<HTML
><HEAD
><TITLE
>flow-report</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="AEN1"
><SPAN
CLASS="APPLICATION"
>flow-report</SPAN
></A
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN6"
></A
><H2
>Name</H2
><SPAN
CLASS="APPLICATION"
>flow-report</SPAN
> -- Generate reports from flow data.</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN10"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>flow-report</B
> [-h] [-d<TT
CLASS="REPLACEABLE"
><I
> debug_level</I
></TT
>] [-s<TT
CLASS="REPLACEABLE"
><I
> stat_fname</I
></TT
>] [-S<TT
CLASS="REPLACEABLE"
><I
> stat_definition</I
></TT
>] [-v<TT
CLASS="REPLACEABLE"
><I
> variable binding</I
></TT
>]</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN22"
></A
><H2
>DESCRIPTION</H2
><P
>The <B
CLASS="COMMAND"
>flow-report</B
> utility will generate reports
from flow data. The reports are easy to parse ASCII text that
can be used by a front end to produce readable reports, graphs,
and charts.</P
><P
>Reports are definied by the 'stat-report' keyword followed by a report
name. Each report has a type defined below and other commands. Reports
are grouped into a definition with the 'stat-definition' keyword
followed by a definition name. Each definition can invoke a filter
and optionally apply tags.</P
><P
></P
><P
><PRE
CLASS="SCREEN"
>stat-report command Description/Example
------------------------------------------------------------------------
type Define the report type.
type destination-tag
filter Apply this filter definition.
filter permit-only-tcp
scale Scale report by n.
scale 100
tag-mask Apply source and destination mask to tag.
tag-mask 0xFF00 0xFF00
ip-source-address-format Format of source IP address.
address - address, ie 128.146.1.7
prefix-len - address/len ie 128.146.1.7/24
prefix-mask- prefix/len 128.146.1/24
ip-destination-address-format
Format of destination IP address.
address - address, ie 128.146.1.7
prefix-len - address/len ie 128.146.1.7/24
prefix-mask- prefix/len 128.146.1/24
output Start an output configuration. Multiple
output configurations can be configured
per report. </PRE
></P
><P
><PRE
CLASS="SCREEN"
>output option Description/Example
-------------------------------------------------------------------------
path Pathname of output. If the path begins
with a | the output is a pipe. The
pathname is formatted through strftime().
Directories not in the path are
automatically created.
path /tmp/%Y/%m/%d/foo.out
time What time to use when formatting the
pathname with strftime.
now - current time
start - first flow
end - last flow
mid - average of first and last.
tally Emit a % total line every n records.
tally 10
format Output format. Currently only ascii.
format ascii
sort Sort on a field. + ascending, - descending.
sort +flows - sort on the flows field
records Truncate report at n records.
records 10
fields Enable/Disable fields with +/-. Fields:
index,first,last,flows,octets,packets,
duration,pps,bps,other,key,key1,key2,
key3,key4,count.
fields +key,+flows,+octets,+packets,
options Enable/Disable options with +/-
+header - include header.
+xheader - include extra header.
+totals - include a totals line.
+percent-total - report in % total form.
+names - use symbolic names.
options +header,+xheader </PRE
></P
><P
><PRE
CLASS="SCREEN"
>stat-definition option Description/Example
-------------------------------------------------------------------------
filter Apply this filter definition.
filter default
tag Apply this tag definition.
tag default
mask Apply this mask definition.
mask default
report Invoke this report. Multiple reports can
be set.
report foo
time-series How often to produce a report dump in seconds.
time-series 60 </PRE
></P
><P
><PRE
CLASS="SCREEN"
>global options Description/Example
-------------------------------------------------------------------------
include-tag Specify path to include tag definitions.
include-tag /flows/tags/test1
include-filter Specify path to include filter definitions.
include-filter /flows/filters/test1
include-mask Specify path to include mask definitions.
include-filter /flows/masks/test1
</PRE
></P
><P
><PRE
CLASS="SCREEN"
>Report type Summarization Key Elements.
------------------------------------------------------------------------
summary-detail Totals plus quick breakdown.
summary-counters Totals only.
packet-size Average packet size distribution.
octets Octets per flow distribution.
packets Packets per flow distribution.
ip-source-port IP Source Port.
ip-destination-port IP Destination Port.
ip-source/destination-port IP Source/Destination Port pair.
bps Bits/Second distribution.
pps Packets/Second distribution.
ip-destination-address-type
IP class with ASM/SSM Multicast breakout.
ip-protocol IP Protocol.
ip-tos IP Type of Service.
ip-next-hop-address IP Next Hop Address.
ip-source-address IP Source Address.
ip-destination-address IP Destination Address.
ip-source/destination-address
IP Source/Destination Address pair.
ip-exporter-address IP Exporter Address.
input-interface Input Interface.
output-interface Output Interface.
input/output-interface Input/Output Interface pair.
source-as Source AS.
destination-as Destination AS.
source/destination-as Source/Destination AS.
ip-source-address/source-as IP Source Addrss and Source AS.
ip-destination-address/source-as
IP Destination Address and Source AS.
ip-source-address/destination-as
IP Source Address and Destination AS.
ip-destination-address/destination-as
IP Destination Address and Destination AS.
ip-source/destination-address/source-as
IP Source/Destination Address and Source AS.
ip-source/destination-address/destination-as
IP Source/Destination Address and
Destination AS.
ip-source/destination-address/source/destination-as
IP Source/Destination Address and
Source/Destination AS.
ip-source-address/input-interface
IP Source Address and Input Interface.
ip-destination-address/input-interface
IP Destination Address and Input Interface.
ip-source-address/output-interface
IP Source Address and Output Interface.
ip-destination-address/output-interface
IP Destination Address and Output Interface.
ip-source/destination-address/input-interface
IP Source/Destination Address and
Input Interface.
ip-source/destination-address/output-interface
IP Source/Destination Address and
Output Interface.
ip-source/destination-address/input/output-interface
IP Source/Destination Address and
Input/Output Interface.
input-interface/source-as Input Interface and Source AS.
input-interface/destination-as
Input Interface and Destination AS.
output-interface/source-as
Output Interface and Source AS.
output-interface/destination-as
Output Interface and Destination AS.
input-interface/source/destination-as
Input Interface and Source/Destination AS.
output-interface/source/destination-as
Output Interface and Source/Destination AS.
input/output-interface/source/destination-as
Input/Output Interface and
Source/Destination AS.
engine-id Engine ID.
engine-type Engine Type.
source-tag Source Tag.
destination-tag Destination Tag.
source/destination-tag Source/Destination Tag.
ip-source-address/ip-source-port
IP Source Address and IP Source Port.
ip-source-address/ip-destination-port
IP Source Address and IP Destination Port.
ip-destination-address/ip-source-port
IP Destination Address and IP Source Port.
ip-destination-address/ip-destination-port
IP Destination Address and
IP Destination Port.
ip-source-address/ip-source/destination-port
IP Source Address and
IP Source/Destination Port.
ip-destination-address/ip-source/destination-port
IP Destination Address and
IP Source/Destination Port.
ip-source/destination-address/ip-source-port
IP Source/Destination Address and
IP Source Port.
ip-source/destination-address/ip-destination-port
IP Source/Destination Address and
IP Destination Port.
ip-source/destination-address/ip-source/destination-port
IP Source/Destination Address and
IP Source/Destination Port.
ip-source-address/input/output-interface
IP Source Address and
Input/Output Interface.
ip-destination-address/input/output-interface
IP Destination Address and
Input/Output Interface.
ip-source-address/source/destination-as
IP Source Address and
Source/Destination AS.
ip-destination-address/source/destination-as
IP Destination Address and
Source/Destination AS.
ip-address IP Address (both source and destination).
ip-port IP Port (both source and destination).
ip-source-address-destination-count
Count of destination IP addresses associated
with a source IP address.
ip-destination-address-source-count
Count of source IP addresses associated
with a destination IP address.
linear-interpolated-flows-octets-packets
Linear interpolated distribution of flows,
octets and packets. The distribution is done
across the start and end time of the flow.
first First packet of flow distribution.
last Last packet of flow distribution.
duration Duration of flow distribution.
ip-source-address/source-tag
IP Source Address and
Source tag.
ip-source-address/destination-tag
IP Source Address and
Destination tag.
ip-destination-address/source-tag
IP Destination Address and
Source tag.
ip-destination-address/destination-tag
IP Destination Address and
Destination tag.
ip-source/destination-address/source/destination-tag
IP Source/Destination Address and
Source/Destination tag.
ip-source/destination-address/ip-protocol/ip-tos
IP Source/Destination Address, IP Protocol,
and ToS. </PRE
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN38"
></A
><H2
>OPTIONS</H2
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>-d<TT
CLASS="REPLACEABLE"
><I
> debug_level</I
></TT
></DT
><DD
><P
>Enable debugging.</P
></DD
><DT
>-s<TT
CLASS="REPLACEABLE"
><I
> stat_fname</I
></TT
></DT
><DD
><P
>Report configuration filename. Defaults to <TT
CLASS="FILENAME"
>/var/lib/cfg/stat</TT
>.</P
></DD
><DT
>-S<TT
CLASS="REPLACEABLE"
><I
> stat_definition</I
></TT
></DT
><DD
><P
>Select the active definition.</P
></DD
><DT
>-v<TT
CLASS="REPLACEABLE"
><I
> variable binding</I
></TT
></DT
><DD
><P
>Set a variable FOO=bar.</P
></DD
><DT
>-h</DT
><DD
><P
>Display help.</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN66"
></A
><H2
>EXAMPLES</H2
><DIV
CLASS="INFORMALEXAMPLE"
><A
NAME="AEN68"
></A
><P
></P
><P
>An example of report configuration file
<PRE
CLASS="SCREEN"
># stat config file
include-filter /tmp/filter
stat-report t1
type summary-detail
filter default
scale 100
output
format ascii
options +header,+xheader,+totals
fields +other
path /tmp/output1
stat-report t6
type ip-source-port
output
format ascii
options +header,+xheader,+totals,+names,+percent-total
sort +pps
tally 5
path /tmp/output6
stat-definition test
filter tcp
report t1
report t6</PRE
>
<PRE
CLASS="SCREEN"
># filter config file
filter-primitive TCP
type ip-protocol
permit TCP
filter-definition tcp
match ip-protocol TCP</PRE
>
<B
CLASS="COMMAND"
>flow-cat <TT
CLASS="FILENAME"
>flows</TT
> | flow-report -stest -Stest</B
> </P
><P
></P
></DIV
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN74"
></A
><H2
>IMPLEMENTATION NOTES</H2
><P
>Packet size calculations are dOctets / dPkts, ie an average packet size. It
is not possible to get a true packet size from flow exports.
pps and bps calculations are an average of the averages.
Flows that do not have a duration (start == end) are not counted in the
pps and bps calculations.
Flows without a packet or octet count are ignored. </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN77"
></A
><H2
>BUGS</H2
><P
>None known.</P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN80"
></A
><H2
>AUTHOR</H2
><P
>Mark Fullmer
<TT
CLASS="EMAIL"
><<A
HREF="mailto:maf@splintered.net"
>maf@splintered.net</A
>></TT
></P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN87"
></A
><H2
>SEE ALSO</H2
><P
><SPAN
CLASS="APPLICATION"
>flow-tools</SPAN
>(1)</P
></DIV
></BODY
></HTML
>
distrib
>
Mandriva
>
9.1
>
ppc
>
media
>
contrib
>
by-pkgid
>
8aa3de7ebd8d4b3c251a18215fcb5772
>
files
>
23
