[netsa-tools-discuss] Flows per second in SiLK
Mark Thomas
mthomas at cert.org
Mon Aug 10 13:26:37 EDT 2015
There are two answers to the question regarding the number of flow
records being received by SiLK.
1. If you are talking about how many flow records are being received
and processed by the rwflowpack or flowcap tools, the answer is
currently No, there is nothing that directly reports the number of
flow records received per second.
Every so often (described below), the rwflowpack and flowcap tools
report to the log file the number of flow records processed, for
example
Mar 16 16:21:48 host flowcap[99294]: 'S9': forward 14, reverse 0, ignored 0, nf9: missing-pkts 0
If you divide the number that appears after "forward" with the time
period, you can get an average flow rate for the time period.
The time period is determined by the --timeout switch in flowcap and
the --flush-timeout switch in rwflowpack. The daemons do a lot of
work when the timeout occurs, so I would suggest you not make
timeout smaller than 15 seconds.
2. Since the flow record is sent when the flow ends, you could get
an estimate of the number of flow records received per second by
using the rwcount tool. Set the --bin-size to 1 and choose the
end-spike --load-scheme.
$ rwcount --bin-size=1 --load-scheme=end --start-time=2009/02/13
Date| Records| Bytes| Packets|
2009/02/12T00:00:02| 2.00| 259.00| 2.00|
2009/02/12T00:00:03| 1.00| 504.00| 9.00|
2009/02/12T00:00:04| 0.00| 0.00| 0.00|
2009/02/12T00:00:05| 0.00| 0.00| 0.00|
I hope that helps,
-Mark
-----Original Message-----
From: Hosam Hittini <hosam.hittini at ies.etisalat.ae>
Date: Mon, 10 Aug 2015 15:22:10 +0400
To: <netsa-tools-discuss at cert.org>, 'Ron Bandes' <rbandes at cert.org>,
<netsa-help at cert.org>
Cc: 'Majid Qureshi' <mmajid at ies.etisalat.ae>
Subject: [netsa-tools-discuss] Flows per second in SiLK
Hi,
I was wondering if there's a way to get the number of flows per
second being received at SiLK
We have version 3.8.0
Thanks in advance
More information about the netsa-tools-discuss
mailing list