[flow-tools] re: has anyone tried this before / know how possible it is?
Greg.Volk@edwardjones.com
Greg.Volk@edwardjones.com
Wed, 29 Jan 2003 08:27:52 -0600
--Boundary_(ID_JWYD1N3b5DI7CiEdWmH4EQ)
Content-type: text/plain; charset=US-ASCII; NAME=BDY.TXT
Content-transfer-encoding: 7BIT
Content-disposition: inline; filename=BDY.TXT;
Creation-Date="Wed, 29 Jan 2003 08:27:51 -0600"
>a program on a linux box is a little less reliable than
>the IOS on a 7200,
Given some of the IOS hoops (deferrments) I've jumped through,
I think this first statement is a little debateable, but
that's another discussion entirely. ;)
>I'd
>like to setup two collectors for the same stream (either
>via multicast or telling the 7200 it has multiple collectors),
>which dump the streams into separate directories; then a
>program that gets the two directories and creates one file
>with no duplicate streams.
>
I dunno about using a multicast address for the destination,
but I do know that in (native) IOS 12.1.3 for the 6500 you
can specify multiple flow export destinations. I think two
is the max. Maybe someone running 12.1.3 or greater on a 7200
can tell us if the dual-destination feature is there or not.
As for combining the two data-streams, flow-merge comes to
mind. Removing duplicates is the tricky part - it would
require comparing every flow to every other flow for a given
time period which could turn into a big nasty (CPU/memory)
task.
>This way either one of the collectors can fail, and the
>second will still collect streams, then the merge process can
>happen at any time.
This would be a good thing.
>Will the sequence number of the UDP packets help me, or is
>this not possible with flow-tools?
I'm thinking probably not, but I haven't spent too much time
working with netflow packets at that level of detail.
--Boundary_(ID_JWYD1N3b5DI7CiEdWmH4EQ)
Content-type: application/ms-tnef; NAME=WINMAIL.DAT
Content-transfer-encoding: base64
Content-disposition: attachment; filename=WINMAIL.DAT
eJ8+IkSHAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5N
aWNyb3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEDkAYADAAAAAEAAAADABcAAQAA
ABwAAQOQBgAMAAAAAQAAAAMANgAAAAAAOgABBIABADwAAAByZTogaGFzIGFueW9uZSB0cmll
ZCB0aGlzIGJlZm9yZSAvIGtub3cgaG93IHBvc3NpYmxlIGl0IGlzPwAPFQEDkAYAEAAAAAEA
AABAADkAALEgPKLHwgGzAwEDkAYAJAAAAAEAAAADAG+kCCAGAAAAAADAAAAAAAAARgAAAAAY
hQAAAAAAAOgCAQOQBgAkAAAAAQAAAAMAcKQIIAYAAAAAAMAAAAAAAABGAAAAABGFAAAAAAAA
4gIBA5AGACQAAAABAAAAAwBxpAggBgAAAAAAwAAAAAAAAEYAAAAAEIUAAAAAAADiAgEDkAYA
JAAAAAEAAAALAHKkCCAGAAAAAADAAAAAAAAARgAAAAAOhQAAAAAAAOkCAQOQBgAkAAAAAQAA
AAMAc6QIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAAAAAA1QIBA5AGACQAAAABAAAACwB0pAgg
BgAAAAAAwAAAAAAAAEYAAAAABoUAAAAAAADjAgEDkAYALAAAAAEAAAAeAHWkCCAGAAAAAADA
AAAAAAAARgAAAABUhQAAAQAAAAQAAAA5LjAA4QMBA5AGACQAAAABAAAAAwB2pAggBgAAAAAA
wAAAAAAAAEYAAAAAUoUAACdqAQC7AwEDkAYALAAAAAEAAAAeAHekCCAGAAAAAADAAAAAAAAA
RgAAAAA2hQAAAQAAAAEAAAAAAAAAKwMBA5AGACwAAAABAAAAHgB4pAggBgAAAAAAwAAAAAAA
AEYAAAAAN4UAAAEAAAABAAAAAAAAAC0DAQOQBgAsAAAAAQAAAB4AeaQIIAYAAAAAAMAAAAAA
AABGAAAAADiFAAABAAAAAQAAAAAAAAAvAwEDkAYADAAAAAEAAAALAAIAAQAAAA8AAQOQBgBM
AAAAAQAAAB4AcAABAAAAPAAAAHJlOiBoYXMgYW55b25lIHRyaWVkIHRoaXMgYmVmb3JlIC8g
a25vdyBob3cgcG9zc2libGUgaXQgaXM/ANsVAQOQBgAUAAAAAQAAAB4APQABAAAAAQAAAAAA
AABeAAEDkAYADAAAAAEAAAADAAYQUgfUoukBAQOQBgAMAAAAAQAAAAMABxB+BAAAnQABA5AG
AAwAAAABAAAAAwAQEAEAAAAlAAEDkAYADAAAAAEAAAADABEQAQAAACYAAQOQBgB4AAAAAQAA
AB4ACBABAAAAZQAAAEFQUk9HUkFNT05BTElOVVhCT1hJU0FMSVRUTEVMRVNTUkVMSUFCTEVU
SEFOVEhFSU9TT05BNzIwMCxHSVZFTlNPTUVPRlRIRUlPU0hPT1BTKERFRkVSUk1FTlRTKUlW
RUpVTVAAAAAAgB0BA5AGACgAAAABAAAAAgFxAAEAAAAWAAAAAcLHojv172uREjNgEde+zQCw
0KYigAAAswsBA5AGAAwAAAABAAAAAwAJWQEAAABnAAEDkAYADAAAAAEAAAADAN4/r28AAD8C
AQOQBgAgAAAAAQAAAAIBCzABAAAAEAAAABORa+9gM9cRvs0AsNCmIoAcCAEDkAYADAAAAAEA
AAADAIAQ/////5AEAQkABAACAAAAAAAAAAEDkAYADAAAAAEAAAALACMAAAAAAC8AAQOQBgAM
AAAAAQAAAAsAKQAAAAAANQABBJAGANwDAAACAAAAEgAAAB4AATABAAAACAAAACdsb3R0bycA
AgH/DwEAAAA9AAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAEAbG90dG8AU01UUABsb3R0b0Bi
ZW5kaWdvdGVsY28uY29tLmF1AAAAAAMAFQwBAAAAAwAAMAAAAAAeAAIwAQAAAAUAAABTTVRQ
AAAAAB4AGgwBAAAACwAAAEdyZWcgVm9sawAAAAIBGQwBAAAAOwAAAAAAAACNVUzQ7DwRzoH/
CAAJsQN6AQAAAAsAAAAAAAAAMR1Wb2xrHjIdR3JlZx41HUlTHjYdTUFJTDEAAB4A9l8BAAAA
IgAAAGxvdHRvIFtsb3R0b0BiZW5kaWdvdGVsY28uY29tLmF1XQAAAAIB918BAAAAPQAAAAAA
AACBKx+kvqMQGZ1uAN0BD1QCAAABAGxvdHRvAFNNVFAAbG90dG9AYmVuZGlnb3RlbGNvLmNv
bS5hdQAAAAADAP9fAAAAAAMA/V8BAAAAHgADMAEAAAAaAAAAbG90dG9AYmVuZGlnb3RlbGNv
LmNvbS5hdQAAAAIBCzABAAAAHwAAAFNNVFA6TE9UVE9AQkVORElHT1RFTENPLkNPTS5BVQAA
CwAPDgAABIADAP4PBgAAAAMAADkAAAAACwBAOgAAAAADAHE6AAAAABIAAAAeAAEwAQAAAA0A
AAAnZmxvdy10b29scycAAAAAAgH/DwEAAABCAAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAEA
Zmxvdy10b29scwBTTVRQAGZsb3ctdG9vbHNAc3BsaW50ZXJlZC5uZXQAAAADABUMAgAAAAMA
ADABAAAAHgACMAEAAAAFAAAAU01UUAAAAAAeABoMAQAAAAsAAABHcmVnIFZvbGsAAAACARkM
AQAAADsAAAAAAAAAjVVM0Ow8Ec6B/wgACbEDegEAAAALAAAAAAAAADEdVm9sax4yHUdyZWce
NR1JUx42HU1BSUwxAAAeAPZfAQAAAAsAAABmbG93LXRvb2xzAAACAfdfAQAAAEIAAAAAAAAA
gSsfpL6jEBmdbgDdAQ9UAgAAAQBmbG93LXRvb2xzAFNNVFAAZmxvdy10b29sc0BzcGxpbnRl
cmVkLm5ldAAAAAMA/18AAAAAAwD9XwEAAAAeAAMwAQAAABoAAABmbG93LXRvb2xzQHNwbGlu
dGVyZWQubmV0AAAAAgELMAEAAAAfAAAAU01UUDpGTE9XLVRPT0xTQFNQTElOVEVSRUQuTkVU
AAALAA8OAAAEgAMA/g8GAAAAAwAAOQAAAAALAEA6AAAAAAMAcToAAAAAdsk=
--Boundary_(ID_JWYD1N3b5DI7CiEdWmH4EQ)--