Hi,
Here is pretty much the final diff for the new format of flow log.
It will be in CVS shortly. If you want to try this new code out,
the easiest way is to download of the new CVS snapshots from:
http://www2.mindrot.org/flowd_snap/
In additon the the logfile format changes from the previous diffs, this
diff rewrites the python module. The new Python module is all C and is
nearly twice as fast:
before:
[djm at baragon flowd]$ time ./reader.py flowd.log
3m53.66s real 3m43.60s user 0m0.31s system
after:
[djm at baragon flowd]$ time ./reader.py flowd.log.new
2m8.55s real 2m4.01s user 0m0.35s system
It also supports a couple of other niceities, like an iterator over
flow logs.
Enjoy!
-d
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: flowd-v3_02.diff
Url:
http://lists.mindrot.org/pipermail/netflow-tools/attachments/20050821/58ecdb35/attachment.ksh
oh, one more thing: please rotate your existing flowd logfile out of the way before running an snapshot or this patch. There are no checks (yet) against appending new-format records to an old-format logfile so you will end up with a messed up log. If you make this mistake, it is possible to recover using the Unix hexdump(1) and split(1) utilities (and some patience), but it is best not to make the mistake in the first place :) -d
Damien Miller wrote:> oh, one more thing: please rotate your existing flowd logfile out of the > way before running an snapshot or this patch. > > There are no checks (yet) against appending new-format records to an > old-format logfile so you will end up with a messed up log. If you make > this mistake, it is possible to recover using the Unix hexdump(1) and > split(1) utilities (and some patience), but it is best not to make the > mistake in the first place :)BTW these checks were implemented two days ago. -d