Joe Loiacono

Very nice. Thanks, Nick. I'll add it to SourceForge and http://flowviewer.net

It looks like you've set it up well. I remember a little bit of strangeness with the location of the sensor.config files with multiple exporters and I think I did it like you have it. I think the SiLK and my documentation could be better there. How are the results? Can you access by device like you want to? I have run rwflowpack with the --packinterfaces option. According to SiLK: "When this switch is present, rwflowpack writes additional information into the packed files: the router's SNMP input...

Hi Nick, Yes, you can treat SiLK devices just like flow-tools ones from the input screen perspective. Just make sure your SiLK directory structure looks like that in the attached image. Then make sure your FlowViewer_Configuration.pm file has entries like these below, they will put the SiLK devices in the Netflow Source pulldown. There's more explanation in the User Guide starting at page 15. I also wanted to mention that SiLK can handle 'sflow' data in case you come across it (some devices only...

Here's the directory structure:

Hi Nick, Yes, you can treat SiLK devices just like flow-tools ones from the input screen perspective. Just make sure your SiLK directory structure looks like that in the attached image. Then make sure your FlowViewer_Configuration.pm file has entries like these below. There's more explanation in the User Guide starting at page 15. @devices = ("ft_rtr1","ft_rtr2"); # or @devices=(); if not using flowtools @ipfix_devices = ("silk_rtr1","silk_rtr2a","silk_rtr3","silk_rtr4","Site"); The configuration...

Will do. The instructions are great. Have you considered using SiLK as your flow collector? It is great code, very powerful, robust, still supported (Carnegie Mellon University) and free! It permits the collection of IPFIX data (where flow-tools is limited to netflow version 5.) Also, it will permit the viewing and analysis of IPv6 (As I recall, flow-tools doesn't do this.)

Great, Nick! By the way, nice install work. I know it gets harder with time as some of the dependencies get a little old. I'll add your install process to the SourceForge web site.

Yes, a little puzzling! I'm starting to focus on time handling. See attached pic of the process. If I have the correct files, the times in the Filter are not matching the flow-cat times**. See if you can: Verify that flow-tools is OK by working only from the command line with flow-tools only and modifying your Filter file by hand A couple more FlowViewer runs, saving off the filter file, so that we can see if the Filter times are indeed being mis-calculated for some reason. Just for reference, it...