On Apr 28, 2008, at 4:41 PM, [EMAIL PROTECTED] wrote:
Curious how the netflow data got stored in those files originally?
I.e., what format are they in? ASCII?
Netflow data arrives at a collector as a series of UDP packets with
PDUs in the v5 format. A typical collector breaks apart the payload
and stores it in some format.
If it is ASCII (or cflowd), flow-import will be able to create flow-
tools data from it.
Joe
Sorry--somehow left off the subject line. Here it is again.
On Apr 28, 2008, at 3:17 PM, Glenn Hochberg wrote:
> I have some raw netflow v5 data in some files. These are not flow-
> tools format files--just raw netflow. Is it possible to feed these
> into the flow-tools commands such as flow-print somehow?
>
> Thanks!
>
> -Glenn Hochberg
>
Fair question (as to how they got stored in the files), but I don't
know the answer. There are collectors somewhere in another
organization that store what appears to be the raw PDUs in v5 format
(i.e. binary).
It appears to start with the Netflow V5 header, etc.
In that case is there a way to transform it to the flow-tools
format? Where is the flow-tools format described, for that matter,
if you know (or if anyone else on the list does)?
Thanks.
--Glenn
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
