This patch adds 3 features:
(i) It adds netflow collection functionality to fprobe. Data is now collected in data files in a format that can be imported by silk tools. This can happen at the same time as the data is sent to other remote collectors (-f)
(ii) It allows data files to be rotated based on an epoch length and the lifetime of data, specified in a number of epochs (-E and -T).
(iii) It stores 16 bits of the Netfilter mark in an unused field in the netflow header. This can allow flows to be assocaited with pids, xids etc.
Log in to post a comment.