On Aug 17, "Ross Wimmersberger" wrote: > I am curious to find out what you do with your netflow reporting system? > We were hoping to get a little more detail so if HTTP is spiking, find > out why, so I might be looking into the other reporting engine, but I am > curious to see what and how you all use it on a daily basis?
We use netflow to help diagnose what ips and/or ports are involved when there are network problems. We also use it to generate text-based departmental and campus-wide usage data. http://www.net.berkeley.edu/flow The script that makes these: http://lusArs.net/~mhunter/flow-pairs/flow-pairs-0.90.tar.gz One thing I also did that was cool was make a file hierarchy that breaks flows down as follows: ls /data/netflow.cron 0000 0015 0030 0045 0100 0115 ... 2330 2345 ls /data/netflow.cron/0000 128-32-1-0 128-32-2-0 128-32-3-0 128-32-3-128 128-32-4-0 ... 128-32-255-0 So if you're looking to find out what the heck happened at 2:30 yesterday on the 123 subnet, you can just look at /data/netflow.cron/1430/128-32-123-0 instead of having to "grep" out all the unwanted flows. You can also do ls -l | sort -n +4 to find out quickly if there's been badness on a subnet. I'm still working (every once in a while) on a whiz-bang graphing program. I got stuck trying to install flow-scan and haven't gotten back to it yet. Mike _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
