[EMAIL PROTECTED] wrote on 01/30/2007 11:56:13 PM:
> [snip]
>
> Lastly, can someone here suggest a way to know who is consuming the
> traffic we are seeing in our MRTG graphs?
> For example, our upstream provider A, at around 1:00 pm has reached
> 30M in MRTG scale. Given that the data source for this graph is the
> serial interface of our router facing the upstream provider A, how
> should I go about it using one of the flow-tools? Should I flow-cat
> the 12:00-1:00 pm flows and then flow-stat them or something?
Assuming your interface is indexed "1" you could:
flow-cat -m -t "01/29/2007 11:44:59" -T "01/29/2007 13:30:01"
/flows/your_router/2007/2007-01/2007-01-29 | flow-nfilter -f FlowFilter
-FFlow_Filter | flow-stat -f10 -S3
Having earlier created a FlowFilter file:
filter-primitive source_if
type ifindex
permit 1
default deny
filter-primitive start_flows
type time-date
permit ge January 29, 2007 12:00:00
default deny
filter-primitive end_flows
type time-date
permit lt January 29, 2007 13:00:00
default deny
filter-definition Flow_Filter
match input-interface source_if
match end-time start_flows
match start-time end_flows
OR:
Let FlowViewer do all of this for you :-)
http://ensight.eos.nasa.gov/FlowViewer
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
