On Nov 30, "jing shen" wrote:
> >> so, I want flow-tools to process all this flows in only one
> >> file-->[ft-v05.2004-11-29.085000-0500] on a especified
> >> directory-->[/var/local/flows].....Can floot-capture do that?
>
> > I don't think it can do that. The best thing to do is write a script that
> > flow-cat's the 3 files into one and put that script into cron to have it
> > done every 15 minutes.
>
> Would you please explain a little further?
>
> I met the same question that, I collected netflow output from several
> router, each stored under different directory. The time stamp of those
> file is the same. I want to know the overall statistics of those
> router. But if I run flowscan on each directly consequently, I run to
> problem of new-record-older-than-original-record.
>
> I don't know how to process those file with same time stamp
> concurrently.
I haven't used flowscan, but maybe what you want is flow-merge.
(From the man page)
DESCRIPTION
The flow-merge utility processes files and/or directories of files in
the flow-tools format. The resulting merged data set is written to the
standard output or file specified by -o. If file is a single dash
(`-') or absent, flow-merge will read from the standard input. Unlike
flow-cat, flow-merge interleaves flow records preserving the relative
chronological order.
So you can say
flow-merge /dir1/ft-v05.2004-11-30.064501-0800
/dir2/ft-v05.2004-11-30.064501-0800 /dir3/ft-v05.2004-11-30.064501-0800
And it's supposed to output the flows in chronological order.
Let us know if it works,
Mike
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
