fix paths in log2rrd,flow-rptfmt,flow-rpt2rrd script to generate flow-xlate cryptopan key flow-send is not working on big endian machines set source port on flow-send/fanout strip off blank lines on strftime flow-report should have a cur_report variable name. flow-report should have a max memory allowed per report option. -S state_inteval with flow-capture may not be working correctly if set to 1hr. flow-tag example uses old version of flow-xlate report definitions need terms so filter/mask/tags can be applied to groups of reports. flow-fanout is not working on a Mac -o option to flow-cat may have issues with large files update man pages so that tag/filter/mask must be explicitely set -- JohnWong@crimsonlogic.com document somewhere what raw flow fields are flow-gen random support top 10 flows in flow-report. mmap() problems on AIX xlate todo add to flow-report? flow-report man page? add to flow-fanout? flow-fanout man page? ftstat does not ior the filter xfields. The "XXX references a field not in the flow" error message should display the offending field. flow-print format 24 is still missing in the flow-print manpage.. Christian.Bauer@NEFkom.de FT_RECGET -> FTIO_RECGET - use ftio offsets. fts3rec_compute_offsets() could be done automatically on ftio_open(4READ) -- update everything to use ftio->fo. flow-split, flow-report timing problem when a period passes with no clock. source spoofing in flow-fanout is not going to work properly with multiple sources - need per source sequence numbers on output side. source spoofing - in flow-send use the exporter IP from the flow record. SCTP support NetFlow v9 support flow-rptfmt Sparc/Linux portability http://www.debian.org/ports/sparc/ has a little more as does http://www.ultralinux.org/ http://www.auroralinux.org/ Matt.Foster@Unilever.com > stat-report report1 > input > time yesterday > path /data/%Y/%Y-%m/%Y-%m-%d/ (dynamic path) flow-capture - use ftfil ACL for accepting flows. flow-split should fail more gracefully when splitting on time with old flow files without clocking information. flow-cat -> ftlib so flow-xxx /flows/data/2002 will work without using flow-cat flow-probe flow-capture / flow-expire not removing empty directories. flow-report per src/dst tag src/dst host count reference ip2hostname utility on web page flow-report, flow-nfilter, flow-tag - config file from command line string. flow-print strftime style processing. flow-cat mmap causes crash problem on Solaris cisco magic filters total_flows should always be a u_int64, not u_int32 DEC portability - check for snprintf Robin's libcap/flow-import patch flow-capture/flow-receive finish the locip/remip/port code to accept multiple exporters the as substitution can be smarter, ie don't do substitution for multicast traffic or output ifIndex 0, or possibly if the mask bits are 0. mmap should be turned off for large files since it won't work. directio md5 checksums ftio_write could use write() instead of writen() to better utilize d_buf when write() returns 0 -- ie on a TCP connection. flow-xlate - split overflow scaled flows flow-bidir flow-import/export - argus files flow-import/export - OCxmon files flow-import/export - netramet files flow-import/export - cabletron files bgp integration - community (xxx:yyy) -> tag yyy packet sampling rate need to be stored in the flow file. flow-stat would need to use this to estimate total # of flows --with-cflow - automagically build Dave's Cflow module flow-cat -R ifalias Reset ifalias -R ifmap Reset ifmap -L ifalias Load ifalias -L ifmap Load ifmap -S where to look for symbol names -I only load for IP's flow-capture -M where to look for symbol names symbol file: ifmap exporter=1.2.3.4 ifIndex=99 name=FastEthernet0/0 encap=60 sample_rate=100 ifalias exporter=1.2.3.4 name=outside ifIndex_list=5,1,2,3,4,5 flow-top flow-capture ager is running on all errors incorporate flow-sort AC_ARG_WITH(socks, [ --with-libwrap use the libwrap library], [AC_DEFINE(HAVE_LIBWRAP)]) instrument read/write for compression stats by using total_in and total_out flow-5to8 - convert v5 to v8 flows flow-active maintains active src or destination IP address first/last seen on disk first_time last_time flows octets packets regression tests flow-dns -l level (heirachy level, 0 is infinity) - level 1 would only be top level domains (.com, .edu, .net) - level 2 would be second level (ohio-state.edu, psu.edu, cic.net) - level 0 would be any level, ie FQDN's (shattered.net.ohio-state.edu) flow-reduce various data reducations glue together TCP connections keep state when there's a ftp control connection, then use that to give hints about ftp data connections