Victor Perez Roche wrote:
...
I'm starting with flow-tools, and i have a problem. Our org. connection is
nowadays generating over 3500 flows per second. (One day ~ 6 Gb of data)
I've test queries with flow-cat | flow-print... etc, and i've noticed that
this way is too slow for our goals. We want to do aggregation queries over
netflow data to detect worm infections into the intranet and other
characterizations of the hots.
I think that maybe inserting the netflow data into a mySQL database could
help... anyone has tried to do something like this?
...
Here's a Usenix paper reporting successful use of RDB's for netflows:
http://www.usenix.org/publications/library/proceedings/lisa2000/navarro.html
Note however that their network had a far lower flow
rate than yours.
--
Ed Kubaitis - [EMAIL PROTECTED]
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
