Hello all
two questions on flow-xlate:
- It seems that the example in in the man page doesn't work.
The example should "Set the low 11 bits in the IP addresses to zero
unless the address is multicast or it belongs to the 192.88.99/24 network."
but it doesn't:
$ flow-cat sample.ft | flow-xlate -x
/home/ulisses/rediris/netflow/xlate_sample.cfg -X abilene_privacy | flow-print
| head
srcIP dstIP prot srcPort dstPort octets packets
158.49.117.98 62.15.127.218 6 6881 3888 1420 2
158.49.117.98 68.109.94.228 6 6881 64719 360 1
158.49.117.98 201.144.57.234 6 6881 2478 69 1
158.49.117.98 130.219.8.253 6 6881 9727 200 5
83.153.176.98 158.49.140.67 6 4064 25 1460 1
81.33.190.98 158.49.27.117 6 1782 46001 57 1
80.50.249.98 158.49.27.117 6 2650 6969 40 1
83.213.3.99 158.49.27.154 6 1044 90 40 1
81.38.23.99 158.49.118.158 6 13438 7111 1440 1
$ flow-print < sample.ft | head
srcIP dstIP prot srcPort dstPort octets packets
158.49.117.98 62.15.127.218 6 6881 3888 1420 2
158.49.117.98 68.109.94.228 6 6881 64719 360 1
158.49.117.98 201.144.57.234 6 6881 2478 69 1
158.49.117.98 130.219.8.253 6 6881 9727 200 5
83.153.176.98 158.49.140.67 6 4064 25 1460 1
81.33.190.98 158.49.27.117 6 1782 46001 57 1
80.50.249.98 158.49.27.117 6 2650 6969 40 1
83.213.3.99 158.49.27.154 6 1044 90 40 1
81.38.23.99 158.49.118.158 6 13438 7111 1440 1
any hint? any working example file?
- The other question on flow-xlate, when aggregating host flows into
subnet flows, other than anonymizing at subnet level, does flow-xlat does
also data reduction? That is, can I reduce the netflow v5 file size
using
ip-source-address-to-network/ip-destination-address-to-network/
ip-source-address-to-class-network/ip-destination-address-to-class-network/
ip-address-privacy-mask
and converting to netflow v8?
Thanks in advance
Ulisses
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
