On Jul 21, "Alexey Lobanov" wrote: > Does anyone know a way for additional optimization of raw netflow > records, by merging all events during the *specified* period (i.e., 1 > hour) having same src, dst and ports? The aim is to save disk space not > loosing important information regarding traffic details. Actually, same > operation is done inside of cisco box - but the aggregation time is too > small in most cases. And further optimisation in a dedicated > high-performance computer seems to be quite feasible. > > "flow-report" does not solve the problem because I need to have *raw* > data for further analysis: scan detection, etc.
This is a very interesting idea! Sadly, I don't know of any way to do it :( Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
