Hi, all! Have got a problem, and doesnt know where else to look for resolving...
flow-tools version 0.68. FreeBSD 7.3-RELEASE flow-capture works with args -V 6 -S 5 -z 9 -n 47 -w /some/dir Suddenly our cisco router has a problem with ip accounting cpu utilization. We decided to turn it off, using netflow for accounting instead. Understand, that it is not such reliable as ip accounting, but we can handle this - most of our customers using pppoe service on other routers (whose just fine with ip accounting). flow-print -f 6 give us the wanted output, but without any aggregation. So if we have 1.5 million lines text file with -f 5, the same line count for -f 6. It seems like -f 16 (Source Destination aggregation (Catalyst)) is exactly what we need, but it doesnt work with an error: Flow record missing required field for format. Hm. It's strange, because what else could it needs to aggregate? Src ip, dest ip, packets, bytes. That's all. Which exactly field missed in flow file? Tried to run flow-capture -V 7 (have the same error), and -V 8.8 (got Unexpected PDU: src_ip=212.0.65.1 no v8 translation). Do we have to tune cisco router netflow settings? I think forward to write a simple perl script to do this job, but my principal ask me to search some existent implementation. Maybe i should use some other method (program?) to get ip accounting from flow files? ---- -- Anthony G. Nickolayev telematic services engineer JSC "AC Mobiltelecom" +7-(3012)-29-70-21 [email protected] _______________________________________________ Flow-tools mailing list [email protected] http://mailman.splintered.net/mailman/listinfo/flow-tools
