Hi all. Does anyone know a way for additional optimization of raw netflow records, by merging all events during the *specified* period (i.e., 1 hour) having same src, dst and ports? The aim is to save disk space not loosing important information regarding traffic details. Actually, same operation is done inside of cisco box - but the aggregation time is too small in most cases. And further optimisation in a dedicated high-performance computer seems to be quite feasible.
"flow-report" does not solve the problem because I need to have *raw* data for further analysis: scan detection, etc. Alexey _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
