[flow-tools] Start time and end time of the processed raw data
Mark Fullmer
maf@eng.oar.net
Sat, 20 Apr 2002 22:10:34 -0400
Passing the -p flag to flow-stat will print additional header information, ie
# mode: normal
# capture hostname: XXXX
# exporter IP address: X.X.X.X
# capture start: Sat Apr 20 12:45:00 2002
# capture end: Sat Apr 20 12:50:00 2002
# capture period: 300 seconds
# compress: on
# byte order: little
# stream version: 3
# export version: 5
# lost flows: 0
# corrupt packets: 0
# sequencer resets: 0
# capture flows: 123244
Unfortunately if the flows have been processed the headers from flow-capture are
usually gone, in which case you would need to compute them on the fly.
See ftio_header_print() in ftio.c and flow-print.c for more details.
mark
On Fri, Apr 19, 2002 at 01:47:52PM -0700, Annie Tong wrote:
> Hi Mark,
>
> I'm trying to add the duration of the processed raw data in the header
> of the report that is generated by flow-stat in the following format,
>
> "Processed <number of flows> flows between <Day> <Month> <Date> <Year>
> <Time> and <Day> <Month> <Date> <Year> <Time>"
>
> e.g.
> "Processed 20000 flows between Fri Apr 12 2002 00:00:00 and Fri Apr 12
> 2002 09:59:59"
>
> I'm looking at your code flow-stat.c and found 2 variables,
> fs0.time_start and fs0.time_end, which stores the start_time and the
> end_time of the processed raw data, and they're in unsigned integer.
> Can I use the function localtime() to convert them in the format I
> want? Also where did you get the start_time and end_time of the
> processed data? Are they stored in the packet as $startime and $endtime
> (found the reference from Cflow.pm)?
>
> Thank you!
>
> Regards,
>
> Annie Tong
> MAE Engineering
> MCI WorldCom
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools