[netsa-tools-discuss] Rwflowpack config questions
Chacko P
chacko.p at incism.com
Sun Dec 6 07:57:52 EST 2015
Hello,
I have a couple of questions regarding a single machine install of rwflowpack and yaf.
My questions are as follows:
1. Our application that uses SiLK has some measure of real time flow visualization. Toward this end the config file has the entry FLUSH_TIMEOUT=30 with the intent to get recent flow records. This setting does not have an apparent effect as traffic that that flowed 5 minutes prior does not register with the rwfilter command with a relevant time filter. It does, though, if the rwflowpack process is cycled, which I expect cause a flush to disk. Is there some other setting that needs to be configured as well to achieve this? Is there an alternate way to get flow details up to, say, the most recent minute?
2. The log directory is being filled with rwflowpack....gz files. So I introduced the following line in the conf file. LOG_POST_ROTATE='sudo rm %'. It's a guess at best since I was not able to locate a working example. Will this work? Or does the statement '(Old log files are not removed by rwflowpack; the administrator should use another tool to remove them.)' supersede even this and should look for another tool.
Any help would be greatly appreciated. If there is a document that has the answers to these questions, then please point me to it.
Thanks,
Chacko P., CISSP
Principal Consultant, Information Security.
Incism
email<mailto:chacko.p at incism.com>| web<http://www.incism.com/> | profile<https://in.linkedin.com/in/chackopallathucheril> | social
Incisive views. Truly.
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the netsa-tools-discuss
mailing list