1 day ago' "+/export2/netflows/%Y/%Y-%m/%Y-%m-%d/*"` /usr/local/netflow/bin/flow-merge $rep_flows_courant | /usr/local/netflow/bin/flow-nfilter -f /usr/local/scripts/nfilter.cfg -F backupmatch | /usr/local/netflow/bin/flow-stat -f11 > /export2/netflows/flow-stat/$one_day_ago.log Not sure if its the best way but it was setup that way by another collegue that left. I'm my filter file : filter-primitive backuphosts type ip-address deny x.x.x.x deny x.x.x.x deny x.x.x.x default permit filter-definition backupmatch match ip-source-address backuphosts match ip-destination-address backuphosts I think that's pretty basic. So each day I get these values and at the end of the month with these values I can calculate the bandwith used by each machine on my network. From my calculation one of the machine generated 257gig for Janurary. So far I think everything is fine. Where my question comes is that recently I generated a report for a single machine to get a breakdown of the traffic for that machine with all the ports for Janurary. I've went into the directory of the flows and i've run that command : /usr/local/netflow/bin/flow-cat */* | /usr/local/netflow/bin/flow-nfilter -f /usr/local/scripts/filter_ncc.cfg -F ncc | /usr/local/netflow/bin/flow-stat -f7 -s2 That's the filter file used : filter-primitive ncc_host type ip-address permit x.x.x.x (Server) deny x.x.x.x (Backup machine) default deny filter-definition ncc match ip-source-address ncc_host or match ip-destination-address ncc_host So this gives me all the ports with the bytes transfered for the given day for all the ports UDP or TCP. So basically if I put all these lines in excel and do a SUM of the column bytes, and I get 546gig for January. Why is there a difference in the values ? flow-stat -f11 gives me 257gig and flow-stat -f7 546gig. Is there something that I've done wrong ? Thanks for any help ! _________________________________________________ Eric Rousse Versus� 2050, rue De Bleury, bureau 520 Montr�al (Qu�bec) H3A 2J5 Canada T�l.: 514.284.9001 ext. 221 Fax: 514.284.9002 _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
