Home page logo
/

nanog logo nanog mailing list archives

New cflowd bits
From: Daniel McRobb <dwm () ans net>
Date: Thu, 23 Jan 1997 07:01:48 -0500


Hi folks.

I just posted a new version of cflowd at:

  http://engr.ans.net/cflowd/index.html

The new version (1.2-alpha) has a rewritten raw flow module using
memory-mapped I/O.  For those of you that have used it, you can now turn
on raw flow logging and not thrash your machine with flow->disk I/O.
The new version also has a bug fix for remote client connections; this
is an old fix I never got around to posting.

The code is still based on some old beta Cisco bits which include AS
numbers in flow-export.  I don't know the status of getting that code
into ELC, but I'll try to find out (Paul?  Dave?  Anyone?).

In about 5 minutes, I'll be deploying this new code on a few ANS
machines and leaving raw flow logging turned on.  Who knows, maybe I'll
have a silly SYN flood story for San Francisco.

I do have about 3 month's worth of AS matrix data (5-minute polling
intervals) on-line and have a lot of charts.  I'll put up some of my
slides at the site above soon.

Daniel
~~~~~~

P.S. - I've only tested the latest on AIX 3.2.5... in fact I've only
*compiled* it on AIX 3.2.5.  Hopefully it'll still compile/run fine on
the platforms targetted in the original version.  You can send bugs to
me just like before; I make no guarantees I'll reply or have time to fix
anything, but I do promise to at least tuck away the mail until I have a
chance to look at it or I need the disk space back.  ;-)
- - - - - - - - - - - - - - - - -


  By Date           By Thread  

Current thread:
  • New cflowd bits Daniel McRobb (Jan 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault