[flow-tools] flow-report&host-profiling
Horatio B. Bogbindero
wyu@ateneo.edu
Wed, 22 Jan 2003 08:16:30 +0800
ˆø—p Ed Spick <es@soas.ac.uk>:
> Hi
> I am running the patched version of flowtools 0.63. I am investigating the
> rich variety of reports that can be generated with flow-report.
> I wonder how to put it to best use in generating network use profiles for
> each of our hosts in preparation for firewalling ?
>
> So far I have produced some nice daily reports from our stored flows
> but I need some way of aggregating and storing the information in the
> reports over a longer periods of time - probably in a mysql db so that
> they can be queried using a myphpadmin type interface.
>
> Are there other gems in the flowtools suite that I'm not exploiting yet,
> if not what are other people doing to present their reports?
>
> Any comments & thoughts gratefully received.
>
basically, there are two schools of though here:
first one is the "all the flow data in the database" school of though. you
can use flow-export (with MySQL exporting capabilities) to move all the raw
flow files into the database. just be prepared to store huge amounts of data.
second is the "aggregate data in the database" school of though. here you
can use flow-report and pipe the output into a perl script that loads aggregate
data into the database.
there are other tools like Dave Plonka's Cflow and FlowScan too.
good luck!
-----------------------------------------------
William Emmanuel S. Yu
Ateneo Campus Network Group (AteneoCNG)
email : wyu at ateneo dot edu
web : http://CNG.ateneo.net/cng/wyu/
phone : +63(2)4266001-4186
GPG : http://CNG.ateneo.net/cng/wyu/wyy.pgp