Suraj Nellikar (snellika)
2009-Jun-15 22:29 UTC
[netflow-tools] Storing Interface Information in the flow
Hi, I am using flowd as a netflow collector and when it captures the packets, I can see the in_if and out_if fields (interface indexes), but these are not seen in the logfile. How can I configure flowd such that I can store these fields along with the flow information(src_ip,dst_ip....). Thanks, Suraj.N -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.mindrot.org/pipermail/netflow-tools/attachments/20090615/973dbbe5/attachment.html>
Yes, there is. The sample flowd.conf file distributed with the program, as a model for you to customize, lists several field titles which you can choose to uncomment and thereby store -- or you can take the brute approach and "store ALL", which might generate larger log files than you''d prefer. But although it may not be obvious from the Web site of the program, there is a man page installed with it when you install, so "man flowd.conf" will show you all the possible "store" statements. In particular, I believe the one you want is... store IF_INDICES Cheers! -- Jeff Saxe, Network Engineer Blue Ridge InternetWorks, Charlottesville, VA 434-817-0707 ext. 2024 / JSaxe at briworks.com On Jun 15, 2009, at 6:29 PM, Suraj Nellikar (snellika) wrote:> Hi, > I am using flowd as a netflow collector and when it captures the > packets, I can see the in_if and out_if fields (interface indexes), > but these are not seen in the logfile. How can I configure flowd > such that I can store these fields along with the flow > information(src_ip,dst_ip?.). > > Thanks, > Suraj.N > _______________________________________________ > netflow-tools mailing list > netflow-tools at mindrot.org > https://lists.mindrot.org/mailman/listinfo/netflow-tools-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.mindrot.org/pipermail/netflow-tools/attachments/20090615/45fed2c4/attachment.html>
Suraj Nellikar (snellika)
2009-Jun-16 01:28 UTC
[netflow-tools] Storing Interface Information in the flow
Thanks Jeff. I was doing that but it was not showing up when I used to read the logfile using flowd-reader. Then I saw the man page for flowd-reader and came to know that I have to use the ''-v'' option to show all the fields. By default, flowd-reader prints only a subset of the flow. Thanks for the information on man page. Suraj.N From: Jeff Saxe [mailto:JSaxe at briworks.com] Sent: Monday, June 15, 2009 5:55 PM To: Suraj Nellikar (snellika) Cc: netflow-tools at mindrot.org Subject: Re: [netflow-tools] Storing Interface Information in the flow Yes, there is. The sample flowd.conf file distributed with the program, as a model for you to customize, lists several field titles which you can choose to uncomment and thereby store -- or you can take the brute approach and "store ALL", which might generate larger log files than you''d prefer. But although it may not be obvious from the Web site of the program, there is a man page installed with it when you install, so "man flowd.conf" will show you all the possible "store" statements. In particular, I believe the one you want is... store IF_INDICES Cheers! -- Jeff Saxe, Network Engineer Blue Ridge InternetWorks, Charlottesville, VA 434-817-0707 ext. 2024 / JSaxe at briworks.com On Jun 15, 2009, at 6:29 PM, Suraj Nellikar (snellika) wrote: Hi, I am using flowd as a netflow collector and when it captures the packets, I can see the in_if and out_if fields (interface indexes), but these are not seen in the logfile. How can I configure flowd such that I can store these fields along with the flow information(src_ip,dst_ip....). Thanks, Suraj.N _______________________________________________ netflow-tools mailing list netflow-tools at mindrot.org https://lists.mindrot.org/mailman/listinfo/netflow-tools -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.mindrot.org/pipermail/netflow-tools/attachments/20090615/1dff5c73/attachment-0001.html>