Craig, Thanks for the 'flowd2ft' script to enable conversion between flowd V9 captures and flow-tools ft files ( http://mailman.splintered.net/pipermail/flow-tools/2009-March/003765.html )
From your accompanying email message of Mar 13, 2009: > Naturally it only supports for V5 fields (use 'record netflow-original' when setting up Cisco flexible netflow). Does this require that the exporter be set this way only? In other words, will 'flowd-reader -c' be able to take any v9 file and convert it for flow-tools (V5 only - which is OK), or just those exported with 'record netflow-original'? Second question: Do you have to be careful syncing up the cron times with the flowd file times? Many thanks! Joe From: Craig Weinhold <[email protected]> To: Adam Powers <[email protected]> Cc: "<[email protected]>" <[email protected]> Date: 04/22/2010 01:04 PM Subject: Re: [Flow-tools] NetFlow v9 support in flow-tools? There's an active flow-tools code fork, but it also lacks netflow v9 support: http://code.google.com/p/flow-tools/updates/list Adding v9 to flow-tools is not that easy; the fixed-length file structure currently used doesn't lend itself to the arbitarry field/protocol capabilities of netflow v9. It's a substantial effort. See this post for a workaround (for IPv4 only): http://mailman.splintered.net/pipermail/flow-tools/2009-March/003765.html -Craig On Thu, 22 Apr 2010, Adam Powers wrote: > A colleague of mine mentioned the other day that he heard someone had updated flow-tools to support NetFlow v9. Truth? I can’t find anything about such support. > > -- > > Adam Powers > NetFlow Ninja & CTO > Lancope, Inc. > c. 678.725.1028 > e. [email protected] > _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
