[flow-tools] flow-capture reports PDUs out-of-sequence w/Juni per
Dave Plonka
plonka@doit.wisc.edu
Wed, 12 Sep 2001 09:50:15 -0500
On Wed, Sep 12, 2001 at 09:09:56AM +1000, Solomon Sokolovsky wrote:
> We are looking to use Juniper and would like to use Flow-tools instead
> of cflowd!
You can use flow-tools flow-capture (rather than cflowdmux & cflowd)
when using the "cflowd" feature on a Juniper. I've used both
collectors successfully with both Ciscos and Junipers.
> Any advise and how are you string the data? SQL??? etc...
We store version 5 cflowd/NetFlow records in timestamped "raw" flow
files, such as those produced when you invoke flow-capture thusly:
$ flow-capture -V5 -N0 -n287 -w/var/local/flows /10.42.69.10/2055
Then we post-process those flow files with FlowScan, which stores all
the pkt, byte, and flow counters in hundreds of RRD files (like Cricket
or MRTG) by protocol, service, subnet, etc.
There's some postings to my flowscan mailing list about using FlowScan
with a Juniper here:
http://net.doit.wisc.edu/~plonka/list/flowscan/archive/0931.html
http://net.doit.wisc.edu/~plonka/list/flowscan/archive/0792.html
Other articles in the archive talk about how to use flowscan with
flow-tools (rather than cflowd).
Dave
--
plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI