development again. 0.68 has new features and the patches I've digested
so far (still 5 months behind on the flow-tools mailing list).
New features:
Updated variable substitution and included flow-rptfmt in the distribution
which allows flow-report to be used easier from the command line. The
default stat.cfg allows flow-report to be used similar to the older
flow-stat.
% flow-cat . | flow-report -vTYPE=ip-protocol -vSORT=+octets -v\
OPTIONS=+names -vFIELDS=-duration# ['/usr/local/netflow/bin/flow-rptfmt', '-f', 'ascii'] ip-protocol flows octets packets tcp 1962045 25848369456 31686827 udp 315279 4644130206 7853648 gre 355 36646889 65755 icmp 68231 12011825 161405
Prefix preserving IP address anonymization with CryptoPAn. See http://www.cc.gatech.edu/computing/Telecomm/cryptopan/. 64 rounds of AES per flow really slows things down, next snapshot will have a faster implementation. Enable this by specifying --with-openssl to configure. Tested with OpenSSL 0.9.7d and OpenSSL 0.9.7b.
flow-rptfmt - format flow-report CSV output to ASCII and HTML. see http://www.splintered.net/sw/flow-tools/docs/flow-rptfmt.html
flow-rpt2rrd - converts flow-report CSV output to RRD's. If
you're trying to do RRDtool with really large flow data sets
this should be a lot lot faster than processing the flows in
perl. See http://www.splintered.net/sw/flow-tools/docs/flow-rpt2rrd.html
You'll need to install http://sourceforge.net/projects/py-rrdtool/
flow-log2rrd - converts STAT lines generated by flow-fanout and flow-capture to RRD's.
0.69 will have outstanding patches from the mailing list in the next few weeks, NetFlow V9 support will be after that.
* 5-11-2005 flow-tools 0.68 released.
* added flow-rpt2rrd - post process flow-report into RRD's.
* added flow-log2rrd - post process logs from
* added flow-rptfmt - post process flow-report into readable and HTML.
* ftstat.c s/psizr256/psize256/ - [EMAIL PROTECTED]
* rec_v5->engine_id not set properly in ftdecode.c - [EMAIL PROTECTED]
* --enable-lfs set flags for large file support - [EMAIL PROTECTED]
* Added CryptoPAn support to flow-xlate req by Abilene
* mailing list archive is available at mail-archive.com req by [EMAIL PROTECTED]
* flow-cat.c: progress debug output - [EMAIL PROTECTED]
* portability: gcc no longer supports goto label which label is at the end of a compound statement - Andreas Jochens <[EMAIL PROTECTED]>
* flow-stat.c: protect from divize by zero - should only happen on invalid
flows - - [EMAIL PROTECTED]
* flow-filter.c: exaddr filter - [EMAIL PROTECTED]
* ftxlate.c: tag-mask eval_tag_mask() not using correct offsets - Cougar <[EMAIL PROTECTED]> & [EMAIL PROTECTED]
* flow-send: default tx_delay to 0 like flow-fanout - [EMAIL PROTECTED]
* flow-export: debug should be global - [EMAIL PROTECTED]
* flow-report: path will accept spaces, ie |flow-rpt2rrd -p rrd -k 25
* flow-report: records is in rec1
* flow-fanout: did not set address family for receive fd - noted by [EMAIL PROTECTED]
* docs: add FILES section to man pages
* flow-report: -hh to list available reports
* flow-report, flow-tag, flow-xlate, flow-nfilter. Run-time variable
expansion of the form @VAR or @{VAR:default} for config files.* flow-receive: dropped inline tagging and nfilter support
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
